It stands for Wired Equivalent Privacy so I think first one would be the answer .

I wanted to find jmp address of several machines however as we all know that opcode database is down , I need to do it manually .

One way is by using EEREAP from Eye Digital security , but they arnt good at Microsoft addresses .

Second way could be by using msfpescan -f ......

Third way where I can get old exploits and copy and paste their jmp addresses.


Now coming back to the second way , which attracts me the most , I would say that msf requires a DLL for that purpose . In one case I can copy and paste a kernal32.dll or user32.dll from a windows xp sp2 eng. box to it and then take out its jmp addresses. but if the case is not the same and the victim machine has to be a french version or a german version , or its xp sp1 , it wont be easy to get a dll . the only option which comes to my mind is that I will have to install a simillar operating system in my vmware and then get the dll and then get the jmp register . this sounds prety crazy . If there is a Linux victim and then I would need those DLLs . Is there a way where I can get a bunch of DLLs ( i mean from a website or so ) .


Is there someother way to find out the jmp esp/eax etc values of different operating systems ??

Thats the problem with written exams !! There are times when multiple answers are said to be correct but you have to choose one

Cant say much on that , check out amazon.com and check the comments of readers . Along with that do check out LinuxCBT Python Programing edition ( Video Training ) . I dont think its that expensive .

Is this question from CEH officall stuff ? I doubt . If they are from dumps , I would like to add that never rely on dump's answers .... however you can use them for an idea how will the exam be 

At this point I have started thinking that enrolling for courses like that is a wastage of money , maybe I am wrong . These days we have blogs , and every one starts a blog in someway to let you know several stuff , there are free online tutorials to help you get into action , there are free resources ( even from companies like google ), there are cheap used books on amazon . One can take help from those if he is skilled enough on google and learn a lot of things . As far as crossover query is concerned I would say 4K is too much , maybe I am wrong depending on that factor how much other people earn .


Check out the following links out

hxxp://www.sei.cmu.edu/certification/security/csih/
hxxp://www.eccouncil.org/certification/eccouncil_certified_incident_handler.aspx

Every production network is a critical one , however I consider banks to be more critical since they operate on large scale with lot of policies and offcourse huge investment . In my area you cant get a management position in a big bank or a multinational bank , they need good degrees , experience along with working knowledge of banks infrastructure and banks experience .

My point is that if you accept that IT Asst. Manager role in that bank you could open up doors for yourself into another sector but this time banks . These kinds of sector along with Oil and Gas and Pharmaceutical pays a lot .

When it comes to pen testing I could add that there are certain level of this work .

Q) Do you want to work as a consultant doing pen test for organizations ?
A) Certainly you cant do that since you will need to instruct the officers to clean up the mess and do other things , and instructing people what to work and how to work is not an easy task especially if you are dealing with disgruntled employees . This leads to a lot of frustration several times .


Q) Do you want to be a hobbyist ?
A) Yes, you can ... you can enroll for great online courses available through various organizations and test these stuff in your own network , which would off course sharpen your skills when it comes to security .

Q) If I decline this offer , would I get a pen testing job ?
A) After several companies came up with a lot of real time courses there are a bunch of young people having good knowledge in that area so the competition might be tough in your area .
NOTE: These young guys dont have good experience which is required to work on real world . They just can be good at certain points .


There can be other lot of questions you would like to ask yourself before taking a step . I cant give you a personal opinion since I dont know whats your background , years of experience , age , degrees etc.

I hope this helps

Have you emailed them (elearn) regarding this ?

When anyone talks about hardware firewalls they doesn't mean that there is no software with that box . Lets take a Cisco PIX/ASA or Juniper SSG , they do have propriety softwares included with them . On the other hand software based firewalls would mean linux based firewalls or simillar products ( they can also be appliance based )  .


In my opinion the statement is wrong since hardware based firewalls does not operate on x86 arch or similar and thus are harder to penetrate . Also hardware firewalls offer better performance since they are made to work for specific purpose and not for hosting email servers or proxy servers etc , which we can do it with Linux or any other operating systems.

Has anyone worked on this ?

http://exploit.co.il/hacking/exploit-dev-tools-finding-bad-characters/

or are there simillar tools avaliable ?

Yup ... but who knows , everybody knows illuminati has something related to the secret society and all that blah blah stuff , so it doesnt by any means looks good if NSA is associated with it or someone is trying to associate it . NSA should and look like a defence organization rather then a secret one along with its staff members . I hope NSA looks into this matter and contact godaddy or if they are already looking at this matter and doing nothing then I think they have something to do with illuminati .


my 2 cents 

Havnt gone through all these but looks cool !!


I think you are going to get email from companies like EC-COUNCIL soon to stop what you are doing for an amount of payment !!!  

First of all welcome to EH . Since you are starting your career I would like you too watch the market closely since there are quite some problems with jobs out there . I know couple of people who are doing OSCE or other related certifications who are idle or doing just basic level jobs .... when it comes to the job market you should know a couple of things apart from OSCP course outline . So you must keep this thing in mind because there are a lot of people jumping into this with a hope they would be able to support families nicely which is wrong I believe .


When it comes to OSCP it is a certification with some excellent technical stuff , the prerequisites mentioned are not much in the website but I must tell you that there are couple of knowledge required to go through this including but not limited to Linux, DNS , DHCP , Firewalls , Python/Perl ( optional ) , tcp/ip , content inspections, assembly . Having knowledge of these stuff will help you go through the course easily since these things are normally covered in the dark side of networking . I would also like to add at this point that OSCP is different then other courses where they wont teach you how to perform all task , rather they would just give you an intro and you need to do a lot of research . Research is not that hard but since internet is changing day by day and there are new things popping up each day there are times when solutions doesnt works or scripts dosent works etc. so be prepared for that


When it comes to certification I would highly recommend the Security+ by Comptia depending on the factor where you live since Comptia is much recognized in USA and other Europe rather then Gulf region . There days there are couple of free stuff coming out on almost every topic ( basic - intermediate ) , so you can check them out even using youtube or google videos for reference which would save you a lot of $$$ . Having some Cisco Security , Juniper Security , Microsoft Security certs along with OSCP helps since you need to think out of the box when learning in this course . And there are more jobs of Deployments products and would make you one day a sucessful Network Engineer .



I hope this helps

Thanks for the info.


mod: copy to tuts section

do try Maltego v3 Community Edition ...... its awsome