Apparently people don't notice the "Ethical" in front of "hacker" on the site.  Considering they don't list the name of the application, is a good clue that it is for illegitament purposes.

And all those resources listed by MaXe are legal. Getting a "hacker" to get you free videos you would normally need to pay for, is not legal.  Plenty of resources just a google search away.

So I have been seeing a few instances of SEP IPS blocking outgoing Blackhole Toolkit traffic out to 12.238.253.103 which resolves to wwb.hollandandbarrett.com.  Anyone know of ways to confirm if this host has been compromised and may be receiving feeds from other bots?

Thanks for any assistance.

Another vote for both.  If you take the GSEC course the CPEs apply to a CISSP.  So either way its a win.  Again if you prefer the more technical content and want to be strong with the skills, go GSEC.  Then grab the CISSP to make HR happy.  The other question, are you currently employed?  And do they require you to have a CISSP?  If they do, then go for CISSP first to make them happy.  Get GSEC to gain some very useful technical skills.

I would expand a bit more on Hayabusa's post.

Script Kiddie: "I runz hAx toolz + I break comput0rz = I'm a 1337 haX0rz"

Real Hacker/Pentester: I run the tool because it does the easy stuff for me while I concentrate more on how to determine my appropriate attack vector without setting off alarms or brining down the system I am trying to gain access too. 

Hackers/Pentesters have a set goal in mind when they are targeting a system.  Anyone can bring down a system but the goal you want to prove as a pentester is the ability to get access to information stored on said systems and then provide this information to the client with intelligent explanations on how it was obtained as well as proper remediation steps to prevent future attacks.  Learn what the tools are suppose to do and when it is appropriate to use them.

HA!  I made it to the single posts, but then lost interest.  I popped through a few and some were valid but either they never got a response or they are fairly new.  There are a ton of zero accounts, then I saw the total number of members and realized this could take a while.  Around page 86 is when you see the single digits.

There are not that many suprisingly.

ha, yeah, that is me.  technically it still is "Triban"   I've been messing with personas and trying to find one that seems to work.  Need to invent something to use if I need to get some "dirty" files from some no so savory places on the net if I want some decent malware samples.

Chrisj, maybe I will mess around with that.  Give me something interesting to do.

Give it a read and give us a review!  

It would be interesting to see all the users who are 1 posts and list their topics.  Bet there would be a nifty pattern.

The thing I like about Info Sec is that there are so many avenues of interesting topics and skills to persue.  This is also the thing I hate most.  My biggest problem is focus.  I will be concentrating on one thing and then I come across something that leads me to branch off it and next thing I know I spent two days working that problem and almost completely forgot what I was working on. 

This time around I am in an Incident Respons position, but more on the investigative side.  Right now I am stuck looking at logs and answering to the mothership when they magically spot something and then it magically appears.  My old position I was a generalist, Security Admin and the responsibilities ranged from patching and AV to network configurations, firewall rule modifcations and a few other duties tossed in for good measure. 

Now I have settled on working on malware analysis, I find it interesting to know how some of these annoying little programs do their dirty work.  Hopefully I will focus on this for a while and in  between things I will work on pentesting skills.

But I would agree the best thing to do is get into a position where you are THE security guy for a SMB.  After you have the ability to play with everything then maybe you will find that one area that you excel in.  Good luck!!

Follow-up, yep definitely against the TOS.  Ok plan B I guess capture the neighbor's wifi and...  nevermind.  j/k.  Guess I may have to ramp up some networking at the house and segment.  I could just go shields up on everything but really don't want to risk it.  I already have some entertainment devices that don't seem all that secure and I would like to segment them off anyway.  Time to look for a new switch and possibly a router. 

Thanks cd1zz, I will see what they say.  No sense putting energy into it if they will just take it down or tell me to kill it.

Has anyone tried this and would it be against their TOS?  I would think it would be a grey area.  I would setup one of these outside of my home network rather than in it.  I don't have the ability to segment in the home network... yet... but figure this might be the best solution if it is doable.

Any thoughts or suggestions?

I always loved the quote/saying

"A student who graduates med school with a C average is still a doctor" or something of that effect. 

Certs help hiring managers and HR feel warm and fuzzy.  It documents that someone is SUPPOSE to adhere to an ethical code in some cases (ISC2, GIAC, etc...).  I agree they are great for helping you get in the door.  I also agree that they help prove that you have taken the time to invest in your career.  After all we should be doing this because we love it not because it makes us good money.  I always like to say that the money is a perk for doing something I love. 

I don't agree with companies forcing their staff to obtain certs just to say our staff is certified.  The only exception are vendor partners.  Many vendors require their partners to hold a certain level of certifications.  If a conulting company is a Microsoft Gold partner, then they need to have a certain amount of MCITPs, MCSEs, MCPs etc...  Now what I don't agree with is making the current employees flip the bill themselves for certification exams and training, reimbursement is fine, but offering to pay for training up front is better.  This shows the company wants to invest in you and your abilities as much as you do. 

My last job the CIO or CEO (not sure who made the ultimate call in the end) decided that they would take the advice of a hack consulting firm who recommended that they have fully certified staff for their internal tech support.  This prompted a full review of the current operations of the technical support department and eventually lead to the decision to outsource our duties to contractors.  They began by bringing in a number of consultants to "help" with planning our enterprise projects.  It consisted of project manager with a CISSP but no relevant experience related to the projects and another person who again had no real experience.  But hey they are certified so all is well right?  Then they began bringing in consultants to help fill the help desk seats.  Again no relevant experience but they were certified.  Supposedly they had someone coming in experienced with our Patch management system, alas, that was a myth.  Neither of the consultants even heard of it.  2 days later after I resigned, I got a call to work a 2 week contract in the city for the exact system.  I had to chuckle.  So they brought in all these consultants to replace the 8 fully qualified full timers, user issues are falling by the wayside, nothing is getting done and overall moral is crap.  But hey, its ok, they are all certified. 

Ok one more good one, they didn't even vet these consultants, one was coming in stinking like alcohol every day, he was eventually let go.

Certs are important, I enjoy going for the ones that will benefit my knowledge rather than fill a quota.  When I finally did take my first SANS course, I thought it was excellent!  For one it forced me to study, otherwise I get distracted when I try to self study and for two, I got to learn some things I didn't know.  Its also nice to gauge my success and even better utilize what I learned.  Just wish the SANS classes would have some form of student loan program, you are not always lucky to find an employer who will dole out 3500 for a 6 day course.  I also agree that certs do not make the individual.

Hi Satyr, I am actually in the same boat as you.  I am currently going through the cookbook which is pretty decent.  Surprisingly, the Kindle version is decent, the only negative was having to hunt down the DVD contents, but they were easily obtainable using an SVN client and following the site's instructions.  Another decent piece of the book is the prep.  They go over getting a lab setup, some free tools you can use and even going anonymous when you are visiting the bad sites.  Using tools such as TOR and proxies.

I will certainly check out the sites posted here, those will be helpful.

Good luck!!