Most Recent Additions to The Ethical Hacker Network, the best, single source of educational content for forensics, pen testing and incident response. Hacker Challenges with prizes, free monthly giveaways, tutorials, articles, forums, certification info and more. http://www.ethicalhacker.net 2008-05-09T15:07:23+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/images/M_images/ehnet_banner1.jpg text/html 2008-05-01T01:00:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/191/8/ Free Boot Camp Seat Worth $2,995!! QEH (Qualified Ethical Hacker) (http://www.securityuniversity.net/classes_CEH_QEH.php) or QSA (Qualified Security Analyst) (http://www.securityuniversity.net/classes_ECSA_QSA.php) worth $2995. The QEH class is for learning serious TACTICAL security skills that set you apart from your peers. You will take the Security University exam on site and achieve the only hacking certificate approved by the NSA (http://www.securityuniversity.net/about-cnss.php). The QSA class features security vulnerability testing, hacking and much much more with 40+ hacking labs. These are live, instructor led courses available in Virginia or San Franciso. I recommend you look over their courses and instructors, and you'll find that they are a quality... text/html 2008-04-17T01:00:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/190/24/ The latest version of the Certified Ethical Hacker (CEH) Courseware is due to be released and presented for the first time at Hacker Halted USA 2008 in June. Many small details of CEH Version 6 have been peppered on the Internet, as well as snippets of teaser copy on EC-Council’s own web site. “With a total of 28 new and never seen before modules, covering the latest concepts, featuring more real life cases, and showcasing the latest hacking and security tools, the Certified Ethical Hacker (Version 6) will be the most advanced course ever.” So I requested an interview with... text/html 2008-04-01T01:00:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/188/8/ Free Summit Pass Worth $1,745!! Although Summit Brochure (http://www.sans.org/pentesting08_summit/brochure.pdf?portal=806f0a8d1188a3baf62c9a377b5e2c02). One lucky EH-Net member will be given a complimentary summit pass worth $1745. Good luck. del.icio.us Discuss in Forums Participation on EH-Net is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie... quality is more important than quantity. Only EH-Net members are eligible! Registration Is FREE! text/html 2008-03-21T01:00:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/186/2/ Overview: Hello, challenge fans. Matt Carpenter and I have brewed up a new one for your analysis. The evidence is below. Analyze it and answer our questions. As always, we'll choose three winners: one technical champ, one creative victor whose answer is technically correct, and one lucky person chosen at random. As you work through this challenge, please observe this very important warning! As they say on TV, DO NOT TRY THIS AT HOME. We'll go even further by saying, DO NOT TRY IT AT WORK EITHER. The commands included in this challenge are _highly_ destructive, and some of them... text/html 2008-03-14T01:00:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/185/24/ By Chris Gates, CISSP, CPTS, CEH WTF is XPath Injection? Data can be stored in a XML file instead of an SQL Database. To sort through complex XML documents, developers created the XPath language. http://www.w3.org/TR/xpath (http://www.w3.org/TR/xpath) XPath is a query language for XML documents, much like SQL is a query language for databases. Instead of tables, columns, and rows XML files have nodes in a tree. And like SQL, XPATH also had the potential for injection issues if queries are not properly sanitized. Why is XPath Injection so dangerous? XPath 1.0 is a standard... text/html 2008-03-13T01:00:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/182/24/ By Brian Wilson, CISSP, CCNA, CCSE, CCAI, MCP, Network+, Security+, JNCIA Last year at ChicagoCon 2007, Brian Wilson gave a great talk entitled Cain Abel: Windows Can Hack, Too! Although the presentation and audio recording of the talk can be downloaded from the ChicagoCon site at Library Media Lab 2007 Evening Presentation Files, I had totally forgotten to publish his videos. Just in case things didn't go as planned during the live event or his laptop crapped out on him, Brian made a video of the MITM attack he demonstrated using Cain. They made... text/html 2008-02-22T01:00:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/179/8/ ChicagoCon 2008s from May 12 - 18, 2008 features all new keynoters, additional security boot camps, exams on-site followed by two days of ethical hacking presentations and breakout sessions. And without an exhibit hall full of sales pitches, you're free to learn from the pros, network with peers and advance your infosec career. Westchester, IL (PRWEB) January 29, 2008 -- Presented by the Ethical Hacker Network (EH-Net) and its parent company, The Digital Construction Company (TDCC), ChicagoCon is positioned to become the premier security event in the industry by bringing together the biggest names in education and certification under one... text/html 2008-01-31T01:00:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/176/24/ Editor's Note: This article was written in 2005 and was originally published on CSP Magazine. Due to numerous requests, it is being republished on EH-Net. It is said that luck seems to find those prepared for it. And, as difficult as it is to admit, stuff happens. We may find that our current job doesn't satisfy our financial or intellectual goals, a natural disaster may strike or, the unthinkable, we may be deemed expendable! If you had to hit the pavement tomorrow, do you have the knowledge and experience to determine your own destiny? If not, what is lacking in... text/html 2008-01-15T01:00:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/173/2/ When approaching security industry luminaries over the course of the last year about the CEPT certification, the typical first response I have received is usually quite blunt: Oh great , YET ANOTHER CERTIFICATION. Just what the security industry needs . And, to this point, I do have to agree, the security industry does not need another certification that: Tests a basic level of knowledge of INFOSEC subjects (ala the CISSP, SECURITY+, SCNP, ad infinitum.) Only tests the ability to regurgitate memorized information over a 2-6 hour time period Is easily compromised by cheaters downloading actual exam questions for $59.90... text/html 2007-12-07T01:00:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/170/2/ The Clock Has Struck 12 Like it or not, it's that time of year again. At least we have the continuing EH-Net tradition of an Ed Skoudis Holiday Challenge to get you through those days of brain freeze... and maybe even system freezes. Dive into the head of Ed Skoudis as he takes you into the cyberpunk world of Neal Stephenson with a little twist as only Ed can deliver. Remember Challenge Fans, as always, we’ll award three prizes: One for the best technical answer, one for the most creative answer that is technically correct, and one awarded to a... text/html 2007-12-06T01:00:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/172/24/ EnGarde Secure Community 3.0.18 (http://www.engardelinux.org/modules/index/releases/3.0.18.cgi) (Version 3.0, Release 18) on Dec 4, 2007. This release includes many updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, and a few new features. This review was done with a prior release. text/html 2007-12-05T01:00:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/171/2/ Review by Chris Gates (content/category/7/32/24/), CISSP, CPTS, CEH If you want to get into security visualization this is the book for you. This book gives you everything you need to get started in the field. You may be asking yourself why you should care or want to be interested in Security Visualization. In Chapter 1 the author sums it up nicely. “Visualizations make abstract data more coherent...In many cases, visualizations seek to display large amounts of information in a compact but useful way.” Before we get into the review, I'll disclose that I know the author and he gave me a... text/html 2007-12-03T01:00:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/169/2/ We Have Winners!! And now for the winners and answers. As extra kudos, this one was written by Kevin Bong, or as I like to call him K-Bo , who was the creative winner (content/view/132/2/) of the Charlotte's Web Site (content/view/114/2/) challenge earlier this year. K-Bo always does great work, and this Simpsons-themed challenge proved to be extra challenging. Remember, as always, we’ll award three prizes: One for the best technical answer, one for the most creative answer that is technically correct, and one awarded to a winner chosen randomly. Thus, if you can’t answer all of the questions, still... text/html 2007-11-02T02:00:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/167/2/ Most of you by now have heard of BackTrack (http://www.remote-exploit.org/backtrack_download.html), the highly popular and regarded Linux Security Distro for ethical hackers. Straight from the project's developers come this teaser video. With several examples of what the new version can do and a running time of 6:16, we hope to have you on the edge of your seat in anticipation. Especially nice are the demos of the new features highlighting Offensive Security's Wireless Security Course, Aircrack-ng (http://aircrack-ng.org/doku.php). This is the second offering of an eventual triumvirate of classes to be offered by OffSec. The first is Offensive Security 101 (http://www.offensive-security.com/offsec101.php), followed... text/html 2007-10-19T02:00:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/165/2/ In Part 1, Intro to Reverse Engineering - No Assembly Required, we extended the series of coding articles for non-programmers with an area of high interest in the infosec community. We're proud to be able to bring you the highly anticipated follow-up complete with screen shots, sample code and applications. This one is long and detailed, so strap yourselves in for some great educational content. This paper is designed to outline some essential reverse engineering concepts, tools and techniques - primarily, debuggers and using the debugging process to reverse engineer application functions and algorithms. It is assumed you have... text/html 2007-10-12T02:00:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/163/24/ ChicagoCon 2007 (http://www.chicagocon.com/) is a unique event with its focus clearly on the students, their education and career development. We obviously want them to gain knowledge while going through the classes, but we also want them to see a wider view. With that in mind, we intentionally crammed some extracurriculars into the event like morning keynotes, evening presentations and hacking contests. This way, you can take what you learn in class, get industry insights from the speakers, compare that to what your other classmates are doing in the real world and eventually go back to your place of work with... text/html 2007-10-05T02:00:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/164/2/ *Challenge Extended to Nov 19, 2007!* No one got the challenge 100% correct, and only 1 person found the hidden message. So let's keep it going... I know you all can do this one!! Woohoo! I'm delighted to announce that we have a brand-new ethical hacker challenge for you. This one was written by Kevin Bong, or as I like to call him K-Bo , who was the creative winner (content/view/132/2/) of the Charlotte's Web Site (content/view/114/2/) challenge earlier this year. K-Bo always does great work, and this Simpsons-themed challenge is awesome, from its self-deprecating title to its format. It's... text/html 2007-09-27T18:04:22+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/160/8/ Learn BackTrack Inside Out Directly from Mati at ChicagoCon 2008s (http://www.chicagocon.com/content/view/75/9/) The Ethical Hacker Network (EH-Net) proudly releases the only Official Version of BackTrack 2 that not only adds Metasploit 3 to the toolset but is also packaged as a VMware Virtual Appliance. Here are just a few of the features added by the projects lead developer, Slashdot It! (javascript:location.href='http://slashdot.org/bookmark.pl?url='+encodeURIComponent(location.href)+' title='+encodeURIComponent(document.title))http://www.remote-exploit.org/ (http://www.remote-exploit.org/): BackTrack is the result of merging the two innovative penetration testing live linux distributions Auditor and Whax. Backtrack provides a thorough pentesting environment which is bootable via CD, USB or the network (PXE). The tools are arranged... text/html 2007-08-24T02:00:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/157/2/ Before I thank Mr. Matthew Carpenter for his excellent work, let me thank the EH-Net members and readers for being patient. Between our regular work duties, a trip to Vegas for Black Hat (http://www.blackhat.com/) and DefCon (http://www.defcon.org/), and organizing our inaugural effort, ChicagoCon (http://www.chicagocon.com/), we were all a little behind schedule. Now that Matt's first venture in challenge land is complete, he now has a good idea of what Ed and the Intelguardians crew go through on a regular basis. It's truly not an easy task to go through all of those entries and pick winners, but pick them... text/html 2007-08-11T02:00:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/154/24/ OSSEC-HIDS (http://www.ossec.net/). OSSEC-HIDS is a great application to get your feet wet and open up the more advanced concepts of intrusion detection. OSSEC agents will run on virtually all OSes including Solaris, OS X, Linux and Windows (2000 and XP). The server itself is Linux based. The configuration is fairly straightforward as outlined below. This is a very basic introduction and should be considered a jumping off point. del.icio.us Discuss in Forums