Congrats man!

Keep learning!

I'm in !

Congrats!

And nice of you giving the practice exam!

April fools days at its best !

 

Thanks! It was funny! Geeky, but funny!

@SephStorm

I understand your frustration. I sometimes suffer from this, but I look at the ones around me and I feel better

One solution to your problem would be to create a sub forum, something like noob self study. Here you can come to a problem/question and someone more experienced could point you in the right direction.
After receiving the help, you'll have to solve the problem and to present the solution to the others. The best way to learn something is by teaching it.

For example, let’s say that someone is interested in web cracking, and wants to learn it. A "mentor" could point him to the right resources, and the student will prove that he did mastered the subject by doing a small video where he shows he's way of doing it.
Maybe after a time the sub forum will die, or it will become overpopulated, but it might be an opportunity to gain knowledge and experience.

Another variant will be to create small teams of ethical hackers, and try to share knowledge, and to solve problems together.

And yes, you can take training. The problem with the trainings is that you are alone. One of the advices K Johnson gave us when we finished the course was to create a team and to work together. Until now I don't have someone to share my passion, and to try to work with. An EH team would be nice.

My boss received an email from Tenable yesterday, being informed that Nessus 5 is available. He came to my desk to remind me that our policy is to wait 6 month before we upgrade to the newest version of a product  .
I was speechless.     
My only hope is that I will leave soon, and never have to deal to something like this. 

By the way, have you seen the movie Idiocracy. In there, there is a scene when the guy goes in court and his lawyer is accusing him, not protecting him. I lived something similar (grace a mon patron).

I am glad that the new version is out, and I am sure that it is better than the other one. I have a lot of respect for some of the guys at Tenable, and I am sure that they do their best to provide us with a great tool. I might try it at home.

My only complaint with version 4 is that it doesn't create a database with scan results. I think that you have to buy Security Center for this. Is too bad, because it might be useful when you have only one scanner, but you scan different subnets in different days.

If you really want Kevin to come, ask him to bring his older daughter. He told us that she is better than him at lock picking

Better. If the others have kids, make a parent kid lock-picking session. Like this you'll have fun.

If you are not Kevin Johnson you should invite him, too (he's local). You'll have a lot to learn, and a lot of fun. 

@cd1zz

The main reason I prefer Nessus is that it produces better results. Also, when you are analysing the results, you have an option to see only the vulnerabilities for which "Exploit exists". This is extremely useful. In Nexpose you can see the ones where you have exploits in Metasploit and in exploit-db (very useful and not present in Nessus). Also, in Nessus you have the mention that a Metasploit, CANVAS or Core Impact exploit exists. For the rest you have to search the net.

Among the false positives in Nexpose, the most annoying ones where the ones detected when I executed a scan using admin credentials. As an example, for one server it reported a browser exploit. In Metasploit the exploit applies to IE 6, but our machine had IE 8. Another one was valid for Win 2003 SP0, and our machine wasn't for sure SP0.

Last year I did a comparison between the two vuln scanners using regular network scans (without credentials). After the scan I tried to identify as many as possible false positives. The results from Nessus were much more accurate, and Nexpose missed a lot of vulnerabilities.

Another disadvantage of Nexpose is that if you enter for scan a class C, it will consume 255 ips (from a total of 1000 in my case). Because we are using many subnets I would have to do a scan with Nmap first, and then import the results in Nexpose. I think that sometimes, when you do this, it will erase old entries.

The advantages with Nexpose are the facts that you have a nice management of the zones and extra scan engines, and that it produces more detailed reports, that gives detailed remediation steps.
For a big company the management of zones and scanners is a plus, because the Tenable Security Center (necessary to integrate the results from multiple Nessus scanners) costs 80.000$. So, if you have many zones, with many scanners and you want all of the results in one place Nessus vulnerability scanner is not the solution to go. You either buy Tenable Security Center, either go for another solution (Nexpose being one of them).
In our case, we have a scanner internally, one in the DMZ and another one on a machine connected directly to the internet. With Nexpose, the first two could be combined, and have all the results in the same place.

I didn't try yet the integration of Nexpose in Arcsight, but I might try before our license expires.

And, yes, the price is important for me. Scanning 2500 real IPs (and I give him ranges that will cumulate almost 10 000 IPs) with Nessus costs us 1200$/year. With Nexpose will cost way more.

Worst, we have Nexpose through Symantec, which resells it as CCS. When you have a problem, and you need support, you have to deal first with Symantec, and when they are not able to fix the problem, they will escalate it to Rapid7 (which gave me the solution very rapidly).

Maybe I am biased, but this is my opinion. If you want, I can provide some tables with the results of two scans. My analysis is not 100% accurate, but there is a big difference between the two scanners.

I have both Nessus and Nexpose, the commercial versions.

Actually, I will have the money to buy a web application vulnerability scanner because we might get rid of Nexpose. It simply does not add any value to us. It is more expensive than Nessus (for ex a Nessus license, unlimited IPs costs 1200$, and Nexpose 1000 Ips costs around 10.000$).

Also, I did some scans and I didn't see big differences between the results. I even saw more false positives and more false negatives in Nexpose, but I don't want to go in there yet.

It is true that Nexpose integrates with Metasploit, but the pro version of Metasploit is 15.000$. I rather buy CANVAS or Core Impact if I really want a penetration testing framework. I know how to use Metasploit framework, Burp..., but the other guy who is working with me has no idea about this. So, we have to buy tools he is able to use

I know that it is stupid, but the good side is that I can justify an excellent tool, saying that it is easy to use. I don't know if they will accept my request, but I can try.

Also, if (when) I'll leave, they must be able to produce the scans. That's the advantage of the commercial tools. The disadvantage is that some analysts have no idea of what they are doing; they produce hundreds of pages of reports without any value for the overall security.

Hi,

I am planning to buy a commercial vulnerability scanner. Given the fact that my budget is limited I am oscilating between NTOSpider and Acunetix.

According to some studies (2009), Accunetix is better, but I like the fact that NTOSpider integrates with Core Impact. We don't have Core Impact yet, but I will try to sell the idea of having a commercial pentesting tool (Core or Canvas).

So what do you recommend between the 2 of them?

I know that Webinspect is probably better, but is almost 30k, I have Burp Pro,... I need a good scanner, that will produce nice and useful reports.

Thanks

Very interesting, thank you!

Me too, I will add soon some network equipment to my lab. A
nd, I am interested in learning this type of hacking.

work study sounds like a good idea, but...
- what if there is not SANS training in your home town?
- what if the course you are interested in is not given?
- what if there is someone else who's waiting for two years for the same course, and he'll get the place?

I agree too, that the courses are very expensive, but if you cannot afford them (yet) there are plenty of alternatives: books, lot of documentation on the net, free testing environments.
Also, for HR CISSP is still the best cert to have.

Are you having problems browsing to the site?

I do.

WOW!

I would love to do this course. I really cannot justify it at my current job

Maybe... next time. I've saved it in my favorites.