Agreed, Ketchup!  I have a number of their books in my library, already - up to and including the latest Thomas Wilhem book "Professional Penetration Testing: Creating and Operating a Formal Hacking Lab" (which is already in discussion in another forum post  )

Maybe I'll have some time, for a change, to be one of the higher-count posters, and win this one.  The books would come in handy in my reading collection.

Regardless, thanks to Syngress and EH-Net for yet another good contest prize!

You can pretty much learn any tool without 'professional training'  However, the drawback is you have to measure the time to research and learn the tools against the time it might save by learning them from a professional instructor, or in a formal class setting.  What you'll need to do is to do some analysis and spend some time really deciding on which approach is best suited for you. 

If you're capable of self-study, and have a nice lab setup that you can 'play' against, then by all means, it can be more affordable to study for yourself.  If you learn better by watching and listening to someone else (if you're more of a senses learner than a reading learner,) then you would probably be better served attending a bootcamp or more formalized class.  Being that you're pursuing your degree at UNC, I'd be willing to bet you know your best-suited learning style, and comfort zones, and will probably make the best choice for YOU! 

As for tutorials, if you browse the site, there are plenty of links to sites where tutorials abound.  De-ICE and other pre-built distros exist to 'hack against' and learn with.  (implied search hint here for the EH-Net forums )

Good luck, and as you find more to play with and learn, feel free to continue to ask.

Nice job, kennut.

Thanks for the info on how you studied, as I'm sure it'll help others.  And as others have said, you never stop learning, so even if you didn't get the paper, it's all worth the time to stay on top of things. 

Congrats again!

There are many avenues you could pursue, dependent upon where you want your career to go.  Additionally, if you're looking for what may qualify for course credits, etc, you'd obviously need to check with the university.

That said:

If you're looking for management style, or overall infosec, you might look at CISSP, CISA / CISM, etc.

If you're looking to be more of the proactive, penetration testing / malware analysis side of things, you could look into the follow-up to CEH, the ECSA/LPT.  You could also look at the OSCP, or look into the SANS security certifications, such as the GPEN (SANS 560)

If you're looking for more of a law-enforcement, forensics side of things, you might pursue something along the line of the CHFI (Forensics Investigator) or others of that nature.

It's all dependent on what you want to do, etc.  I wish you luck, and you've found the right place to ask the questions, so fire away, and we'll all be glad to discuss!

I've not had issues with mine, either, and it's been performing up to snuff with the pre-... so not certain what you might be running into.  Perhaps looking at the log files might help, to see if there are any erroneous errors?

I don't think it's been announced, yet.  I know, from past challenges, there's usually a couple of week delay from contest entry end to results.  (and I KNOW Ed stays plenty busy, outside of the challenge creation / judging, too)  So I wouldn't be suprised to see the results sometime in the next week or so, but that's only MY speculation.   

On that note... wonder how well it'd run on my oQo...  That could REALLY be a handy way to do my wireless testing...

Immunity's stuff has always been top notch.  Dave Aitel and company really put in a lot of hours to come up with the solutions they offer.  I hadn't taken the time to look at Silica before, but now I'll have to.

I'd already been working on some custom scripts and tools for my own usage, but if Silica works as well as I'd expect, coming from Immunity, I might just cough up the cash and go with theirs, myself!

That's what we're here for!  Glad it worked BillV.  Sometimes, MS makes things easier than you think, if you just have a little insight and some spare time...

Have a great day!

Personally, I'd still try the reboot, and see if the registry change does the job.  As Ketchup said, service changes in the registry tend to require reboot.

Keep us posted, BillV.

Top of my head, no, but if you have another 'similar' server, you could essentially try to use sc.exe from a command-line on this server (http://support.microsoft.com/kb/251192) and try to kill and recreate the service.  Might even be able to do it from safemode.  Only other thought I'd have would be to boot to a linux cd / dvd (http://www.pcregedit.com/) and find / manipulate the key from there, since Linux doesn't really CARE about windows permissions, much!  <evil grin>

 

I'll 2nd and 3rd the comments above...  (I'm 37 with 4 kids, and have been there, done that... ;-) )  If I can be of any help, feel free to IM me on here, and we can chat.

Tim
(Hayabusa0194)

Nice, bamed...    lol!  I've been Hayabusa for a long time, but someone took it on a lot of my frequented sites, so I just appended 0194 to it, for randomness, sometimes...

Public wifi hotspots?   So they mean to tell me that using tools like Ettercap and SSLSTrip, they won't have folks doing mitm to grab GMAIL data, if they really want to?  I'd agree it keeps the general public from 'stumbling' onto data, but it certainly doesn't take a rocket scientist to bypass a simple ssl login scenario, particularly at a public hotspot.

Don't get me wrong... I guess it's a matter of general security, and thus, for the average joe, probably a good thing, but really, I wouldn't tout it as a HUGE security remedy.

SSL, by itself, isn't a very solid, promising safeguard, to me.  For instance, many of these sslvpn types of scenarios which rely solely on a username and password...  Let me sniff that with one of the tools above, and I now have your vpn login credentials.  However, if you ADD something to the mix, say a secureID token or something, they MAY get your username and password, but are mush less likely to get into your account using your login, as now you've added the necessity to possess the token, to be able to pass the proper key with the credentials...

I'd agree with BillV.  While CEH certainly may not be a management credential to hold, if you're truly looking for a better understanding of the concepts, it certainly wouldn't hurt to at LEAST self-study it, even if you don't pursue the certification at the end.  Just studying the materials, if you truly do some Googling, etc, in the process, will lend a lot to your overall awareness and knowledge of the topics covered in the course materials and in day-to-day security 'discussions,' even if you never truly understand the underlying pieces of attacks and penetration tests.

Good luck, and welcome.