Wow, thanks for the quick response guys.

This was kind of what I was expecting, that it is down to preference. I have not yet used Core Impact, or GFI Languard, so that is probably my next step. It seems like to get a good, repeatable, technique going for logging this info you would almost need a virtual enterprise environment that you could just build and disassemble at the stat and end of a project.

Hayabusa, you also raised another interesting point about storage of such data. I know you don't want to give away your methods, but I would guess people use HDD in safe deposit boxes but then you have a constant overhead, so a safe maybe? any online storage would seem too risky.

Don't want to pry, I'm just interested.

Not being a pen tester, I have been wondering how one would keep track of the information gathered during the test.

The way I see it, there is always the possibility of needing information you have gathered for legal/forensic reasons later so I imagine the amount of data kept and it's integrity should be high.

Not only that but there is tons of information to sift through on Google, etc.

Where would you keep and collate this? Is there a tool for this sort of thing? Do you just create a new SQL database every time? do you need to use a keystroke logger on your own machine plus some kind of mitm logger on the network? 

That is actually quite a lot of questions, sorry. 

Hi everyone,

I recently passed my CEH exam and am looking for some work experience.
I currently work as a network security engineer, and as such deal with the blue team all the time, but I am looking to get some experience as red team, pen testing, what ever. I have a few hours a night to offer and don't wont to be paid, I just need to get to grips with the everyday side of the job, like writing reports, collating data, whatever. I really don't mind doing the grunt work, but I do need to be learning.
I live and work in Christchurch, New Zealand. There are no companies I can find locally to help with this, so I am putting it out to the community as a whole.

Anything would be appreciated.

Breeze

Ha ha ha, Thats funny man, I went to the site and was like, what is this guy on about, then I clicked the button. Classic. 

W3bWarl0cK: I have asked this question before many times and got what I thought was just a pile of l337 anti-n00b trash, but actually it is true.
Nowadays there are so many books, sites, videos, that you just don't need to. What you need to do is obsess, read, watch, stalk also twitter is huge for infosec at the minute. Another thing to do is find people around you either in security or with security interests, meet, talk, and drink (a lot.)

A good source is mubix' recent blogs, and also THIS site.

Thanks for the support guys,

I am now woundering where to go next with my qualifications.
I would like to go for the CISSP, but I don't know much about the exam itself, I also don't work with anyone who could endorse me.
Also as Penetration Testing is where I want to be I don't know if it is realy a useful cert to have.

Does anyone have any views on this exam?

Just thought I would drop a note to say I just pass the CEH exam with 92%

Like others before I read loads of books, from official guilds to Kevin Mitnick’s books on social engineering and the Hacking Exposed books.
I then bought the Preplogic test exams and found them really poor. There were major mistakes on the questions and they were also very ambiguous.
After another recent post to this site I also got the Pass4Sure questions as well and found them to be much better. So I would definitely not bother with Preplogic again.