In my opinion ethical hacking is exploiting the system in an ethical way whereas penetration testing takes it a step farther and uses the output from ethical hacking and creates a useful report for the target organization. This process includes all the piece parts of a quality pentest report and real value add for the business by identifying where the verified vulnerabilities create risk scenarios for the business and why and from what vectors as well as the real world impact of a threat exploiting that vulnerability.

Ethical hacking is a subset of penetration testing and does not provide that level of value to business by itself but is more about achieving the level of understanding of the target asset/process necessary to deliver quality pentest results. I also don't feel that ethical hacking includes the security analysis skills required to draw the necessary conclusions outside the very narrow scope of that target system being exploited that a good penetration tester will from good critical security thinking processes. I'd be interested in how others define these as I see many people use these terms interchangeably but I just don't agree that they are the same.

Even if you don't get it right you will learn a lot attempting the challenge. It's a great way to learn!

Check Network access: Allow anonymous SID/name translation

http://technet.microsoft.com/en-us/library/cc728431%28WS.10%29.aspx


Even when Network access: Do not allow anonymous enumeration of SAM accounts (and shares) is enabled you can still use sid2user and user2sid as it uses a separate api to pull that information and will still work if that SID/name translation is set to 1.

You could automate this with a FOR loop for all the user accounts starting with RID 1000 and going to 1050. Admin accounts start at 500 so just modify the script accordingly

Yeah I did the colored Post-it notes as tabs when I did GSEC and it was a lot of work and really screws up how they sit on the shelf. It worked for me but the last few certs I've gotten lazier and lazier with the indexes. The key is whatever you do, create your own index. I know guys who tried to use someone elses and it just didn't make sense. You can't index every single topic or tool so people tend to document the areas they are less strong on so you might not have the entries you need. Even if you find a really good index, making it yourself does a good job of helping you remember where stuff is and what's important for the exam.

For the most part, most of the GIAC exams are pretty easy if you understand the material and have a good index. Something else I've done that is helpful is printing out man pages for commonly used tools. These exams like to ask questions about which switch you use for command syntax stuff.

The SciFi show (excuse me, SyFy... bah) Sanctuary has irrevocably damaged my perception of Nicola Tesla. Now I keep seeing the tv version in my brain as a vampire and correlating it with his real world achievements. It's somewhat disturbing especially since the show is not all that good.

http://en.wikipedia.org/wiki/List_of_Sanctuary_characters#Nikola_Tesla

The first Tron was amazing. I remember seeing it on the big screen and being blown away. I still watch it every couple of years and it remains in my top 5 along with LoTR trilogy, Star Wars trilogy (not prequels), Spirited Away and Naked Lunch. I have 2 small children so rarely get to go to the movies but I told my wife I wanted to see this in IMAX 3D for Christmas. We are definitely getting a babysitter!

I know this is an old thread but I just wanted to add my favorite aspect of using a USB adapter is passing it to guest VM's. Can't share a cardbus adapter with a VM in VMware.

I've been using a trio of Ubiquiti SR71 adapters strapped to my Windows 7 tablet so I can continuously monitor 1,6,11 or trade up between monitor and master mode. They are a little pricey but deliver excellent range, are compatible with BT4 with minimal effort and work quite nicely with my Airmagnet tools.

http://www.wlanparts.com/product/SR71-USB/Ubiquiti-Networks-SR71-USB-WLAN-USB-80211abgn-MIMO.html

P.S. thanks Aranger for resurrecting this dead post so I didn't have to be the one 
 

Congratulations! Gotta love no expiration or annual maintenance fees 

Pretty sweet giveaway. So far I've steered clear from CEH due to a really bad experience with an EC-Council trainer for their e|drp course and the fear of another painful training experience (Death by PowerPoint without regard for the experience level of the audience. We were all Disaster Preparedness Consultants and Responders with an average of 7 to 8 years experience in FL including the 2004 hurricane season and response to Gulf Port, MS for Katrina. The guy spent a whole day explaining what arson, hurricanes, tornadoes, etc were.  Was horrible. Half of what the guy said was really bad advice too and I'm pretty sure he made up the stories he told because things don't work that way in the field. Ever.)

That being said I am interested in the CEH, just need to find a good trainer. (Or maybe I should just self-study) It has better name recognition than any of the other pentest certs so it definitely has value for me. Glad to see Michael Gregg will be teaching this one. That's awesome! Good luck folks

I was planning on doing SANS SEC660 this next year in Orlando but I suspect if we wait a bit they will come out with a cert for it as well. I find myself naturally gravitating to trainings I can convert into more alphabet soup. It's becoming a disease.

I'm doing OPSE in Clearwater, FL www.isecom.org/opsefl in a couple weeks and am super excited about that as a long time OSSTMM fan. I opted for SEC/DEV (they keep changing it) 542 which is the GWAPT cert course and the 2 day Metasploit for Enterprise Pentesters course (even though there's no cert, its Metasploit!!) at Orlando SANS 2011 in March/April. I usually work the conference as a volunteer for reduced training costs. Only $800 (+ expenses) vs the $4,000 or so it normally costs and way better exposure to the SANS instructors and many of the volunteers/facilitators are top notch security pros in their own right.

In addition to the SANS Metasploit course, I'm also doing the Securitytube Metasploit videos and we are buying Metasploit Pro at my work and I added on a 2 day onsite MS Pro training piece as well so by next spring I should be a Metasploit guru between MSF and MS Pro. I hope.

All that being said, I am hugely interested in the CtP course and I really appreciate the review. This course as well as the SANS 660 and 710 courses are at the top of my list for where I want to be BEFORE I feel confident enough to really call myself a pentester. I do some pentest work internally which is about 15% of my duties but it's not what I would call high caliber since my work is primarily tool driven. It's a journey, that's for sure! Thanks again for the great review.

I just got a t-shirt from www.thehackeracademy.com with the slogan "Penetrating holes since 2005"

Obviously you don't want to ripoff someone elses slogans but I thought it was humorous and had to share it.

How about something that helps us bring a positive spin back to the term "hacking" like:

 "Hacking is not a bad word"

or

"Thomas Edison was a hacker" (or Benjamin Franklin)

or

"Finding new ways to use old tools"

The reason why I ask is you will likely see a much larger number of vulns if you are supplying credentials to the scan process. I'd highly recommend looking at your configuration and using credentialed scanning. What service were you connecting with?

I typically use SMB for Windows and SSH for Linux and other protocols when I need visibility inside a specific application. Make sure you can get through the firewall with those protocols or disable it for your test. Obviously you need to be running an SSH server to connect via SSH. NeXpose is a pretty awesome vuln scanner. I love that it tells me when a vuln is metasploitable. I get all giddy when I see the "m"!

Did you do a credentialed scan?

One of my recent faves is the jedi packet trick. Check out the CanSecWest 2010 presentation at http://www.alchemistowl.org/arrigo/Papers/Arrigo-Triulzi-CANSEC10-Project-Maux-III.pdf

I'm using the videos to prep me for 580 in Orlando April 2011. Why not both?