I read that but I haven't any experience with this particular router myself, that was what I meant.

It sounds logical to remove the number of attempts but then it will depending on the password take you quite a long time to successfully brute the password if at all. Therefore I would say it will be hard to succeed by going this way.

Other attack possibilities my be on exploits available for this router or its firmware (haven't checked this) if its using an old one.

As physical access is no possibility (..) you may try something like phisihing, social engineering etc. Also a keylogger or similar on your brothers pc may help.
But all this are attack possibilites which have not really anything to do with the router itself and may then again not be what you are looking for.

Another way may be to reverse engineer the file format of the config file when you assume that the credentials are stored there.

I would be interested if you have a plan to follow when your company is in some kind of greater danger. With greater danger I mean things like forces of nature, destructive hackerattacks which only goals are to destroy your data, jumping off of your biggest costumers etc.
The best would be if one have such a plan in written form but mostly smaller companies may have only unwritten ideas in the managers head's.
How much are you prepared for such incidents?
Do you know of any sample plans which can be recommended and adopted?

As I don't know your router model in detail maybe you just DoS'ed it? Meaning that you sent so much requests to it that it denied its further service and temporary shut down.
Some routers will also behave like this when you entered a certain number of wrong credentials which is of course a security feature.

Don't you have physical access as stated by unsupported?

I guess this is because you are talking to people from the upper which may have not that technical knowledge which would be needed to understand it on a technical way. Therefore if you have certificates which features words like "Hacker" etc. it will for sure catch their attention.

If the customer won't let CISSP or people with other, similar certs test his network you may have to present yourself maybe in a different way or give him some easy resources where he can see how things are by himself.

Did you pentest his company after you received the CEH exam or was this already at a later point? Just curious.

On my website you will find some reviews on hardware keyloggers. More to come soon, hope you like them.

If you have any more questions please feel free to ask.

Just wanted to let you know that I decided to create a website. Although not much content yet, it can be found at www.awesec.com

Feedback would be much appreciated.

Thanks for all replies done so far. This really helped me.

I used the time yesterday evening and corrected two reviews I have done recently and tried to adhere to the recommendations given. Especially as I haven't done any "public" articles and reviews in English yet this was very important for me. Also an English article I wrote will be printed this year by a security magazine. As I have still time until it must be delivered I will also reread it and correct if necessary.

Ants: Thanks for your kind words :>

I will also check the guide by guardian, thanks for mentioning it.

I really like JTR too but I don't need it often. I use it for both single and multi. Depending if time is an important key I would let it run also for a longer period of time on a seperate machine.

Normally I would agree with you dalepearson at the point that studying security material and practice it should be enough. But especially when loking for a new job or similar it may be the key to have actually a certificate which says that you have learned the stuff you are interested in at least once (I am assuming that no cheating was there).

When there are two persons with same skills etc., where one has a certificate and the other one not, the employer propably will take the one who has certificates.

Thanks for your thoughts and especially thanks for the slides, ethicalhack3r. I will read through them this week.

Yeah, I thought EH may be a good place for my question as there are some great authors and writers.

That would be nice and much appreciated.

The two sentences were just examples. I am writing all articles and reviews by myself of course, but personally I think it is better to write in a general style although the readers may then not be as appealed (hope this is the correct word for this) as in the other way.

I know how this feels but maybe the responsible guy is really very busy. I still would try it.

Hello,
not really technically but something I am thinking a little bit about.
The questions is if it is more "professional" or "better" to write something with using the word "you" or something in more general like "it" and not addressing to any person.

Examples what i mean:
1) Before you can use this feature you have to enable it in the settings.
2) Before this feature can be used it has to be enabled in the settings.

1) While the tests nothing odd happened.
2) While my tests nothing odd happened.

As English is not my main language I would like to know which is better to use and which do you personally prefer in articles, reviews etc.

Only thing I came up with is that you should use whatever you choose for the whole article.

If there are some "serious" businesses around your area which are specialized in this kind than I would say your chances are very small. Maybe you could ask at some organizations such as churches etc. but propably you would get very little money if this is what you are currently after.

I would try to get a job in the it-field at general, such as sysadmin, network engineer etc. This may also help to improve yourself in the field of pentesting as you will see other aspects you may have not yet discovered.

Also I would try to recontact the two companies you mentioned and ask in a polite way if you can work there or how things are as you would be very interested etc.

Depending on his signature, he has already Security+ besides some others.

CISSP is surely great but seems to be quite hard to get. If possible you should at least try it.