I use VM mostly, Live CDs stop spinning while im researching stuff and I need activex or flash, ect.

I have never completed a HDD install but I still hope to 1 day...

While I have no idea what a NDR bomb is, I was going to ask the same question. I would assume the users computer was infected, possibly with a trojan horse... Now that I think about it, even that isnt required. A hacker could create a malicious file with the PST extension. That doesnt require any penetration of your network, just knowledge of valid usernames. Although I assume someone has opened the file win which case we are back to trojan.

Agreed, the Sec+ is a great place to start, and you're almost finished! if you need any help, we'll be glad to assist!

I don't know if many of you are aware, but elearnsecurity has a you tube channel! On their channel, they have been gracious enough to give us 1 free pentesting video per week!

So after finding the channel and napping for a few hours (long day at work) I decided to fire them up, take a look at the product. I will state up front, I do not know if the videos are from their PTP course, but they are good either way.

The first video is eLearnSecurity - Sniffing and Cracking with Cain & Abel. The video shows us from start to finish, how to perform ARP Poisoning, sniff passwords off the wire and crack them, all from within a free program, the notorious C&A. Now personally, I have never usd C&A, assuming it to be outdated, and of course, not looking to see its uses.

he first thing we see is a screenshot of the current lab setup, a great idea since I was highly tempted after watching this to fire up the lab and see what I could do. I noted somewhat humorously that the attacking computer is an XP machine, and the victim is BT4 R2... strange, but I understand the need for simplicity.

A few notes on this video. Personally, I prefer to hear an instructor. This video was good quality, and I didnt have a hard time following, but in some videos, it can be an issue, plus instructors often can add additional info about how the attack is being carried out.

I would have liked to known how CAIN scans the network for MAC addresses, is this something that would be commonly detected by IDS/IPS?

We were able to see some password cracking using the 3DES hash from the VNC session, where my question is whether we can specify our own dictionaries or tables to be used. I assume so.

Outside of that, I had no questions that weren't solved with quick wikipedia searches. All in all, good video. 9/10

Video 2 is Building backdoors with msfpayload - Part 1 not much to say here but awesome video. I probably would have shied away from something with building and payload in the same sentence, fearing it would be too advanced, or require coding, but my fears were quickly put at ease.

My only real question with this video was payload delivery, it would be nice to see how we can get the executable on the victim machine. 10/10

All in all, Im suscribed, and I cant wait for the next video. If this is any example of what is in the PTP course, all I have to say is I hope there are plenty of videos.

Almost forgot the URL, http://www.youtube.com/user/eLearnSecurity

enjoy, and share your thoughts here!

Not a bad thing to have in your pocket... >

I think Hero Member is an appropriate title for Don.

Thanks for the review, my question would be, is there a prerequisite level of knowledge you would suggest before this course, especially in reguards to Web App testing, I saw you mention SQL, ASP, PHP. Is it advised to have knowledge of these beforehand, or is what you need to know taught?

Thanks for your review, let us know how it turns out for you!

Congrats awesec, and good luck!

Cant wait to hear your review!

I would say so, please keep us updated!

Hi, i'm studing for the CEH, as you may know, and at the moment I am building a windows based attack machine and later a linux based attack machine.

I realize that many of the tools discussed in CEH are designed for use on or against older systems, but I was wondering if anyone can point me to a list of free tools for each phase of the hacking process, for windows, and then for linux.

Until now, I have been going through my videos and noting and downloading as I come across them, but it seems as though with some phases, free tools are not listed, or are not ported to windows.

Any help would be appreciated.

Happy Holidays!

Very interesting, I would love to hear some info on this. Maybe someone should file a FOIA request, see what happens.

He may be referring to vulnerability scanning. Many companies perform scanning, but do not allow full on penetration testing.

While in my studies, I came across a reference to a SNMP enumeration tool called SNMPUtil. A quick google search allowed me to find the tool, but it appears to have been made on Windows NT... I am not sure if this tool can run on modern systems. ist there an updated version? Or is this a case of it still works great?

We cant, and they will. But until people are willing to get more involved in the daily political process, and demand action on our will, we will continue to see fear ruining our society.