I'll second this.  The sample you provide is insufficient to determine anything about either the algorithm or the keying material.

That being said, rolling your own encryption algorithm is always a bad idea.  Correctly implementing existing encryption libraries can be difficult (ask the Debian team).  Getting your own algorithm built from the ground up is MUCH harder (and likely to be an epic fail).

I'd be interested as well to hear your experiences with the CEPT.  I'm equally interested that Infosec Institute is even still in business considering the plaugerism scandal last year...

FWIW, I downloaded the image and extracted the zip file.  This creates multiple .7z files (a multi-part 7-zip file).  Use 7-zip (free) to put them back together.  The whole process took maybe 5 minutes and was far from rocket science.  No offense, but if you can't reassemble a multi-part archive, even hackme bank is probably a little too advanced for you.

Sorry to resurrect an old thread, but for what it's worth, I got my RHCSA for RHEL6 earlier this year.  I'd have taken the RHCE, but my company was only paying for the RHCSA.  In any case, the exam was hard but fair.  I don't know if I'd even bother with the Linux+ exam on my way to RHCSA.  And now RHCSA is required for RHCE too, so in either case you're stuck with it.

The exam is 100% hands on, which means that you have to know your stuff (I passed with a 100% score, so I've got it covered).  I'm obviously bound by NDA, but I'll say that if you are planning to take the exam, you need to prepare by learning what is and isn't in the man pages on a default RHEL6 build.  Memorize what isn't and know where to find everything else.  Also, knowing how to get a broken system to the point where you can actually use a man page is probably a good idea....

CEH is great for HR only.  When I do technical interviews, I always ask CEH certified folks how they feel CEH has prepared them to work in security.  Those with other certs (who are on the level) usually tell me that it was a cake walk compared to cert X (besides say A+).  Those who only have the CEH regularly tell me how difficult it is and how they are totally prepared to audit, hack, or <insert random security buzzword here> my networks.  These people seriously oversell the certification.  Bottom line, book knowledge doesn't get you anything in security unless you can do it and CEH doesn't measure that.

I agree that OSCP/OSCE is the way to go.  I took the OSCE course and couldn't be happier.  I am yet to sit for the certification due to an insanely busy year, but will certainly hire those that have it over those that have CEH.

No offense, but a secret clearance doesn't really mean anything.  It sure doesn't cost 60k to fund one.

The cost of living at Ft Huachuca is near nil and you are competing with MI instructors with TS clearances and 20 years of experience.  GD underpays everywhere, but in this case 30k is a gift.  If you don't take it, someone else will.  IF you have real skills and want to make money, move to DC.  Of course you can't buy a house there....

Amen to family time.  Merry Christmas all!

Sorry dude.  I can't take 30+ minutes of Arabic to see what you are doing to "bypass KIS".  If you are talking about encoding, migrating processes, or simply killing the AV, I'd hardly call that a bypass though.

If I only I spoke arabic, this would be a great resource.  Can you point me to the specific point in the video where you are bypassing KIS?

Interesting non-coordinated disclosure of UAC bypass.  Any takers on how long this takes to get into metasploit?

http://www.codeproject.com/KB/vista-security/uac.aspx

Again, assuming I can get a ticket I'll be there as well.  I was working on a presentation for the conference but school got in the way and somehow passing became more important than presenting....

It sounds like you might be trying to detect illicit software installs on your client machines.  There are much more reliable ways to do that than using a firewall.  Look at client side solutions to protect the endpoint.  These are much more reliable for detecting the sorts of changes you mention.

Reading comprehension ftw:

So the computer has RAS enabled so dad can help out when he's not around...  he doesn't need to be an NSA cracker.  He doesn't even need to be able to hack his way out of a paper bag.  He has access to the machine.  Full disk encryption won't fix that.  It won't even help.

If you are worried about him on the computer, get tech support somewhere else.

Edited:  fixed copy paste error induced by writing response from my droid....

So I'll come full circle with my pricing guess-stimate for this type of work.  When I said $3k, that was a floor value.  I wouldn't expect anything less than that.  If you are doing your own pentests as an independent contractor, you have to cover your E&O insurance, business overhead, time lost negotiating and drawing up a contract, legal fees, etc.  To reflect on what H1t M0nk3y said, I don't think I'd take a week long test as an IC for $3k unless I were desperate for work.  Of course I've got full time job and as much side work as I can handle, YMMV.

One thing I would advise against is doing any pentesting as an IC without having insurance.  Either that or get incorporated.  Anything else and you stand to lose your shirt if something goes wrong (and eventually it will).

Do you need a pen test, a white box code security review, both?  Do you need someone to hit the webapp from the outside or assess the security of the DB server on which the data resides?  They are very different things with very different pricing structures.  I sounds like you want the webapp tested from the outside.  That is cheaper than paying for code review since you can exploit an application without having to understand the code (much larger talent pool for that).  On the other hand, if someone can exploit your service, do you want them to be able to explain how to fix the problem?  You get what you pay for.

That being said, I don't do much webapp stuff and when I do pentesting I'm paid as an independent contractor to do specialty stuff.  I don't know the going rate for general pen testing or the whole package since I don't often interface with the customer.  I do know what I get paid though so I would guess you aren't getting out with any quality testing done for under $3k.