You're right eth3real, I didn't think about firewall rules (my bad, currently doing 25 push-ups).

So to be on the safe side, I would need my laptop to initiate a reverse shell on port 443 (again, to be on the safe side) and connect to my server. I should test this...

Thanks again

@WCNA: Ok, I didn't search much before posting... But thanks, that's exactly what I was looking for!

Hi everyone,

I was wondering how I could recover my laptop in the event it gets stolen. What I mean is by being pro-active, I am sure I could install a few things so as soon as the thief connects to the internet, I would know where my laptop is.

Of course, I will record the serial number and the keep the specs in a safe place, but what else? I guess I would need a service on my main server and a client on the laptop that connects to it. I was thinking of:

1- Have a secure SSH server (with certificates, etc) on my laptop
2- Have a client application also on the laptop that will "ping" one of my servers regularly so I can get the ip address.
3- Encrypt personal information on my hard drive to limit the lost

If my laptop gets stolen, all I would have to do is:
1- Wait for a ping
2- Once I have the ip, ssh to my laptop and start having fun!

BTW, I have dual boot Linux and Windows 7. So the solution must work in both OS. Last thing, I assume the thief is a regular Joe Blow who will try to surf the internet without formating the laptop.

What do you guys think?

The answer is: it depends!

I will say what I think based on the current rates, in Ottawa, Canada.

1) Contract length
The longer the contract, the lower the rate. If you get a 5 day contract, you can ask $125. But for contracts longer than 15 days, it's hard to get more than $100. The reason is we leave in a federal government city where applying for a contract requires lots of red tape. And since don' don't win everytime, you need to get your investment back in a shorter time frame. This also leads to less competition since most companies won't spend 10 hours responding to a RFP for a 5-day contract they may not win... The short/long contract rate has nothing to do with knowledge, just red tape.

2) Knowledge required
Pentesting a custom application requires fuzzing and maybe writting your own 0-day requires more knowledge than running Nessus. I know, running Nessus is barely performing a VA and is not a pentest at all, but your competitors may bid a very low rate and just do that. The client gets screwed, but for some of them, they don't care as long as they can say they had an external company performing a pentest. I hate that, but that's a reality... So be careful to stay competitive. Pentests cost a lot and many clients think they bring little back to a project, especially if the security was already pretty good. We always have to fight the perception that security is expensive and brings nothing back...

3) Long term relationship
Do you want a one off or establish a long term relationship with your client? If you are relatively cheap and you do a good job, you have good chances to get other contracts with them. So unless you are so busy that you have to cancel offers all the time, you have to consider this.

4) Contractor or employee?
To me, an employee would probably make $45/hour for a typical engagement while a consultant would average $100/hour. And really, at the end of the year with all benefits taken into account, it's about the same amount of money. When you're a consultant, you don't work all the time, you have to train yourself, bid on projects, you don't get benefits, need an insurance, etc. So big differences there.

5) Time of year
In Ottawa, there is virtually no contracts between mid-July until mid-September because managers are on holidays. The best time of year is May-June when it's the beginning of the fiscal year for the federal government. So I would ask a lot less in August if I am out of work than I would in May. Check your region and find out how it works.

6) Are you that good?
I consider myself not too bad, but I am not a superstar at all! If I were to compete against Sil for example, I know I would have to ask a lot less per hour because after an interview, I would stand a chance. He can probably go 5 times faster than me. So 5 days of his work may look more attractive to a client than 10 days of mine... You've got to take this into account. Also, if a pentest requires very special knowledge and you know you have the experience, you may get more than your previous engagement where you didn't know that much. It's tricky.

At the end of the day, if you are a consultant, what you really want is to build relationships with clients and work full time. If you are an employee, you want to learn as much as possible, get lots of experience and... become a consultant! 

I hope that helped a bit.


 

@YuckTheFankees: I wrote the exam without taking the class.

I took the Offensive-Security course "PWB", learned about laws and legal stuff, studied windows based tools and I wrote the exam without problems.

I **REALLY** like the practice exam that comes with any exams from SANS. It will help you spot things you have missed in your study.

Good luck !

Don't be scared by the report, it takes 5-10 minutes max per host compromised. You will get a template and an example, so it's not that hard. It follows this format:

- I found this vulnerability (title of your report)
- This vulnerability needs to be patched because...
- Here's how you can exploit this vulnerability
- I also found these things (open ports, other vulnerabilities)

And that's about it

You only have to write the report for the exam. However, if you are CISSP certificied for example and want 40 CPE, you either pass the exam or produce a report on your success in the lab.

The lab is very, very good. I don't want to spoil the fun, but let's say you can practice a very broad range of attacks. In addition, They have 4 different networks inter-connected.

Good luck!

I agree, if you already have CISSP, CISA and/or CISM, why would you bother with another cert? It won't be recognize for years, if ever.

EC-Council is probably aiming long term with this one, but I agree, they could put their efforts somewhere else...

I agree with Jamie.R

I did CEH before taking PWB and I found it to be a good path. In fact, they complete each others.

Don, how do you get such prizes?

Wow, very impressive, once again. Good luck everyone!

Let us know how you liked the training!

Congratz!!!

Thanks again and again Sil!!

Very good explaination. I will also read your document tonight: http://infiltrated.net/asterisk-ips.html

More questions to come!

Hi everyone,

I am starting to play with VoIP and I have a couple questions for you guys:

1) How can I set up a lab? Is there some LiveCD or VM image I can use? I know installing everything myself is the best way, but I have limited time now and I always like to learn slowly...

2) What tools (free/$$$) do you use for vulnerability assessment? And for exploitation?

When looking at this site, it is easy to get confused... http://voipsa.org/Resources/tools.php

I am asking because I *may* have to audit a network with VoIP soon. Although I will not be the prime consultant for pentesting the VoIP component this network, I really need to know more about this technology...

Thanks guys

These are great ideas.
Thanks MaXe and rance.

Therefore I can get out of any handcuff ! 

I did it to at Defcon  You can tell they aren't made to stop a "skilled" individual.

I wonder which handcuff is the hardest to lockpick...