Most Recent Additions to The Ethical Hacker Network, the best, single source of educational content for forensics, pen testing and incident response. Hacker Challenges with prizes, free monthly giveaways, tutorials, articles, forums, certification info and more. http://www.ethicalhacker.net 2013-05-26T03:40:11+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/images/M_images/ehnet_banner1.jpg text/html 2013-04-05T14:00:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/471/8/ Win 3 Prizes Worth $1700! Jason Haddix (content/category/7/42/24/), is working on the review as we speak. If you'd like to get info immediately when it's made available, please fill out the webform for the New eLearnSecurity Training and Certification Path on Web Application Security (http://www.elearnsecurity.com/lp/web_app_course.php), and you will also get a whopping 30% OFF at launch! But don't say anything! In addition to the behind-the-scenes work on the new webapp course, eLS has also been busy lately updating Penetration Testing - Student (http://www.elearnsecurity.com/course/penetration_testing_student/). We'll share our thoughts on this course as well in an upcoming review by appropriately enough a new... text/html 2013-04-02T15:31:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/470/2/ By Robert J. Shaker II, CISSP, CCSK, CGEIT, CRISC Since the dawn of man there has been intelligence. Hunter gatherers would venture out and learn from the world around them what each sound, smell, and taste meant. The growl of a large predator would alert them to prepare for a defensive effort or to change paths. The smell of smoke meant other humans were nearby, and the taste of bitter meant something wasn’t edible. As time marched forward, needing to learn more about the other packs of humans around them became more important. There was competition or cooperation for resources... text/html 2013-03-30T12:05:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/469/8/ We Have a Winner! SANS CyberCon (http://www.sans.org/info/123045) beginning April 22 with his choice of the following: - SEC401: Security Essentials Bootcamp Style ($4,645) - SEC504: Hacker Techniques, Exploits amp; Incident Handling ($4,845) - SEC575: Mobile Device Security and Ethical Hacking ($4,845) - FOR408: Computer Forensic Investigations - Windows In-Depth ($4,845) - MGT414: SANS +S Training Program for the CISSP Certification Exam ($3,995) SANS is also offer two NEW Audit courses at CyberCon, running back-to-back. - AUD444: Auditing Security and Controls of Active Directory and Windows ($2400) - AUD445: Auditing Security and Controls of Oracle Databases ($2400) So yes, this means that there's still a chance to... text/html 2013-03-29T11:23:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/468/24/ Jason Haddix (content/category/7/42/24/) Love it or hate it, crowdsourcing is here to stay. While it’s been mostly confined to development and design, eventually it was going to come to security. Two such gentlemen trying to pioneer the space are Casey Ellis and Sergei Belokamen. Being long-time hackers and having seen how the security space works, they decided to start Bugcrowd (http://bugcrowd.com/). Here’s a description directly from the source: “Bugcrowd is by far the most comprehensive and cost-effective way to secure websites and mobile apps. We’ll do a brief consultation and help you set the budget, the duration, and which... text/html 2013-03-27T10:17:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/466/2/ By Todd Kendall Security professionals are often tasked with the unenviable position of wading through millions of bits of data, the review of thousands of systems, or the evaluation of hundreds of applications. At the end of the day it is their job to provide the ten thousand foot view of an organization and the highest rated findings that put it at risk. Information overload is a common theme in today’s society, and management requires the presentation of this material in a digestible manner of typically one page or less. The ability to provide this service requires... text/html 2013-03-02T17:27:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/465/8/ Win 4 Prizes Worth $7550! Mile2 (http://mile2.com/welcome-eh-netters.html) always seem to outdo themselves, and this month continues that positive trend. And they usually have some good news to go along with it. They're proud to announce their new collaborative partnership with Merit Network, Inc. (http://mile2.com/news/646-merit-network-announces-collaborative-partnership-with-mile2.html) to provide cyber security courseware and certifications through the Michigan Cyber Range, an unclassified, air-gapped system (sponsored by NIST, Juniper and the US Dept. of Homeland Security as well as several major universities) that enables students and professionals to practice, live fire cyber security exercises in a secure, monitored environment without impacting everyday network activity.... text/html 2013-02-28T00:00:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/464/2/ Violent Python (http://store.elsevier.com/product.jsp?locale=en_US isbn=9781597499576) is A Cookbook for Hackers, Forensic Analysts, Penetration Testers, and Security Engineers. This is a relatively broad scope and demonstrates how Python can be used to automate and assist with tasks across a variety of diverse InfoSec disciplines. However, breadth does not preclude depth in this case; the exercises build up to a fairly advanced level. Violent Python is authored primarily by TJ O’Connor, with Rob Frost contributing a chapter on Web Reconnaissance, and Mark Baggett acting as the Technical Editor. A quick glance at their collective credentials and experience undoubtedly creates high expectations for this... text/html 2013-01-31T23:20:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/462/8/ We Have a Winner!! The folks at Rapid7 have continued to support numerous community activities including EH-Net. One hard working EH-Netter has been chosen to win a full license of Metasploit Pro with one entire year of support included for a total value of $15,000! For a little more on the Pro edition: Metasploit Pro (http://www.rapid7.com/products/metasploit-pro.jsp) helps enterprise defenders prevent data breaches by efficiently prioritizing vulnerabilities, verifying controls and mitigation strategies, and conducting real-world, collaborative, broad-scope penetration tests to improve your security risk intelligence. As with every giveaway, all you have to do is participate on EH-Net. Since this... text/html 2013-01-24T18:00:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/459/24/ By Jason Andress (content/category/7/44/24/) The field of forensics used to be the ugly step-child of the ethical hacking world. In fact, it wasn’t even in the InfoSec category at all for the longest time. It was a realm populated by one of two types - the lonely IT guy hired by law enforcement to handle general tasks or the unlucky law enforcement officer who admitted that he knew something about computers. My have we come a long way. Not only is there now multiple disciplines, network forensics and file system forensics, but also each has its own sub-specialties for a... text/html 2013-01-23T12:35:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/461/2/ By Todd Kendall It seems pertinent during this time of year, as I finish off the last batch of left over christmas cookies, some peppermint bark, and a large glass of eggnog, to talk about a phenomenon known as the sugar high. I’m talking about the high one gets after consuming large amounts of sugar, also called a sugar rush. Sugar highs cause twitchiness, spasms, and hyper excitability. Sugar highs do not last very long and leave a person feeling drained afterwards.1 As an IT Security Consultant I have had the opportunity to work with a... text/html 2013-01-16T19:10:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/460/2/ By Thomas Wilhelm I had a question the other day from a student at the Hacking Dojo who was interested in accessing a Windows system remotely through SMB. My initial response was to tell the student that it was similar to FTP, and they should conduct the same type of enumeration against SMB as they do anything else open on the system. Unfortunately, this did not help the student, because their hands-on experience on Windows file sharing was all done using GUI. It then dawned on me that, since I came from a Solaris background, I had a different... text/html 2013-01-15T10:56:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/457/24/ The Ethical Hacker Network is an online magazine with a focus on those in the profession. It’s wonderful to have technical content, videos, book reviews and an active discussion forum, but what good does it do if we can’t help our readers achieve their career goals? Being an “online” magazine also means that we have a wide audience not confined within the borders of the United States. How can we also help our international audience? One way to answer both questions is to continue our ongoing series of interviews with ethical hacking movers and shakers. So here is another conversation... text/html 2012-12-27T18:26:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/456/8/ We Have Winners!!LearningGate (http://www.learninggate.com/?page=ehnet) is an OnDemand platform for training that also includes LIVE online labs, Around the Clock online live mentoring from certified experts, and much more. Courses include EC-Council CEH and CHFI, ISC2, CompTIA, Cisco®, Microsoft, VMWare and many others. So we are excited to announce that EH-Net Members, Seen and Eleven, are each the winners of a LearningGate annual membership. The LearningGate Technical Membership consists of a full year of Unlimited Access to a complete library of OnDemand Instructor-Led training and Hands-On LIVE Online Labs that will fully prepare them for numerous industry certifications. Each of these... text/html 2012-12-19T21:59:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/455/2/ by Paul Jaramillo, CISSP, EnCE So as we are about to close out 2012, many of us in the IT Security community look around and try to assess where we were, what we have accomplished this year, and what is next. I’ve been working in IT since the late 90s with a focus on security for much of that time. Most of my work has been in large private-sector companies with a brief but very rewarding stint working for the government. To me while much has changed, many of the core issues remain today as they were back then. Our... text/html 2012-12-14T12:51:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/454/2/ Entire Webcast Now Available!! In this technical webinar for penetration testers originally delivered on Dec 4, 2012, David Maloney discussed how you can use Windows Remote Management and Windows Remote Shell to obtain a session on a host while avoiding detection through anti-virus solutions. Participants learned: • Capabilities of Windows Remote Management (WinRM) and Windows Remote Shell (WinRS) • Discovering hosts running these services • Brute forcing the services to obtain passwords • Running WMI Queries and running commands • Getting and migrating shells to a more persistent process David Maloney, a Software Engineer on Rapid7’s Metasploit team, is responsible... text/html 2012-12-13T16:52:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/453/2/ Review by Todd Kendall A few years ago, I had completed a Report on Compliance (ROC) as a Qualified Security Assessor (QSA) based on the Payment Card Industry Data Security Standard (PCI-DSS) and was performing a final read out for a customer, when they showed me a framed copy of the cover letter of my report on the wall. The Chief Compliance Officer told me that this single piece of paper had cost the organization over a million dollars and thousands of man hours. Of course, the engagement was nowhere near the cost he quoted, but, after thinking about it... text/html 2012-11-08T13:18:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/451/2/ EH-Net EXCLUSIVE: eLearnSecurity Officially Launches Hack.me WebApp Labs Imagine a security virtual lab that is run by the community for the community... Free of charge! This is Coliseum Framework (http://www.coliseumlab.com/), every vulnerable application created on hack.me is run on the fly in an absolutely safe and isolated sandbox. Watch this webinar from October 2012 where Armando Romeo, founder of eLearnSecurity backing the Hack.me project, and Thomas MacKenzie, web application security specialist, unveiled the project and launched it to the world. Discuss in Forums text/html 2012-10-25T13:00:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/449/8/ We Have a Winner!!EH-Net Community Forums (component/option,com_smf/Itemid,54/), Taylor Banks, long-time penetration tester and owner of ACE Hackware (http://acehackware.com/) is the latest supporter of EH-Net. A lot has changed in ten years, notes Taylor. I can hardly imagine the thrill to be a pentester just starting his or her career with the toys available to hackers today! Real pentesting and effective social engineering require a diverse, esoteric and well honed skill-set. Still, with a hidden camera, a set of lock picks, and a pentest drop box (or better yet, a Hacklebox™), (http://acehackware.com/products/the-original-ace-hacklebox) even a noob can get... text/html 2012-09-30T00:30:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/447/8/ We Have Winners... 5 in Fact!!Offensive Security (http://www.offensive-security.com), we were able to offer 5 seats in various courses offered by the makers of PWB (http://www.offensive-security.com/information-security-training/penetration-testing-with-backtrack/)), Metasploit Unleashed (MSFU (http://www.offensive-security.com/community-projects/metasploit-unleashed/)), Wireless Attacks (WiFu (http://www.offensive-security.com/information-security-training/offensive-security-wireless-attacks/)), Cracking the Perimeter (CTP (http://www.offensive-security.com/information-security-training/cracking-the-perimeter/)), Advanced Windows Exploitation (AWE (http://www.offensive-security.com/information-security-training/advanced-windows-exploitation/)) and Advanced Web Attacks and Exploitation (AWAE (http://www.offensive-security.com/information-security-training/advanced-web-attack-and-exploitation/)). The 5 prizes awarded for August: - PWB + 30 Days of Lab Time + Cert x2 - WiFu Online + Cert x2 - CTP + 30 Days of Lab Time + Cert x1 All told, that's over $3000 worth of prizes! And the winners include 3 old timers and 2... text/html 2012-09-28T14:30:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/446/24/ By Chris Hadnagy When we speak about social engineering the normal conversation steers away from the technical and more to the psychological. This month we are going to change it up a bit and steer head on into the technical arena for a discussion about penetration testing. There seems to always be a debate online about pentesting, what it is and what it isn’t. How to do it right, how to do it “real world,” how to do it hardcore and even l33t. But at the end of the day what each and every pentester wants (or should... text/html 2012-09-25T12:07:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/445/24/ Georgia Weidman (content/category/7/46/24/), M.S., CISSP, NIST 4011, OSCP In, Mobile Hacking 101 (content/view/438/24/), the first article in my new column on The Ethical Hacker Network, I felt it was appropriate to start from the beginning. Offer up a primer if you will to give the readers a brief synopsis of where we’ve been and where we’re heading in regards to smartphones, their security and their determined march into the enterprise. Now that the basics have been covered, it’s now time to start digging deeper into the technical aspects of smartphone security. The logical next step is to set the foundation... text/html 2012-09-18T14:15:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/444/24/ By Jason Andress (content/category/7/44/24/) It's scary how the field of cyber warfare is developing. Not only nation-states but also rogue groups with varying agendas find interesting ways to communicate. Even if you catch them, can you decipher the plot against you? Whether they attack governments, companies or even you personally, the stakes are high. To test your skills, I can only say one thing... It's contest time again! From those of you that were victi... err participated in the last contest, you'll find a few familiar items, as well as a number of new puzzles as well. This time around... text/html 2012-09-14T15:46:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/443/2/ Join us for a Free Webcast on Oct 9 EH-Net EXCLUSIVE: eLearnSecurity Officially Launches Hack.me WebApp Labs Imagine a security virtual lab that is run by the community for the community... Free of charge! This is Coliseum Framework (http://www.coliseumlab.com/), every vulnerable application created on hack.me is run on the fly in an absolutely safe and isolated sandbox. Join this webinar where Armando Romeo, founder of eLearnSecurity backing the Hack.me project, and Thomas MacKenzie, web application security specialist, will unveil the project and launch it to the world. Date: Tuesday October 9, 2012 Time: 1:00 PM - 2:00... text/html 2012-08-31T13:30:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/441/24/ By Jason Andress (content/category/7/44/24/) For those of us following or taking part in the various hacktivist activities happening around the globe on a regular basis, doxing is a regular feature. We wake up in the morning to find the personal lives of businessmen, hackers who have made target of themselves for one reason or another, government employees, and a host of others spilled out onto the Internet for the entire world to see. Doxing can be a tool for use in security testing, investigation, or research on the positive side. But it can also be a tool for humiliation, harassment,... text/html 2012-08-27T17:45:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/440/24/ We describe ourselves as The Ethical Hacker Network, a free online magazine for security professionals. With that in mind, we try to have a wide range of topics of varying difficulty, all with an aim towards helping the readers on their chosen career paths. As the Editor-in-Chief of EH-Net, I am constantly asked online and off about the best way to get into the field, how to get a job and most often about the value of certifications, experience and education. Long-time colleague, Barry Cooper of FishNet Security Training iSWAT 2012 (http://www.iswatevent.com/) in September, not only has an... text/html 2012-08-24T17:10:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/439/8/ We Have Winners!! Hacking Dojo (http://hackingdojo.com/) provides students with a long-term training and support system, with readily-available access to instructors. Students attend regularly-scheduled online meetings with their instructor, who teaches hacking concepts relative to students' skill level. When the students demonstrate proficiency in a set of skills, they are moved onto more difficult challenges and instruction. So this time around, we now have 2 spots to offer to top contributors to EH-Net, with each winner getting a full year of training in the dojo with one of the industry's most respected names. And the 2 winners this month are EH-Net... text/html 2012-08-15T22:40:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/438/24/ By Georgia Weidman (content/category/7/46/24/), M.S., CISSP, NIST 4011, OSCP Next item on the board meeting agenda: the war on smartphones! For some time now, smartphones have been quietly creeping into our society and slowly infiltrating our families and companies. It started off simply enough: the CEO's husband bought her an iPad for Christmas, and she thought it would be pretty savvy to be able to answer work email on it at a business meeting half way around the world. The fashion slowly trickled down the food chain until everyone wants to put their smartphone devices on the company network. While... text/html 2012-07-20T16:08:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/436/24/ By Chris Hadnagy 20 years. Hard to believe, but Defcon has been around for 2 decades. And Black Hat has been doing its thing for 15 years and continues to buck the conference trend and grow in attendance each year. These two security conferences are some of the pace setting events for our industry. For the last few years, the crew at Social-Engineer have been a part of these events, and this year is no different. As you may know, we have 2 arms of our organization. Social-Engineer.org (http://www.social-engineer.org) is the free web portal that strives... text/html 2012-07-18T22:42:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/435/8/ We Have a Winner!! Black Hat (http://www.blackhat.com) have been doing this for years. Simply put, if you can make 1 trip each year, Vegas is the place to be. Many EH-Netters have attended and presented and can attest to the importance of this week to their careers. Ryan Linn (content/category/7/40/24/) is one great example of someone who won a ticket on EH-Net back in 2009 and is now a speaker at this year's event. The combination of BH and DEFCON (http://www.defcon.org/) draws crowds of all ages and levels of experience from newbies to hobbyists to professionals covering all aspects of hacking.... text/html 2012-06-29T18:04:00+01:00 http://www.ethicalhacker.net http://www.ethicalhacker.net/content/view/433/24/ By Ryan Linn (content/category/7/40/24/) Cobalt Strike is the latest tool that Raphael Mudge (@Armitagehacker (https://twitter.com/armitagehacker)) has released at Armitage (http://www.fastandeasyhacking.com), Cyber Attack Management for Metasploit, with a whole slew of new features added to aid in social engineering attacks, phishing, and targeted exploitation. As described on their own site: Cobalt Strike is threat emulation software. Red teams and penetration testers use Cobalt Strike to demonstrate the risk of a breach and evaluate mature security programs. Cobalt Strike exploits network vulnerabilities, launches spear phishing campaigns, hosts web drive-by attacks, and generates malware infected files from a powerful...