Most Recent Additions to The Ethical Hacker Network, the best, single source of educational content for forensics, pen testing and incident response. Hacker Challenges with prizes, free monthly giveaways, tutorials, articles, forums, certification info and more. http://www.ethicalhacker.net 2012-02-09T07:14:56+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/images/M_images/ehnet_banner1.jpg text/html 2012-02-01T02:45:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/406/8/ Win CISSP Prep Course Worth $2895!! OK... the new year is upon us, and so are the resolutions and goals we've set out for ourselves. Hopefully most of you not only have the technical side of your brain in your plans, but also the management skills that are more and more expected of us geeks as we advance in our careers. Enter terms conditions (http://www.globalknowledge.com/training/generic.asp?pageid=2816 country=United+States)). This course includes all the tools you need to prepare for the updated (ISC)2 Certified Information Systems Security Professional exam. Prepare with confidence with this course and these exciting tools: • Custom study... text/html 2012-01-25T17:02:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/407/24/ Chris Hadnagy Over the last year social engineering has gotten a lot of press. From the attacks on companies like Sony, HB Gary, PBS, Citibank et al to contests like the Social Engineering CTF at Defcon, it seems that social engineering has taken the front page. And rightfully so, as it is still the easiest and often most effective vector of attack. With that in mind, many people are interested in learning what it will take to either add social engineering skills to their tool chest (either personally or as part of their red team) or even become... text/html 2012-01-13T14:15:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/405/8/ We Have a Winner!! SANS Event Simulcast (http://www.sans.org/info/92539). Simply log in to a virtual classroom to see, hear, and participate in the class as it is being presented LIVE at the event. The Event Simulcast option is available for many classes offered at our largest training events. And EH-Net member Agoonie just won his choice of the following courses at SANS 2012 starting March 25 (component/option,com_smf/Itemid,54/topic,8201.0/): - SEC401: Registration Is FREE! (index.php?option=com_smf Itemid=35 action=register) Discuss in Forums text/html 2011-12-29T16:00:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/404/2/ Eli Sowash, CISSP As an information security professional, the task of communicating InfoSec concepts and concerns to executive management can sometimes be challenging. That security breaches like Sony, RSA, and Lockheed are grabbing mainstream media attention means security ideas and concerns are increasingly making their way to the boardroom. Since executive support can be one of the most valuable tools in the InfoSec professional’s toolbox, using these case studies with your own management can be a great starting point in letting them know that the security team understands the risks to the business. It’s the job of an organization’s executive... text/html 2011-12-28T11:31:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/403/2/ A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security (http://nostarch.com/bughunter.htm) by Tobias Klein focuses on helping different levels of security professionals understand the approaches used to uncover vulnerabilities, testing the vulnerabilities found and finally reporting on those vulnerabilities. It is short and to the point and offers nothing but valuable content with little to no fluff content. The book was written as though Tobias was writing in a journal as he was progressing through his research of a particular application. Each chapter is a separate journal entry focused on a single application into which he... text/html 2011-12-13T11:20:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/401/8/ We Have a Winner!! Black Hat Events was the sponsor last month of EH-Net's Free Monthly Giveaway with a very flexible offering of a free pass for full conference admission to the Black Hat event of your choice between now and the end of 2013. As we mentioned, this one was going to be a little different as winning depended on particpation in the poll and not our normal participation on EH-Net. With that, we used the trusty services of random.org to help pick EH-Net member elwellj as our winner. Congrats! For those unfamiliar, The Black Hat Briefings are a series... text/html 2011-11-27T02:01:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/400/24/ CompTIA has been a stalwart in the IT certification arena for quite a number of years. They have dominated the space with such recognized credentials as A+, Linux+, Security+ and many others. Their certifications have been highly recommended by The Ethical Hacker Network (EH-Net) as well as countless others as an entry-point into a given area of IT. But can CompTIA help advance the careers of those already in the field of their choice within IT? Enter CompTIA’s newest line of industry credentials, the Mastery Series of Certifications. The first offering from this new line is the CompTIA Advanced Security... text/html 2011-11-22T08:50:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/399/24/ Chris Gates, CISSP, CISA, GCIH, GPEN, C|EH In the first article, Oracle Web Hacking Part I (content/view/363/24/), I talked about scanning Oracle Application Servers for default content and how to use that content for information gathering. A pentester can utilize that information to run SQL queries and to gain a foothold into the network. I also talked about iSQLPlus and some fun things you can do with that application, if you are able to guess credentials for it. I also showed some Metasploit modules to help you accomplish all of it. In Part 2 of 3 of this... text/html 2011-11-21T00:27:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/397/8/ We Have Lots of Winners!! Mile2's course offerings (http://mile2.com/mile2-courses.html). And the winners are: - Two online live seats (http://mile2.com/live-online-training.html) ($3000 per seat) and free exams ($250) for cd1zz a player to be named later. - 10 video and examination combos (http://mile2.com/security-videos.html) ($800 per seat) is awarded to 3xban, alucian, billv, eth3real, hayabusa, Joshsevo, Negrita, p0et, rance YuckTheFankees. - And ALL EH-Netters Win 50% Off Anything Everything Mile2 Offers (component/option,com_banners/task,click/bid,131/) As with every month, all you have to do is participate on EH-Net. Write some reviews or tutorials, spread the word of EH-Net to the wider security community,... text/html 2011-10-30T21:05:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/396/2/ Dan Honkanen, GCIH, Security+, ITIL, et al Keyloggers are usually one of the top picks for a hacker or a spy's best friend. They basically serve as the eyes and ears of the attacker. They can be based on software or hardware and send detailed reports including the user's passwords, chat logs, all typed text, launched applications and visited websites. They can even send screenshots to visually show what the user was viewing as well as any webcam and microphone activity. Most laptops today come with a built-in webcam and microphone and don't usually give any signal that they... text/html 2011-10-26T11:30:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/395/2/ Rafal Los, Security Strategist for HP Software, Down the Security Rabbithole (http://podcast.wh1t3rabbit.net/) Podcast It’s no secret that web applications are at the center of the ongoing conflict between malicious hackers and those defending the applications. As more and more critical business functions migrate to an Internet presence, web applications play an extremely vital role in business. Hackers know this well and have been exploiting weaknesses in web applications at an alarmingly high rate. While age-old issues like SQL Injection and authentication weaknesses continue to plague developers, there is another class of security defects that has been flying under... text/html 2011-10-18T10:32:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/394/8/ We Have a Winner!! EH-Net Exclusive video with HD Moore (content/view/385/2/) giving a guided tour of the newest release of Metasploit Pro with a sneak peak at v4. For a little more on the Pro edition: Metasploit Pro (http://www.rapid7.com/products/metasploit-pro.jsp) helps enterprise defenders prevent data breaches by efficiently prioritizing vulnerabilities, verifying controls and mitigation strategies, and conducting real-world, collaborative, broad-scope penetration tests to improve your security risk intelligence. As we mentioned when announcing this great prize, we were going to step out a little and open the competition to more than just those who post a lot in the forums.... text/html 2011-09-30T10:44:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/392/2/ David Caissy, CISSP, GPEN, GSEC, CEH, PMP, B.Sc.A. Digital Mobile Forensics Deep Dive is a 3-day course written and taught by Wayne Burke of Sequrit (http://www.sequrit.org). I decided to take this course to expend my knowledge into a field I barely knew. Being a penetration tester with a background in web application development, I was completely new to the forensic world. Since the official web site stated that this was a “highly advanced and technical course,” I honestly expected to be completely lost. I thought I would learn more from home after the class, trying to slowly digest what the... text/html 2011-09-27T18:09:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/391/2/ Ryan Linn (content/category/7/40/24/), CISSP, MCSE, GPEN It seems like yesterday that I was reviewing Chris Eagle's book, but in reality it's been 3 years. So when I had an opportunity to review The IDA Pro Book: The Unofficial Guide To The Worlds Most Popular Disassembler, 2nd Edition, I looked forward to seeing what had changed. And thus a change in the normal extensive EH-Net book review is in order and brevity is the word of the day. A few things haven’t changed since my last review. I am still not a reverse engineer, although I occasionally use the... text/html 2011-09-27T11:55:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/390/8/ We Have Winners!! CareerAcademy.com (http://www.careeracademy.com/) are utilizing technology to get you the training you need AND access to mentors without ever having to leave your chair. Career Academy's exclusive LearningZone (http://www.careeracademy.com/flash/lzone.swf) live mentor program offers help whenever you need it. Why wait for email support? Chat Live with their Certified Instructors anytime around the clock (24x7). In addition to 6 months of access to LearningZone, 3 EH-Net members, Disneycrack, WCNA, lorddicranius, were chosen to receive one of the following three video-based training courses each valued at $695: - Advanced VMware Security Training with Tim Pierson Duane Anderson (http://www.careeracademy.com/vmware-training-vmware-advanced-security.aspx) Thanks... text/html 2011-08-31T11:28:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/387/24/ As most of you know, I do not have a college degree. I’m not alone… Bill Gates, Mark Zuckerberg, Richard Branson and countless others have had great success without this particular piece of paper. A common question in Certified Security Testing Associate (CSTA) (http://certifications.7safe.com/csta-certified-security-testing-associate) ethical hacking certification course by 7Safe. When looking at their website, every page of every course shows the MSc logo and the credits to be earned towards a Master’s Degree in Computer Security Forensics… that nagging corpse of an idea kept reappearing telling me, “Don… get your degree or people will die!” OK, so... text/html 2011-08-29T23:37:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/386/2/ Thor's Microsoft Security Bible: A Collection of Practical Security Techniques (http://gan.doubleclick.net/gan_click?lid=41000000012871747 pid=9781597495721 adurl=http%3A%2F%2Fsearch.barnesandnoble.com%2FThors-Microsoft-Security-Bible%2FTimothy-Mullen%2Fe%2F9781597495721%3Fsourceid%3DQ000000630 usg=AFHzDLshXiTQqFbjvdVlnYd7ItrYRY7k5g pubid=21000000000366175) (TMSB) by Timothy Thor Mullen (http://www.hammerofgod.com/Default.aspx) and thought, “Hey that sounds like it could be useful.” I work for a Managed Services Provider (MSP) that supports tons of Microsoft servers, so any extra knowledge can always come in handy. Originally, I thought it might be over my head. I held off on buying it, until I found some reviews. Fortunately (or unfortunately depending on how you look at it) TMSB came out and no reviews have been found.... text/html 2011-08-25T15:40:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/385/2/ The entire hour and a half video of the webcast is now available. HD Moore Personally Offers Sneak Preview of the New Metasploit In the video of this EH-Net exclusive webinar, HD Moore gives a technical sneak peek of the next version of Metasploit Pro before it is available for download. The webinar includes a live demo of a Metasploit Pro pre-release version. This webinar will focus on new penetration testing features in the new version, including improvements of existing features and completely new functionality. The webinar will focus on the commercial edition Metasploit Pro, Rapid7 (http://www.rapid7.com)’s flagship... text/html 2011-08-15T11:10:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/381/8/ We Have Winners! Wayne Burke, pen tester, instructor and CSO of Sequrit CSi (http://www.sequrit.org) along with the cooperation of EC-Council CAST, has put together the largest prize yet to be offered to EH-Net's top contributors for our Free Monthly Giveaways. Not only has he offered up a seat in Sequrit's 3-day security course, Digital Mobile Forensics Deep Dive, but also seats in 2 other 3-day courses being offered during the 4-day CAST Summit (http://www.eccouncil.org/castsummit) in Bethesda, MD from August 22 - 24. Digital Mobile Forensics Deep Dive: This three-day highly advanced and technical course provides students with the knowledge and... text/html 2011-07-27T16:40:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/379/2/ Armitage (http://www.fastandeasyhacking.com) is a front-end for Metasploit (http://www.metasploit.com) that allows team collaboration and exposes the advanced features of the framework. Raphael Mudge has made a six-part training series on Armitage and Metasploit for the ethicalhacker.net community. These demonstration-heavy lectures introduce the penetration testing process and walk you through each step. You'll learn how to break into hosts, carry out post-exploitation activities, develop more access from your initial foothold, and you'll do this in a team environment. These lectures were initially created for the Austin, TX ISSA (http://www.austinissa.org/) and OWASP (https://www.owasp.org/index.php/Austin) half-day Metasploit training event in June. Elated after several tex-mex... text/html 2011-07-27T09:37:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/380/2/ Practical Packet Analysis: Using Wireshark to Solve Real World Problems (http://gan.doubleclick.net/gan_click?lid=41000000012871747 pid=9781593272661U adurl=http%3A%2F%2Fsearch.barnesandnoble.com%2FPractical-Packet-Analysis%2FChris-Sanders%2Fp%2F9781593272661 usg=AFHzDLvOE50AGuGMz_XKmSaQejVsX4CE_Q pubid=21000000000366175) is a decent book for readers who are relatively new to networking. It makes a great addition for someone in the one-to-three year range of their career. Whether this career is security-centric, network administration, or simply as a hobbyist, Chris Sanders made great work of keeping things simple yet informative for his readers. While this is a plus for the entry person, it is also its minus for the seasoned pro. The beginning of the book gives an overview of the OSI layer, which... text/html 2011-07-25T15:51:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/378/8/ We Have a Winner! If you've ever done martial arts and experienced learning in a dojo, then you're familiar with a teaching style that has succeeded for centuries. Thomas Wilhelm, author, instructor, speaker, professional penetration tester all-around kewl guy, brings this concept to the security industry: The Hacking Dojo (http://hackingdojo.com/) provides students with a long-term training and support system, with readily-available access to instructors. Students attend regularly-scheduled online meetings with their instructor, who teaches hacking concepts relative to students' skill level. When the students demonstrate proficiency in a set of skills, they are moved onto more difficult challenges... text/html 2011-06-30T14:11:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/374/2/ The Hacker Academy (THA) (http://www.thehackeracademy.com/), with their online ethical hacking curriculum, fulfills an integral training need for security professionals. There are many training programs available today that teach tools and techniques for hacking. Some are better than others or suited to slightly different specializations such as web, network or wireless pen testing, but most of them are presenting very similar content. The problem is that most of these programs offer static content. By that I mean that the material does not change frequently, and the student is forced to find ways to stay current on new techniques. I think most... text/html 2011-06-28T18:15:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/373/2/ Professional Penetration Testing: Creating a Formal Hacking Lab (http://gan.doubleclick.net/gan_click?lid=41000000012871747 pid=9781597494250 adurl=http%3A%2F%2Fsearch.barnesandnoble.com%2FProfessional-Penetration-Testing%2FThomas-Wilhelm%2Fe%2F9781597494250 usg=AFHzDLt6HIWUunEPTKo3jvdFycVt8DlnqQ pubid=21000000000366175)” and “Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques” as well as the initial offering into the certification realm with Heorot.net. He also has extensive experience within the information security field having worked in a penetration testing role as well as many others. Enter Hackingdojo.com (http://hackingdojo.com/). Tom's intent with the Hacking Dojo class platform was to follow a traditional form of learning martial arts, take material covered with his already present Heorot.net certification programs, and mold it into a virtual environment. He does so... text/html 2011-06-27T09:39:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/372/8/ We Have a Winner!! Black Hat USA (http://www.blackhat.com) ticket. Not this year. EH-Net has chosen lorddicranius to be the winner this month of the Conference pass for the BlackHat Briefings (Aug 3 - 4) worth at least $2095. This year's event is described as, The Black Hat Briefings have become the biggest and the most important security conference series in the world by remaining true to our core value: serving the information security community by delivering timely, actionable security information in a friendly, vendor-neutral environment. Or in plain words, it is THE event of the year for security professionals.... text/html 2011-06-25T16:59:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/371/2/ Jason Haddix (content/category/7/42/24/) BackTrack 4: Assuring Security by Penetration Testing (BASPT) (http://gan.doubleclick.net/gan_click?lid=41000000012871747 pid=9781849513944 adurl=http%3A%2F%2Fsearch.barnesandnoble.com%2FBackTrack-4%2FShakeel-Ali%2Fe%2F9781849513944 usg=AFHzDLtE9w_JTZlsEFbTAM1DQz_Rw-XZCw pubid=21000000000366175), authored by Shakeel Ali and Tedi Heriyanto, is a 12-chapter compendium on everyone’s favorite hacking distribution, Backtrack 4 (http://www.backtrack-linux.org/). Filling the need for a refresher to older titles on abandoned projects like Knoppix or Auditor (see somewhat outdated: Penetration Tester’s Open Source Toolkit, Vol. 2 (http://gan.doubleclick.net/gan_click?lid=41000000012871747 pid=9781597492133 adurl=http%3A%2F%2Fsearch.barnesandnoble.com%2FPenetration-Testers-Open-Source-Toolkit-Volume-2%2FJeremy-Faircloth%2Fe%2F9781597492133 usg=AFHzDLuzcQX9T-_YJRhLUHTuq3yAvOGgHw pubid=21000000000366175)), BASPT gives syntax and usage tips on a plethora of different tools included in the suite and is broken down into the generic pentesting methodology with which most people today are familiar. Not... text/html 2011-05-27T19:53:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/369/2/ Lenny Zeltser's SANS Security 569: Combating Malware in the Enterprise (http://www.sans.org/info/79079) is an excellent course to help you devise a robust malware incident response plan. It is a 2-day, in-depth course that extensively covers malware. For Lenny's full course, please read the review for FOR610 (content/view/320/2/) right here on EH-Net. I went into this class having what I thought was an intermediate knowledge of the subject. I was very familiar with some of the topics and knew virtually nothing on others. No matter your knowledge of the subject matter, you will pick up a great deal from... text/html 2011-05-25T19:30:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/368/2/ live training (http://www.infosecinstitute.com/courses/ethical_hacking_training.html) in person, InfoSec Institute offer some of their courses in an online format (http://www.infosecinstitute.com/courses/hacker_training_online.html), which is basically a recorded class from the live version, split into a couple of modules. So let’s take a closer look at the online version of InfoSec Institute’s Ethical Hacking Course and IACRB’s Certified Penetration Tester certification. del.icio.us Discuss in Forums text/html 2011-05-20T10:43:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/367/8/ We Have a Winner!! great videos by Ryan Linn (content/view/357/24/), the webcast by James Egyp7 Lee (content/view/354/2/) and the numerous forum discussions. April was the time for someone to get their very own copy of Metasploit Express that includes the full license support for 1 year. And for your viewing pleasure, be sure to check our Metasploit's newly redesigned website (http://www.metasploit.com/). For those not in the know or unfamiliar with the Express Edition: Metasploit Express builds on the power of the Metasploit Framework, the gold standard for penetration testing with more than one million unique downloads in... text/html 2011-05-09T11:16:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/366/24/ Column by Mike Murray (content/category/7/39/24/) I was recently at a conference with a friend of mine who was visiting Vegas for a hypnosis conference, and I was explaining to him the biggest problem with most social engineering experts. And, of course, because I had been talking to him about amnesia, I promptly forgot about it. I was reminded of it when I was reading something that another social engineering expert wrote that linked hypnotic phenomena to the act of social engineering. So, I'll share the same caveat with all of you: if someone tells you that...