I agree - It's more for recon than anything else.

If you come across anything let me know, I'd be interested in it.

Matt

I'm looking for a way to dump a listing of all the "Friends of Friends" on Facebook for social engineering. Does anyone know of a tool, service or API that I can use to accomplish this? Knowing the "Friends of Friends" on an account can allow you to see into other data or be given more access to users of interest.

I was thinking that Maltego could do it, but I can't seem a way to go the next step and find the Friends "Friends" data. The first level of Friends is easy.

Thanks,

Matt

Hello all,

I'm having an issue decoding some SQL injection attacks. I've put them through a few decoders, but haven't come up with anything that makes sense.

Has anyone had any luck with certain tools or sites that assist with decoding? I've tried a few, but was curious of your experience on doing this. Sometimes I see things are encoded multiple times.

Matt

Ziggy,

Thanks for detailed response. I'm leaning towards the vLIVE right now.

Matt

Hello,

I've taken onsite instructor lead SANS courses in the past and I'm thinking about taking my first vLIVE course. Has anyone ever taken a vLIVE course and would you recomend it?

Thanks,

matt

Thanks, Docrice - That was very encouraging. Looking forward to the course!!

Thanks everyone for replying - I'm definitely going to take a shot at the course and the exam.

The links were very good too. Looking forward to it!!

I would like to take the exam if possible, but at the very least take the course.

Are there any other course you would recommend? This one looked very interesting and my job would be paying for it.

Quick Question - I'm looking to get much better on web application security and I'm currently doing WebGoat on a home lab.

I'm responsible for working with developers and scanning websites at my job with external vulnerability scanners.

My question is that I'm not a "developer" and would taking the GWAPT test be way too over my head? I recently passed the GCIH exam and wanted to take something that would give me a better understanding of XSS, SQL injection, etc.

Thanks

Thank you!!

Please excuse my ignorance - I'm assuming that this is going to be installed as a local transform.

Would you be able to guide me in a few of the steps or some documentation on installing this local transform (if this is what I'm suppoused to do).

I've been searching the internet, but haven't found a decent example of which files to use in github, etc.

Hello everyone,

I've just purchased Maltego v3 and I must say, it's pretty awesome!!  I actually noticed the article on this site http://www.ethicalhacker.net/content/view/324/2/ and was attempting to duplicate the results.

It turns out that I don't have the [social network membership - rapleaf] in my transforms. I searched the transforms in my install and didn't see it. I also discovered transforms and it didn't show up.

I'm not sure if I have to register this first before it shows up, but the link is broken too.

Any suggestions?

Okay, I recently took and past the GCIH exam and I'd like to take the CEH test in a few weeks. By studying for the SANS GCIH exam do you think I'm adequately prepared for the CEH exam?

Any areas that I might want to focus on? Also, do you recommend the CEH 7 or 8?

Thanks

Hi Musedev!! I took the GCIH exam last week and wrote a blog post regarding my preparation in passing the exam. Hopefully this answers some of your questions:

http://www.frontlinesentinel.com/2012/12/passing-sans-sec504-hacker-techniques.html

If you have additional questions, let me know.

To be honesty with you I was going to attempt the following this year:

1. CEH
2. OWSP
3. CISM

If I'm able to I'm going to attempt the CISSP or a course to take it by the end of the year or earlier next year.

Regarding the CEH how difficult it is compared to the GCIH exam?

Recommendations will be vary greatly depending on if you want to be a pen tester compared, or if you want to go into management, or if you want to do something else entirely.


Currently I'm an engineer, but would like to work my ways towards more of a managment position. Does this help?