That's fair enough.

Well this sounds far from good. I was very close to purchasing the course but now I don't think I will, such a shame though as it looked like it had some good stuff in there

It looks like Hayabusa should be providing us with a review soon

http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,8005.msg45931/topicseen,1/#msg45931

Cool, I a looking forward to it hayabusa

The course at http://ninja-sec.com/index.php/samurai-skills/ certainly looks interesting. So if anyone is considering taking the course and would be happy to provide a review that would be great

Hi All

Ok, so I am trying to bypass the validation on a file upload form. It is only supposed to accept .jpg (and may effectively work). The images get uploaded to the webroot so would be great to bypass it.  I have tried changing the MIME type, saving a script as .jpg, I believe you can add the .jpg header to a file which may work, any other suggestions?

Dependant upon whether you need to know the DNS name for each host, I would also use the -n flag which performs the scan without resolving the IP address to hostname. This can often speed up a scanning

Hi Again

Has anyone on here ever done the CCNA via the Open University based in UK? http://www3.open.ac.uk/study/undergraduate/course/t216.htm.

Thanks guys,

I just checked Yersinia and looks interesting

Hi

I want to test the security of VLANs currently in place and would like to know what the best tool is to try and hop from one VLAN to another. i.e. I am on network 192.168.1.x and can see some broadcast traffic on 192.168.2.x, however, I am unable to communicate with any hosts on the 192.168.2 network. Is there any tools that will allow me to do this or at least attempt it?

So I received the book and have been looking through it. I intend to have a good read through it this weekend.

I have to say from a quick glance, it looks pretty good as it has a methodology of how to perform a network pen test.  Its not in depth but certainly think that it would be good for a an internal penetration test or to use as part of an internal penetration test methodology.

Nice

However I don't have access to the server's private key so wouldn't be able to decrypt the traffic . Its annoying as I know there must be a way to intercept and view the traffic as you can with burp, fiddler, webscarab etc but instead with a thick client using HTTPS as opposed to a web app front end

Thanks, I have come across fiddler before. Would it act in a different manner to say burp though as I am unable to view the traffic via Burp in this way aswell. Ideally i would like to see what calls the app makes to the web service, take those requests and replay them using burp repeater to try and manipulate the data?

Hi

Ok, so how can I intercept the initial traffic between a thick client app and end point which uses web services to transfer the data.  The connection is over SSL, however I need a way to be able to view the traffic being sent from the client before on my local machine just before it is encrypted. I have tried configuring stunnel to proxy the connection over https and then configure the app to talk to the localhost and use wireshark to view the traffic, however I cannot get this to work! Any other ideas please?

Thanks

I am considering the CCNA exam to get a good grasp of networking concepts and cisco commands. I eventually want to move onto perform the CCNA security exam, is it recommended to perform the ICND1 and ICND2 if I intend to the security exam aswell?

To confirm, are we saying that the following resources should be sufficient to pass the exam and get a good grasp?

http://www.amazon.co.uk/CCNA-Certified-Network-Associate-640-802/dp/0470901071/ref=sr_1_5?s=books&ie=UTF8&qid=1318021819&sr=1-5

Thanks