As mentioned in another post on CPTE news, many have questions on CPTS and the future of the cert. So I did some sleuthing on my own, and this is what I found:

1. I updated the exam details for CPTS in the Ethical Hacking Certifications Category.
2. Version 2 of the CPTS Program will be coming out sometime this year. And I do mean Program not specifically the exam. V2 will add the requirements of a practical exam (take home as opposed to CPTE which is an in-person pen test in front of an expert) and continuing education credits.
3. Reasons: They want to maintain not only the lead they currently have over CEH as far as keeping up-to-date with current technologies and methods, but they also want to make the credential more viable in the long term.

Hope this sheds some light on Mile2 and their thoughts on the future of their pen testing certs.

Don

The Certified Pen Testing Expert exam has been on the minds of many members. In trying to do a little sleuthing, I came up with a few tidbits:

1. This will be a Practical exam only, but will also require a resume check of experience.
2. You will NOT be able to take this exam at home and send in the results. It will be administered by Mile2 and offered at their Training Partner Locations.
3. You will have to perform a live pen test in front of another expert.

I also have some CPTS news that ties in with CPTE. See the post.

Don

We had good intentions of starting a study group, but with running 2 sites, having a day job and trying to raise a family, it is difficult. Maybe we'll pick this up again in the next month or so. Either way, we did list several steps (and links) as a starting point for studying for the CEH / CPTS exams. You might find this helpful:

http://www.ethicalhacker.net/component/option,com_smf/Itemid,35/topic,29.0

Don

With over 125,000 download of Nmap 4.0 within the first 10 days of release, Insecure.org had plaenty of people to install the new version and report bugs. Thus, a quick, minor upgrade.

http://seclists.org/lists/nmap-hackers/2006/Jan-Mar/0002.html

Don

I'm quite surprised that this has not generated a single response. I would think at least 5 members would have responded considering, at this point, no one will get free copies of the book before it is released. If only 5 respond, then those 5 automatically are chosen as the best.

Are you one of those 5?

I know some of you have read at least one of these books. And don't tell me that 5 minutes of your time isn't worth a $40 book.

Thanks,
Don

Well... It's dedicated server time!

Because of increased traffic from both CSP Mag and EH-Net (and the digg.com effect), we are moving to a larger server. This will take place sometime this week. We are finalizing the schedule now, but everyone may not see a second post with the specific date before the switch.

So, if you come to this site within the next week or so, and it seems as though it is down, this is the reason. I will try to put up a simple message to that fact, but as we move to a dedicated server, we will also have to change registration settings to point the domain name to a different IP address.

Thanks for your support and understanding, but most of all thanks for helping me grow these sites.

Don

Gaining root access to a Mac is "easy pickings," according to an individual who won an OS X hacking challenge last month by gaining root control of a machine using an unpublished security vulnerability.
On February 22, a Sweden-based Mac enthusiast set his Mac Mini as a server and invited hackers to break through the computer's security and gain root control, which would allow the attacker to take charge of the computer and delete files and folders or install applications.

Participants were given local client access to the target computer and invited to try their luck.

Within hours of going live, the "rm-my-mac" competition was over. The challenger posted this message on his Web site: "This sucks. Six hours later this poor little Mac was owned and this page got defaced".

"It probably took about 20 or 30 minutes to get root on the box. Initially I tried looking around the box for certain mis-configurations and other obvious things but then I decided to use some unpublished exploits -- of which there are a lot for Mac OS X," gwerdna told ZDNet Australia .

For full story:
http://www.zdnet.com.au/news/security/soa/Mac_OS_X_hacked_in_less_than_30_minutes/0,2000061744,39241748,00.htm

Don

As you may know, our sister site, CSP Mag, has Free Monthly Giveaways. Because of the size and topic of the prize (forensics) we decided to open it up to EH-Net members as well. We have done in the past, but this is the first time an EH-Net member has won.

Congratulations to member Oyle for being the one lucky winner of an online training course (value $2750) and one exam voucher (value $395) for the CCE Certification.

Don

According to the publisher, the Sybex book has been pushed back to Aug 14, 2006.

Don

There are a few cool things about Helix:

• As the title of this post indicates, this is a bootable, live linux CD. It is a heavily modified version of Knoppix.
• It is specifically for forensics and incident response. For this reason, such features as never using swap space are always on. This distro is also updated every 3 months to stay current.
• In addition to a bootable CD, it can also be used as a Windows application.

The quote below and much more can be found in their document, Helix for Beginners.


For the whole scoop:
http://www.e-fense.com/helix/index.php

Hope this helps,
Don

This must be the year that CEH gets serious. We all know it got a lot of press last year, but it seems as though a number of publishers are now starting to come out with study guides for the exam this year. Sybex was announced on this forum as releasing their book on April 17 and it looks as though Que is trying to beat them to the punch. Certified Ethical Hacker Exam Prep by Michael C. Gregg is slated to be released April 4, 2006.

Keep an eye out...

Don

Don't you think that tourism is the only way a dead city can get money to rebuild besides government assistance? Plus, if anyone needs to let off a little steam, it's the gulf coast.

My $.02,
Don

How could we forget Helix? Maybe because it is meant for forensics and incident response as opposed to pen testing. Should I put this in the Forensics board? Anyway, here's the link.

http://www.e-fense.com/helix/downloads.php


Don

WASHINGTON (Reuters) -- Three members of an online music piracy operation pleaded guilty in federal court Tuesday in response to a government crackdown, the Justice Department said.

Members of the group Apocalypse Crew pleaded guilty to one count of conspiracy to commit copyright infringement in U.S. District Court for the Eastern District of Virginia, the department said, and each faces up to five years in prison and a fine of $250,000.

Derek Borchardt, 21, of Charlotte, North Carolina; Matthew Howard, 24, of Longmont, Colorado; and Aaron Jones, 31, of Hillsboro, Oregon, each obtained digital "pre-release" copies of songs and albums before their U.S. commercial release, the government said. The music was then distributed globally through file-sharing networks.

The supply of pre-release music was often provided by music industry insiders, employees of music magazine publishers, or workers at compact disc manufacturing plants and retailers, the Justice Department said.

For full story:
http://www.cnn.com/2006/TECH/internet/03/01/copyright.pleas.reut/index.html

Don

Check out this posting on the release of BackTrack Beta.

http://www.ethicalhacker.net/component/option,com_smf/Itemid,35/topic,169.0

Don