Sorry for bumping this but I wanted to make sure there were no other questions before I continue with this project.

Thanks,
Cutaway

plik,

   I think as you work with MSF more you will see that your fears are even more founded in reality.  The types of things you can easily do with just a little more knowledge is incredible.  For instance, did you realize that with just a little configuration and installing a database on your system you can import your Nessus NBE files and MSF will take this information, provide you with a list of possible exploits, automatically run them all for you, and provide you with a list of owned boxes?  Very nice and efficient. 

   What the MSF people have done is provide the public with a tool that malicious individuals may have already achieved in some form or other.  The point here is that it is better WE have access to this type of thing as well as malicious individuals so that we can sufficiently test our environments before deployment and during utilization.

   Yes, script kiddies love this tool.  Heck, I still consider myself a script kiddie because I do not understand how to write my own exploits and modify MSF to do additional tasks beyond gaining access to a system.  My only saving grace is my knowledge of security architecture, project planning, and report writing.  These are the benefits that I provide to a penetration team.  I have gotten this same feeling from the majority of persons who patrol these forums.  There are varied levels of experience and each person has their own strengths and weaknesses.

Which is why I always say, "Go forth and do good things" on just about every post.  But, of course, I am sure people are starting to get a little sick of my catch phrase

Go forth and do good MSF,
Cutaway

How strict is the 250K?

Thanks,
Cutaway

I am going to have the unique opportunity to separately interview these individuals in the coming weeks.  Although I have a few ideas of what I would like to talk to them about I think that it would be great to get a few questions from this group. 

You can find more information about these individuals at the following web sites:
Jay Beale: http://www.bastille-linux.org/jay/jay_bio.htm
Johnny Long:  http://johnny.ihackstuff.com/faqs/frequently-asked-questions/whos-johnny.html

Please let me know if your questions are general or for a specific person.  I will compile the list and then work the questions I can into the conversation.

Thanks,
Don

We get a lot of this question here.  I thought about posting this link to one of the threads but I think it needs its own.

Johnny Long, of Google Hacking and other fame, posted a quick article on Wednesday, 01 November 2006 titled, "How can I become a professional hacker?".

It is a great article and everybody who has this question should read it. 

As related to Ethical Hacking, Johnny says:


Go forth and do good things,
Cutaway

w00t!....oh.....wait.....dang 

Daniel Miessler pointed out his write-up about Tcpdump to the Security Catalyst Community http://community.securitycatalyst.com.  I thought you guys would like to know about it.  It is a quick primer on tcpdump.  Very nice introduction.

http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/action,post/topic,1012.0/num_replies,2/

Enjoy,
Cutaway

Dave Aitel pointed this out to his list.  The ShmooCon challenge server has been left online and Applied Security is hosting this for a short time.  So head over and get through as many as you can before they take it down. 

http://www.appliedsec.com/conferences.html

NOTE:  The first challenge took me 2.5 hours.  Weak? Yes, but still fun

Cutaway

You might want to check out Cobia http://cobia.stillsecure.com/.  I can get you in touch with Martin McKeay if you would like to talk to him about it.  PM me and I'll see what I can do.

Cutaway

You gotta get some gear.  There are not very many jobs that will get you all the experience that you will need.  You are going to want to do some stuff on your own.  Plus, that job will (should) be paying for your training. 

Don't have a job.  The experience with your gear will help you get that job.

Everything you make from the "gear" you should put away 10% to savings, 10% to splurging, and either add to these percentages with the rest, get ahead on those bills, or get more gear (w00t!).

Go forth and do good things,
Cutaway

I agree about this being too simple.  Although I am no artist, I think if there is going to be a custom BT2 then there need to be better images.  I think a contest is in order.  I bet if you advertise on this site and on Pauldotcom you will not only increase readership but you will get some very interesting submittals.

Cutaway

@venom77

I did a lot of research on notebooks about 18 months ago.  I have to say the the Intel PowerBooks were not out then so I did not consider them (just missed it on that one).  But once I got to my new job I got a Mac to see how the other half lives.

I have to say that I am not impressed by the Mac other than the fact that I can get all three operating systems going on one machine.  Parallels works well but there are some default setting security issues you will want to research.  Some of the new features Parallels will have will be awesome, such as running Windows programs as single windows and not having it contained within a virtualization instance (for lack of a better term).  VMware is working but still in Beta (this should smooth out very quickly as VMware does a great job).

If you want to look at some good and powerful laptops then I suggest you go check out the systems supplied by Powernotebooks http://powernotebooks.com/.  These guys have some great and powerful systems, good prices, and EXCELLENT customer service.

The specs you have for your system look good but if you are going to be running multiple virtual images I would bump up your memory to 4 GB so you can dedicate enough ram to multiple running environments and Vista (it has been written somewhere) performs best at the level.  I would also consider getting a lot of storage.  You will probably be downloading a lot of tools and ISO images and when you combine those with the virtual images (I recommend 8 GB for anything you will be running and updating but only 4 GB for anything you are just playing with) and all those ones and zeros start to add up.

Good luck, a new notebook was tough for me but I am happy with my Sager NP9750 http://powernotebooks.com/category.php?catId=26#id1176 (although I don't look at the new prices because it makes me cry ).

Cutaway

ChrisG's comment actually happened the other day to a friend of a friend.  The fire suppression system malfunctioned and destroyed $200,000+ worth of furniture plus the water damage to the building and other assets bumping the price tag up significantly.  The insurance company will not pay up because anything over a couple hundred thousand dollars they fight over so that you have to settle a lesser claim or lose everything.  Everyday they wait for the settlement they are losing money.  They are in the process of triple mortgaging everything just to get enough stock to keep people coming in and supply the people who have already purchased.

Sometimes owning your own business is tough.  But, then again, a good BC/DRP "might" have helped.

Moral of this comment: Do not depend on the insurance company to have your best interest in mind.

Cutaway

The tutorial is for BT2 Beta.  I have not tried BT2 Final yet.  The reason I went with a HD install is so that I could get Nessus installed and so that I could easily update Metasploit and Milw0rm.  Plus, if you are on battery the CD-ROM is not going to spin your power away.

Sure, the wireless is not usable without a USB Wireless Card but I figured I could always drop in the CD if I needed it for a wireless assessment.  I planned on saving my Kismet config so a thumb drive.  But, so far, this has not been necessary.  BTW, apparently the BT2 Final has improved USB Wireless Drivers.

Good luck with the install.  Please post how you fix your install problem or a link to the fix.  As I'll be interested.
Cutaway

I recommend bidding on three computers at eBay to make sure you get one at a great price.  What a fun it is to have a conversation standing over three brand new used computers 

Of course I have put them to good use