 |
| |
| |
|
Who's Online |
|
We have 31 guests and 1 member online |
|
| |
|
|
 |
|
EH-Net
|
|
May 25, 2013, 12:18:59 AM
|
 Show Posts
|
|
Pages: 1 2 [3] 4 5 ... 40
|
|
32
|
Resources / Career Central / Re: Feeling rejected and dont know what to do.
|
on: April 13, 2012, 02:09:12 AM
|
If you aren't already using LinkedIn, start doing so  agreed, but there are some exceptions to this rule, i managed to do fine without linkedin, facebook and all those other social media thingies. perhaps spicing your resume would be an option, mention what you do in your free time (i for example am active in the local 2600 chapter, volunteer at several conferences and give lectures at schools and hackerspaces, i even paid for some of my certificates.) now not all of these things might be work related, but sure show HR how motivated and active you are in the security community... |
|
|
|
|
34
|
Ethical Hacking Discussions and Related Certifications / OSCP - Offensive Security Certified Professional / Re: My OSCP review
|
on: April 13, 2012, 02:00:50 AM
|
One more thing I would like to add:
there is a lot of self learning involved. Its a very good idea to go through videos on securitytube and g0tmilk's blogspot site. I also found it useful during labs that, when I was suspecting a particular weakness existed but was not able to exploit it, to go on youtube/security tube and search. A lot of times someone would have made a video going through the attack steps for a similar situation, or I would find tips on how to approach the problem eg a tool in backtrack I had not tried before, but which could be used in that situation.
g0tmilks site is really good for a newbie to see how a hack is carried out (with good music in the background !) It helped me to visualise how I should be approaching targets in general. corelan.be is good for buffer overflows if you are interested in the topic. I had done the tuts on this site before I had heard of OSCP, purely because i was interested in BOFs and it helped me understand the OSCP lectures faster.
One thing I would have liked more in the lectures was more emphasis on privilege escalation. I guess this is where sys admin experience, of which i had none, helps. g0tmilks site has a huge list of things to check for privilege escalation, on this forum Sil has a great post where he has detailed the things you should look out for as well.
one thing i find really good about the course is the buffer overflow part, it is well explained and documented and takes you through the process step by step, unlike other parts, but those you can figure out by yourself like you stated anyway thanks for the writeup! |
|
|
|
|
35
|
Ethical Hacking Discussions and Related Certifications / Wireless / Re: Alfa AWUS036NHR
|
on: April 13, 2012, 01:57:02 AM
|
I recently bought an alfa R36 which can be used as an extender/repeater with the AWUS036NH, which also works great! I have been looking at the R36 for when I get home, glad to hear that the driver issue has been fixed. jup, it has been running non stop now for a couple of days, finally internet upstairs, these walls here are made of solid steel or something :S |
|
|
|
|
37
|
Ethical Hacking Discussions and Related Certifications / Wireless / Re: Alfa AWUS036NHR
|
on: April 10, 2012, 08:04:57 AM
|
|
i was looking at the specification of this new adapter, but i can not seem to find any good reason to get this one over the AWUS036NH, or am i missing something?
I recently bought an alfa R36 which can be used as an extender/repeater with the AWUS036NH, which also works great!
just some experience i want to share what i have had with alfa network:
at the time of purchase the R36 did not have compatibility with the AWUS036NH. i emailed them if they had any idea if this would be supported and if they had an ETA on the drivers that would support the AWUS036NH adapter. i received an answer within 24h (even with an apology for the delay because of the chinese newyear, now i dont know if my standards are low, but a reply within 24h is fast in my opinion) that the drivers would be released within the next few months. after a few weeks the updated driver was released and announced on their website. For me there is no substitute for alfa, i just love their products and the quality is excellent.
|
|
|
|
|
39
|
Ethical Hacking Discussions and Related Certifications / General Certification / Re: OSCP and Pentesting 101
|
on: April 10, 2012, 07:50:12 AM
|
|
great post, i remember someone saying that pentesting consists for the most part of waiting. This is only true if you truly master the skill, and by that i mean automate, automate and automate...let the computer do the work for you and use the fact it can multitask like no other...
some other tips:
try to separate automated scans. Sometimes tools get in eachother way. An example from my experience is that nmap and nessus can be working against each other during UDP-scans.
Talking about nikto, sometimes tools provide you with false positives (which is perfectly shown in the ubuntu/freebsd example) so NEVER trust the output of tools blind, always perform a manual check or use a second/third tool to confirm.
|
|
|
|
|
41
|
Resources / Links to cool sites. / Re: Course review - "Codename: Samurai Skills"
|
on: March 22, 2012, 03:33:14 AM
|
|
Thank you Hayabusa for this review. At first i was a little sceptic about the course (they just keep popping up everywhere nowadays) but this review gives a good picture of the quality of the course. Also the fact that they listened and implemented your advice gives a good feeling about the guys that made the course. The only thing i did not like is that i have to add ANOTHER course to my list, hehe...
|
|
|
|
|
44
|
Ethical Hacking Discussions and Related Certifications / ECSA - EC-Council Certified Security Analyst / Re: ECSA exam: required modules?
|
on: March 14, 2012, 08:23:37 AM
|
hmm, that is what i thought, but some research got me the following information: http://eccouncil.org/courses/exam_information/ecsa_exam_412-79.aspxThe Exam 412-79 tests ECSA/LPT candidates on the following 35 domains.
Module 1: The Need for Security Analysis
Module 2: Advanced Googling
Module 3: TCP/IP Packet Analysis
Module 4: Advanced Sniffing Techniques
Module 5: Vulnerability Analysis with Nessus
Module 6: Advanced Wireless Testing
Module 7: Designing a DMZ
Module 8: Snort Analysis
Module 9: Log Analysis
Module 10: Advanced Exploits and Tools
Module 11: Penetration Testing Methodologies
Module 12: Customers and Legal Agreements
Module 13: Penetration Testing Planning and Scheduling
Module 14: Pre Penetration Testing Checklist
Module 15: Information Gathering
Module 16: Vulnerability Analysis
Module 17: External Penetration Testing
Module 18: Internal Network Penetration Testing
Module 19: Router Penetration Testing
Module 20: Firewall Penetration Testing
Module 21: IDS Penetration Testing
Module 22: Wireless Network Penetration Testing
Module 23: Denial of Service Penetration Testing
Module 24: Password Cracking Penetration Testing
Module 25: Social Engineering Penetration Testing
Module 26: Stolen Laptop Penetration Testing
Module 27: Application Penetration Testing
Module 28: Physical Security Penetration Testing
Module 29: Database Penetration testing
Module 30: VoIP Penetration Testing
Module 31: VPN Penetration Testing
Module 32: Penetration Testing Report Analysis
Module 33: Penetration Testing Report and Documentation Writing
Module 34: Penetration Testing Deliverables and Conclusion
Module 35: Ethics of a Licensed Penetration Tester which seems quite a lot for "just" 50 questions, that is less then 1 per module! |
|
|
|
|
45
|
Ethical Hacking Discussions and Related Certifications / ECSA - EC-Council Certified Security Analyst / ECSA exam: required modules?
|
on: March 14, 2012, 03:55:50 AM
|
|
I'm looking in to taking the self study road to getting myself ECSA/LPT certified, but i'm a little lost: i already figured out that you need to pass the ECSA exam to become ecsa certified, and if you want to obtain LPT you need to submit your certifications of both CEH and ECSA. This is all there is to it, no exam whatsoever, which is a little odd if you ask me.
Now i was wondering about the following: The ECSA/LPT course consists of 47 modules, where the first 11 are ECSA, the rest are LPT. Is the exam based on the frist 11 modules, or are all modules part of the exam?
it will probably be a while before i am going to take the exam, but expect a little review when i do...
|
|
|
|
|
Loading...
|
|
|
|
i like the backgrounds though 
News Items and General Discussion About EH-Net : Change is Coming to EH-Net!!
