Congrats Rance! See you in Vegas

DC/Bsides - @tonylturner

ping me on @tonylturner if you want to grab a beer and whatnot. Best way to reach me.

Btw, I retook it at a different Prometric site and had no issues for those of you who wondered whether my New Horizons experience might be representative of other sites.

Marketing.

Yeah you could definitely make it more complex and my script would not work if you needed all 7 (or 10) spaces occupied by a number, but I read it as an ascending word list starting at 0 or 1 and ending at some number. That's actually taken from a script I commonly use to build IP address lists for tools that can target such lists as a file but don't have the capability to define at stdin.


So I got lazy myself, but the point is people need to actually try to figure things out on their own before they come asking for help. I'll be the first to admit I'm a novice but at least I put forth a minimum of effort.

For 7 digits as a bash script:


Probably one of the easiest loops you could write. Sometimes I wish we had a little bit more of the Offsec "Try Harder" mentality here. It's one thing to help the newbie and give them a direction, quite another to completely spoonfeed. Consider yourself spoonfed.

I'd take what you hear on GRC Security Now with a grain of salt.

http://attrition.org/errata/charlatan/steve_gibson/

My picks are:

http://exoticliability.libsyn.com/

http://www.isdpodcast.com/

http://www.pauldotcom.com/

Did you take at a Prometric site? I tried taking my GCIH at New Horizons Prometric site on the 19th and the test bombed 30 questions in (script unresponsive on page, prevented me from submitting. Appeared to be a session timeout). Now I'm waiting on a waiver for the 30 day wait period retake so I can reschedule the exam but if Prometric is bombing, there's not much point.

Just got my travel plans confirmed for DC20 and BsidesLV. Hope to see some of you there!

I'd beg to differ on the whole mile wide, foot deep thing. Based on my conversations with CEH candidates, I tend to think CEH is only a foot wide, and about an inch deep. The exception to the width comment is that it seems CEH teaches you 20 tools to perform one task that you will likely only ever use 2 or 3 tools for. If that's what HR is looking for, by all means do what you have to do, but I'd prepare for disappointment if you were hoping to learn anything useful. The one thing CEH has going for it is marketing/name recognition and the other players lag behind here, regardless of their technical value.

Perhaps you'd care to share and help us increase the community knowledge?

http://pen-testing.sans.org/blog/2012/06/06/escaping-restricted-linux-shells

made me think of this thread. Great article btw if you want to learn more about the topic.

I'll be there but doubt I'll take a class. Gets harder to justify to management since I replace what would otherwise be an RSA or a Black Hat with the trifecta of Shmoo/Def/Derby cons on the basis of cost vs value proposition. Adding even a $1000 training strains that logic a bit. (due to travel costs x 3 instead of just once)

It's too bad because I'm really interested in 3 of them. Powershell, Wireless, Exploits - oh my! Guess that's what securitytube.net is for

The last commit was 2 months ago and the mailing list appears to be somewhat active, so would say it's fairly current. I have not used it but would note the project is listed as Alpha as is the case with many OWASP projects.