Chris G's method would be great, I'll have to add it to my list.  Google + site's domain name would be another way. 1 search google for just the site, 2 search google for just the @domain_name.

I think the big question is though, why do want the email address?

From a pentest perspective, I could see collecting the different email addresses for trying to get possible log in names, or people in the company to try and impersonate for Social Engineering.

From a security standpoint to see if people are spoofing your comapny / found an open relay.

From a non-security related world, the only legal reason I could see doing this would be for an EECB (Executive Email Carpet Bomb). http://consumerist.com/259713/how-to-launch-an-executive-email-carpet-bomb

There are other methods, if I recall correctly, covered in Hacking for Dummies. But you really should only try to get email address for ETHICAL reasons. Spamming people is bad. Trying to get the information for just showing of is bad too.

Ryan,
Are you running backtrack as a virtual machine, or on a dedicated computer for this class?

I use Cisco MARS at work, even have a few books on it at home, but have found the the web interface and the over all control of it kludgy. It was in place before I started, and it became mine shortly there after. It's better than nothing, but sometimes I wish it could do more. (or I knew how to make it sing and dance the way I want).

We've used Helix 3 for a couple of issues at work. They were internal issues, that did go to legal. (It's also what started me down the path that has lead me here).

I'd love to get my hands on EnCase, and learn more, but I'd probably have to buy it myself. I don't know how well Helix works compared to EnCase, but it's worked for what we've needed so far.

I used my Safari account and started reading the 2nd edition. I've only got a little way in, in the first part of the book (first 2 chapters down). Kind of wish I bought the second edition now. So far it's been an easy read. I expect that to change in part 2.

Really enjoying the book though. Even if I do finish it before 3rd comes out, I'll probably buy third and read that too.

Not as paranoid, I know about word macros and the easiness of having the word doc do other things. The pdf as an entry vector I don't know about. Doesn't mean it doesn't exist, just that I have more to learn.

Does he ever release in PDF format? Call me paranoid, but I don't like downloading .doc files from the interwebs.

That review guide was one of the books I was looking at. I was looking at the deluxe study guide and another book that makes up the study pack (With the regular study guide). I checked my local library and they have very few books on the subject (read none on sec+).

As for scheduling the test for a month out and forcing the study, that didn't work with my CCNA the last time I took it. I kept pushing it out. Didn't study well either, and never had anything hands on (it had been 4 years since I touched a switch or router at the time). I even had a job depending on me getting my CCNA and still managed to fail because I didn't take my study seriously.

When I'm serious about studying, I can do even the boring parts, just takes forever to read.

Kevin,

With all the free virtualization software out there, I don't think there is really much reason to dual boot anymore.

Just my 2cents.

I've been thinking Sec+ might be the right place to start for me, for my first security cert.

Curious what materials did you like, and which ones did you think were not worth the price when studying?

*edit: and of course being excited about picking someone's brain on learning materials, I forgot to to say congratulations.

Actually, that's from a couple of months ago. The slide share link is new, but The Consumerist had a link to the PDF in April. I vaguely remember seeing it last year too, but I could be wrong on that.

4sh

I wouldn't want to be responsible for it getting out and causing problems elsewhere either. I think what I'm interested in is:

1) what is making it so hard to clear
2) what kind of things to look for on a network that indicates it's there (original detection, in general)
3) What this bad boy is using as an entry vector
4) what your test environment is like

If I was setting this up, which I lack the hardware for at this time, I'd do a chrooted virtual window's box on a system I don't mind destroying the hard drive out of afterward. Although that seems a little expensive when I think about it (constantly going through hard drives).

What's the best way to get involved with a local DC group? I tried to join a local Perl Monger's group once, but they hardly ever met, and when they did, they wanted to focus on showing off what they (the host's company) was working at the time. (*edit: turns out the local DC is no longer DC, it's now ArbSec...)

I'll also remember to shop smart, shop S-Mart.

Some of the stickies are pretty good for where to start.

I think the big question is what are you looking for? For example, my interest is in making my networks stronger than doing pentesting. From what I've read here, I'm leaning toward reading hacking for dummies, follow up with Sec+ for an intro-cert and then follow up with C|EH and OffSec.

(note I've got a lot of the same stuff you do skill wise, just lack any current certs, but doing IT for 13 years).

Not going to ask for a copy, because I fall under the new clause. I wouldn't know what to do with it if I had it anyway.

I'm just wondering if it would be possible to make some kind of training document from what you do with it?

I know, I'm asking a lot. Just looking for good ways to learn things, from people who would know what they're doing.

awesec, what's your native tongue?