Ethical Hacker Community Forums

Congratulations on achieving your CEH! I  How do you PASS (any security test) if you don’t have money to go to BOOT CAMP.
Here is how: Oh by the way if you want to advance your level or carrier please go to http://www.packet-level.com/library.htm and take her some classes.


Set up VMWARE with lab (all ISO with server)
1)Download Knoppix SDT
2)Download Back Track Tools
3)Download SLAX
4)Download BLAG / UBUNTU
5)Download free other tools (you will find out after research)
6)Try to learn some Python Based Shellcode Generator
7)Try to learn some C#  or Java (if you can handle  .NET good for you)
8)Read, Read, Read (the more you read the more learn)
9)Online research
A)http://www.isecom.org/projects/hpp.shtml
B)http://hackingtruths.in/
C)http://www.actual-exams.com
D)http://www.packetstormsecurity.org/
E)http://www.bleedingsnort.com/
F)http://www.securityfocus.com/
G)http://searchsecurity.techtarget.com/
H)http://insecure.org/
I)http://www.snort.org/
J)http://www.metasploit.com/
K)http://www.counterhack.net
L)http://www.logicalsecurity.com/
M)http://www.securityspace.com
N)http://www.enterpriseitplanet.com
O)http://www.bestdown.com/
P)http://directory.fsf.org/security/
Q)http://www.hackersbook.com (I LOVE THIS BOOK)
R)http://www.hellboundhackers.org/
S)http://web.archive.org
T)http://www.hackerhighschool.org/lessons.shtml
U)http://archives.neohapsis.com/archives/stw/2007/
V)http://www.kmint21.com/download.html
W)WWW.ASTALAVISTA.NET (best / best/ best)

You should read these books. I love all of them.

•Anti-Hacker Tool Kit, Third Edition ******
•Counter Hack Reloaded
•Hacking Exposed 5th Edition
•Official Certified Ethical Hacker Review Guide: Exam 312-50 ******
•Inside Network Perimeter Security (2nd Edition)
•The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers
•Google Hacking for Penetration Test...
•Stealing the Network
•Snort 2.1 Intrusion Detection
•The Shell coder’s Handbook
•Extrusion Detection
•The Art of Deception
•Software Security
•Stealing the Network
•Metasploit Toolkit for Penetration Testing

I think good hacker knows a lot of program to protect the system and bad hacker know how to crack the system from the learning program. CEH course is nothing inside really just give you a ticket to see
DEFCON.


CEH certificate just let you in the door to see what the real world security look like.  If you don’t have money please go to library and learn, learn, learn. All tools are free for learn 30-60 days. I thing download and learn.  Remember technology change every day. You need to update your level. So read and learn will help you the real world professional job understanding. Get a certificate is not a big deal. The big deal is how much you know and how much you know to protect your network from BLACK HAT.  

So long……..

Some good resources there Blackice.

I particularly liked the 'Challenges' section on the hellboundhackers.org site.

Anyone studying or considering studying OSCP would get a lot of valuable experience with these challenges - noobs can get a lot of good pointers as to how to complete the challenges by reading the posts in the 'Articles' section, under the HBH Challenge Tutorials' section.

Be prepared to have to use your brain though - these are not 'walkthroughs' but more of a shove in the right direction.

Excellent find - thank you.

For those on a budget self study and sitting the exams is a great way towards gaining certifications. That said I would like to emphasize how useful I've found classroom teaching in the past. With a experienced instructor you'll get much more from the course than you will from books, provided you are prepared to ask questions.

What would be useful in lieu of expensive courses would be online study groups. We could probably buddy up a few of the members here on the road to certification to study together and maybe even have some of the more experienced members offering mentoring sessions.

Jim

i'll put my standard plug in for LearnSecurityOnline.com as a resource  ::)

 
Hacker
A person who stretches the capabilities of computer systems

Hacking
Rapid or reverse engineering of existing software to make it better

Cracker
A person who uses his hacking skills for offensive purposes

Ethical Hacker
A person who uses his hacking skills for defensive purposes
Threat A potential violation of security

Vulnerability
Existence of a weakness within a system that can lead to an exploit

Target of Evaluation
A system that is identified as requiring security evaluation
Attack an action that violates security
Exploit
The exploitation of a vulnerability to cause an attack Hacker Classes
Black Hats
Also known as Crackers
The Bad Guys
Excellent Computing Knowledge
Use hacking for corrupt purposes
White Hats Security Analysts
Use Hacking for defensive purposes
Gray Hats
Individuals who work both offensively and defensively at different times
Elements of Security

Phase 1 - Reconnaissance
Also known as Footprinting
Preparatory Phase
Gather information on ToE
Phases
Active
Ping ICMP Probing the network
Traceroute
Detects accessible hosts
Detects open ports
Passive
Sniffing
Information Gathering
DNS Information
Sam Spade
RIPE/ARIN

Phase 2 - Scanning
Pre Attack Phase
Scans network with information gathered during Phase 1 - Recon
Subtopic
Use Technologies
War Diallers
nMap Scanners
Vulnerability Scanners
eEye
ISS
GFI

Phase 3 - Gaining Access
Start of the True Attack Phase
Exploit a vulnerability found in a resource identified in the scanning phase

Phase 4 - Maintaining Access
Retention of ownership
Important for the hacker to regain use of the system
Installation of Rootkits, Trojans, and backdoors are common

Phase 5 - Covering Tracks
Action taken to extend misuse of systems without being detected
Steganography, tunneling
Altering log files
Security Testing
Black Box
Testing with no Prior Knowledge of the network infrastructure
White Box
Testing with knowledge of the network infrastructure

And then of course there is what we call offensive security for the Ethical Hacker.

Hi all,

I have tried to order this book http://www.hackersbook.com (I LOVE THIS BOOK) but have not got this item I have tried to contact them and all I get is

      **********************************************
    **      THIS IS A WARNING MESSAGE ONLY      **
    **  YOU DO NOT NEED TO RESEND YOUR MESSAGE  **
    **********************************************

The original message was received at Thu, 12 Jun 2008 15:23:42 -0600 (MDT) from imo-m12.mx.aol.com [64.12.143.100]

   ----- Transcript of session follows ----- ... while talking to mx0.gmx.de.:
>>> RCPT To:<Ingo.Haese@gmx.de>
<<< 450 4.3.2 Too many mails (mail bomb), try again in 1 hour(s) 58 minute(s) and see ( http://portal.gmx.net/serverrules ) {mx051} <support@hackersbook.com>... Deferred: 450 4.3.2 Too many mails (mail bomb), try again in 1 hour(s) 58 minute(s) and see ( http://portal.gmx.net/serverrules ) {mx051} ... while talking to mx0.gmx.net.:
>>> RCPT To:<Ingo.Haese@gmx.de>
<<< 450 4.3.2 Too many mails (mail bomb), try again in 1 hour(s) 58 minute(s) and see ( http://portal.gmx.net/serverrules ) {mx032} <support@hackersbook.com>... Deferred: 450 4.3.2 Too many mails (mail bomb), try again in 1 hour(s) 58 minute(s) and see ( http://portal.gmx.net/serverrules ) {mx032}
Warning: message still undelivered after 4 hours Will keep trying until message is 3 days old

No virus found in this incoming message.
Checked by AVG.
Version: 8.0.100 / Virus Database: 270.3.0/1500 - Release Date: 12/06/2008 16:58

any idea what this means should i cancel my paypal payment ?

You received a 450 error due to the fact that it appears to their mail server that you have sent too many emails to the same person in too short a time frame.  It's interesting that there were 2 RCPT To:'s  on there for the same person which sounds like you may have double sent it to the person, or possibly more than that.  Your AOL mail server will try to send the message again periodically until the message is delivered, or until 4 days have passed in which case you will get an email indicating that the mail was not deliverable.  No need to cancel your PayPal account unless you just really dislike it or there is something else going on you haven't mentioned.
 

Nothing else is going on, I orded this item on the 6th this month it says about 7 days to be delivered. I have not got no email from them saying the item has been dispatched. I cant contact them so just worried that I will not be getting this item that is all. :'( :'( :'( :'(