Well, since it is down time Tuesday on World of Warcraft, thought I would see just how many of us ethical hackers play WoW.  I know just about everyone in our IT department, all over the age of 30, play WoW.  It is our off time hangout.

Hell, we have even had a few IT meetings in guild chat.  If you don't like WoW, what kind of MMORPG's do you guys play.

$w33p3R

LOL BillV, I must have been smoking crack when I made that post.  I jacked it all up.  Thanks for the correction

You might check out the ECFI (EC-Council Certified Forensics Investigator) courses.  It seems to fit along the lines of what you describe you are looking for.

Great advise ChrisG, I will remove the 2000 employee computers we have in our orginization and let them use pencil and paper.  I don't guess you bothered reading my second post, you just wanted to be a smartass.

Sorry for the double post, in my previous post, I guess I was thinking out loud as a network security guy...lol  I didn't mean to take away from how awesome that FREE tool really is.  I can just see one of our "I think I'm a hacker" employees getting a hold of this and giving me hell.

Holy smokes this could be dangerous, VERY DANGEROUS.  Another tool for the script kiddie to wreck havoc with.  Just what we need, another tool that takes no brains to run...sheesh

Nice article Don.  I think if I got a VPN server for less than a dollar, I would either think it is broke or the seller is up to something.  Don't know that I would hook it up to my production network without a bit of testing first.

Well, I have been the victim of Dos attacks before on servers that I had and I can say first hand they are not fun to experience.  But, I don't think I have ever seen a Dos attack that couldn't be defended against at some level on the network.  I am calling hype until I see proof.

I am trying to make them active, I have been posting a bunch here lately.    Unfortunately @ work, I get the dreaded "Blocked by Websense".  I don't want to break the rules and create a shell account and tunnel around it, but I just might have to..lol

What you have just explained is the ECSA/LPT equivalent.  If you go through the bootcamp that EC-Council offers for ECSA/LPT, you would be suprised at how much different it is than C|EH.  It is more focused on Pen Testing, the Methodolgy, etc.

The C|EH course was not intended to make you a Pen Tester.  It was setup to teach you about all the tools.  It was a baby step to lead to ECSA/LPT.

I sit for my ECSA exam in 2 days.  I just went through the ECSA bootcamp.  You really can't compare C|EH to GPEN.  You could compare EC-Council's ECSA/LPT to GPEN though.

Anyway, really glad you enjoyed the class and courseware on it.

I doubt you are going to find any takers on this site Brian, but if you head over to astalavista.net I am sure you will find plenty that won't even require that contract, and they will let you leave your firewall up.  lol

But, they will also wipe your system for you too...lol

Seriously, a C|EH wouldn't do this.  There are so many reasons why they wouldn't, I won't even bother listing them here.  I am sure you can find them on other threads in this forum.

I hope you understand using cheat sheets is grounds to have your certification revoked.  There are plenty of resources out to pass your exam without risking taking your exam for it not to be any good a little later down the road, if caught.

Saying you are using these on a public forum is not wise.

Well, you have to distinguish between the two types of Blackhat's:

1. The Blackhat who likes to know how things work and just wants to see if he can get past the security measures in place.

2. The Blackhat that wants to tear the hell out of your stuff and steal anything they can find.

Admittedly, both are breaking the law because they did not have permission to do so.  But is #1 as bad as #2?  No.

Now, before anyone gets on their soapbox and starts feeling all righteous, let's look at this example:

A company doesn't hire thieves, agreed?  Answer these questions to yourself:

1. Have you ever downloaded a .mp3 you didn't pay for?
2. Have you ever downloaded a movie you didn't pay for?
3. Have you ever downloaded a application you didn't pay for?
4. Ever borrow a music CD from a friend and make a copy?
5. Ever use a copy of Microsoft Windows you didn't pay for?

According to the Law, RIAA, MPAA and other orginizations, you are a thief if you have done any of the above.  Now, are you anymore employable than a blackhat?  No, you are not, even though those things I listed are socially accepted crimes.

I think most "ex blackhats" realizes that you do not bite the hand that writes your paycheck.

Jack,

I would really view it right the opposite.  If you can find an OS fresh out of the box, you are most likely going to be able to exploit it.  The reason being is it most likely has tons of patches that has yet to be applied.  This even applies to OS's that have been in production for awhile.

Corporations get caught with their pants down when lazy Admin don't keep up with patches on their servers and workstations.  New exploits are constantly being found.  That is why hackers are constantly scanning systems.  They are looking for version numbers and patch numbers so they can see if it might have a vulnerability that hasn't been patched yet.


Jack, Windows 2003 Server is still one of the easiest OS's to get a reverse shell on, even though its been out for how many years? Here is a real world example:

I did a scan on my employers servers not long after being hired in IT.  I noticed they were running service pack 1 when service pack 2 had been out for quite awhile.  So here I go, I hit Google and find all the exploits I can find for SP1.  I get the list and take it to the network administrator and say, "I can do this, this and this and take control of that server right now.  Don't you think you need to get this patched?"

That is how easy it is to exploit a OS fresh out of the box or not.

For those that might not have taken the ECSA/LPT course, in one module it is talking about who to have on your "Tiger Team", and the one I would like to discuss is, "Never hire or have an ex hacker on your team".

The reasoning behind that practice is due to the fact the client may not feel too comfortable having an ex hacker snooping around on his network.  They want a security firm, not hackers.

I ask a question in class, "How can a white hat hacker really be effective if he has never been a black hat?"  Just trying to think like the enemy is not enough.  Where does experience come in?  Book smarts or real world experience?  Which would you prefer?

I would like to get your opinions on this.

Just a note to all the black hats that read this forum, "If you think you are going to get certified and then be accepted by the corporate world, think again.  You better not ever breathe a word that you were ever a black hat.  The only way that will happen is if they made a movie about you."