Thanks guys! Experience: I have managed network penetration test and network assessment projects. Analyzed several IDS/IPS logs and investigated incidents.
Vuln assessment with nessus, nmap experience.

I have also installed, configured, and managed firewall, switches, vlan.

Thanks H1t M0nk3y but I am not considering moving to Ottawa at this moment.

This is not to brag but just sharing excitement with you guys like a kid would when he has some good news/goodies. So last Wednesday, I received an email from ISC2 informing me that I am now a cissp holder.

Any one know of some one in Calgary, Alberta, Canada that's hiring, please let me know.

I have more than 12 years in the I.T and 5 years spent in the security field. GPEN, GAWN, GISP and passed CISSP exam, just awaiting endorsement.

Thanks,

Bushman

A thank you to though who have responded so far.

However, I should add that I am not really interested in the HR or job hunt certs. I must say that even though all of us would like the pay but I am more into a REALY STUFF! I am interested in skills development, personal challenge and self satistifaction.

Hi guys,

Here are a few certs that I can find with their respective training institutions. They all look sexy and self proclaimed as being the best cert.

CPTC - Certified Penetration Testing Consultant     25421
CPTE - Certified Penetration Testing Engineer     34894
CSTA - Certified Security Testing Associate             3614
GPEN - GIAC Certified Penetration Tester             33170
OSCP - Offensive Security Certified Professional     36097
CEH - Certified Ethical Hacker                             90494
ECSA - EC-Council Certified Security Analyst     29890
CEPT - Certified Expert Penetration Tester            26267

However, the question I have been wrestling with is which one of these ethical hacking or pentesting certifications and trainings truly and genuinely offer the best material in the world? Categorizing them in the best being 1, how would you rank them in term of quality, depth, practicality and maturity?
I have only taken SANS training but have read a lot about the other ones' testimonies, reviews and talk to a few friends who have taken for example OSCP and CEH.

Could any one of you guys attempt to answer this question if you have taken a few of these courses and certs. Please provide some comparisons if you wish on tools covered, instructors' experience, labs setup and etc.

I am excited to hear from you and would like to thank you in advanced.

Hello everyone,

I am excited that I am attending the above mentioned course in Las Vegas, starting Sept. 19-24/11. It will be taught by Mr. Wright, the author of this course and after attending the SANS560 last year taught by Ed and knowing the quality of SNAS instructors, I thought some of you might be interested in asking Mr. Wright some pointed questions.

This is your chance if you had some doubts in regard to certain parts, tools, methods or you are unable to attend this course for whatever reasons but had wanted to ask, please just reply to this post and I will take a bag full of your questions to Josh.

I have read Don's review of this course but it has been a while since that review and I am excited take a critical look if there has been some inclusion of what Don mentioned.

I promise to share his responses/answers with you when I get back. I am looking forward to your responses or suggestions for those of you who have taken this course.


Thanks,

Bushman

Belated news but still worth mentioning.

How I prepared for it.
First, I attended SANS live training last year in Vegas and then bought the bundle for 4 months which gave me a vpn access to their systems to practice/hacking.
Also SANS provides their "ondemand" access for the 4 months which is a recorded training for the course and of course Ed Skoudis is amazing.

GIAC provides two practice test exams as a prep for the real thing. It is a representative of the real exam but not the real exam.
I listened to all the recordings, practiced all the lab and capture the flag, reread all the five text books provided and prepared indexes for the exams since it is an open book.

Then launched for the exam which I managed to pass for the first time.

My next goal is to take the OSCP training and test but according to the reading I have done so far, it sounds like this is more challenging than the GPEN.
For those who have taken the OSCP and GPEN, what is your feel? Do I have a chance or no? I have no programming knowledge but the rest of the requirments, I can get well along.

I am currently working with BT4 and practicing all the tutorial provided by the offensive sec on the metasploit unleashed in my lab.

Bushman

Thanks to everyone who has responded to this and your links to other sites.
However, I am thinking here purely on the prospective of a pentester doing his job without any knowledge of a breached on the network.

Also, when looking around after he compromised the target system, he is looking to further escalate privileges, delve deeper into the system but before doing all of these, he wanted to make sure that he is not contaminating any previous compromised by the real bad guy.

Is there any commands for him to run to verify previous breach? If rules of engagment allow, what tools could he utilize to determine any previous compromised?

Does this little explanation help in understanding what I am saying?

Any idea/suggestions would be appreciated.

He folks,

I was wondering about this scenario. You are hired to do pentest and while doing your pentest, you have to successfully compromise the target system (Windows or Linux). You started to look around for Windows, you run sc or sc query commands, net and etc sommands.
How would you know that the target system(s) had been compromised so that you can turn the pentest into investigation/forensic phase, given that fact that you are a pentester pro. not incident handler or forensic invetigator?
Are there specific skills that you need to have being a pentester in order to find traces of a compromised systems?

Your turn, any idea/suggestions?

Pentesters,

I am looking for a samples rules of engagement and liability agreement for our internal pen test. Just something to get me started since this is my first time doing pen test for our internal systems. I would be grateful for any pointers.

Please email it to me or send me a link if you have one.

Thank you all for your help.

Bushman

Besides all other recommendations by others, I would suggest that you hire professional pentester(s) who can figure out things for you - why this is happening, which vuln. is exploited and how to fix it for you legally.

It may cause you some $$ but it is the final blow to them and relief for you.

But for any person to start attacking/hacking this site withour proper procedures, will be liable to breaking the law and risk going to prison.

Hope this help

Here is my little 2 cent contribution! If any security pro. is really in doubt about this issue, you should be attending the SANS 560 that will put every issues raised here to rest. I am not ad. SANS here nor am I working for SANS. I am not even associate with them.
Qoute "hack and pivote mercilessly but within the rules of engagement". From whom did this guy get his permissions to hack/obtain this info? Which systems were he limited to hack?

Unless you are the bad hacker/guy who breaks cyber laws, then you can fear but if you are a real security pro., you fear not.

Judge for yourself.

Thank you!!

Just wanted to drop this thank you email for those of you who have taken their time to answer my concern and I do appreciate your humble advise.

I am gearing up for this and becuase of you honest encouragement, I feel better.

I will keep you updated.

Bushman

Need help and couching on how to pass this exam. I just attended the live training in Vegas and have registered for the exam and the OnDemand Bundle which gives me access to the same training material and mp3s for 4 months.
But I am still nervous about this cert and would appreciate any help/tips on how to be well prepared to pass this exam. If you would like to share your indexes, tips, cautions, etc, please feel free to email me at yuguwani@hotmail.com

Thank you in advance.

Hi,

Not sure if your GPEN still valid but I am taking the SEC560 course with Ed in Vegas. If it is still valid, I would appreciate if you could award this to me.

I am more of a Windows guy:)

Let me knw, please.
Thanks