Hello fellow EH'ers,


I was wondering, how well are all the different certifications recognized by companies?

I know there's many different certifications, but lets include primarily penetration testing, security, and the most well known certifications.

I'd like to hear your list of top 10 most recognized certifications, so I can perhaps gain some knowledge of which I should pursue seen from a pure HR / company view and not a personal view of what I want to learn.

1. CISSP
3. CEH
4. Security+
5. GSEC & GPEN
7. OSCP & OSCE
8. eCPPT and / or Shodan (Heorot)
9.
10.

I might've missed some important ones, so please enlighten me, but also tell me your opinion about the 10 most recognized certifications.

Congrats yatz!  I'm glad you won 

I would rather do WiFu+OSWP from Offensive Security, cheaper but the quality to content ratio is also most likely higher, and a lot more technical, so be prepared to get into the details

The Web Application Security courses from SANS are okay, from what I heard (from people who did them) and read (on their website and blogs). But the things you learn are basic, and won't get you that near a real hacker within "WebAppSec". Unfortunately, I don't know any courses within this category I can recommend yet, but check out a few of my blog entries if you're going into this category within WebAppSec, you might enjoy them if you don't already know them 

Link: http://www.exploit-db.com/category/maxe/

Anyway, if you want to do Penetration Testing you should be prepared to learn a lot, and also enjoy it with passion even in your time off work if you want to be really good  But that is of course just my opinion and I'm glad to hear another person is getting hopefully into serious pentesting as well.

A virtual bar, I'm thinking the same chrisj 

I also joined the channel, just for fun though I'm mostly just idling there, but I'm there hehe 

Scanning WiFi networks without permission from the legal owners is illegal, and you would have to break into those not "closed" and encrypted, and then look for connected equipment which could be done with a simple nmap scan.

Using a Wireless Access Point which isn't public, but open is illegal to connect to in most countries if you don't have explicit permission from the owner. In some countries, one can get a fine from the police for having an open WiFi network.

That's an awesome offer 

If the IP ID sequence is predictable and sequentially increasing, you can do a zombie / idle (port) scan with Server B.

You can also spoof your source port, as Server B, however if you want a reply, you need to send a packet with your IP in one of them as well.

If Server B is completely secure and you just want to use it as a tunnel to send data through but you don't have access to Server B, I'd say you're trying to use a functionality which isn't built into the TCP/IP protocol stack yet but also potentially for illegal purposes as in spoofing malicious traffic from one host to another.

You can always sign up for more pain, OSCE 

Check out IRC, Freenode is a great place, for instance: #backtrack-linux, #corelan and #intern0t are places you can ask many questions, even privately  (In #metasploit you should ask questions about metasploit of course.) Doesn't hurt to check it out, and it's free as well and you can also gain much more knowledge than most of the provided infosec mentors and trainers which is mostly not based on practical penetration testing such as scripting, programming, finding 0days, debugging, wifu, and so forth.

It's an easy and free way to learn, though you should expect that it is expected that you will also try to research and learn topics yourself but there is almost always room to ask any question on IRC if you're just asking the right place.

Awesome prizes, good luck to the winners in the end of this month 

You were quite lucky I'd say, but I'm glad on your behalf as always 

In most of the companies I've applied for jobs at, I was told that more relevant candidates had been chosen (those with +5 years experience from a company and CISSP mostly), or that I should get more experience and get familiar with e.g. Metasploit, etc. (I would say I'm fairly "familiar" with most hacking related areas, but I'm working on my unicode overflow skills and many others whenever I have time )

Anyway, good luck rabray, I'm sure if you search long enough and make some compromises personally along the way, perhaps the company you want to provide your services for wants 2 days, then you should go for that if it's possible.

Why not just do like offsec, exploitdb, backtrack-linux, corelan and metasploit? Create a #ethicalhacker channel on freenode! It takes 1-2 seconds to do if you're already joined to the IRC server and yes, freenode supports SSL.

There's a lot of professionals on that network, even some of the best and even though many just idles including me, occasionally we're around and some are more than willing to help if it's within their knowledge area and if they desire to do so.

I think an IRC channel on Freenode will be more successful than a SILC channel, but also because there's already a lot of people on this network and it's also where most people are within the ethical hacking area.

Congratulations, OSCP will definitely be a lot harder, so expect a high learning curve if you don't already know real practical penetration testing in depth 

Maybe you need to work on your CV (Resumé) and / or make your recommendations more visible. (If you have any worth mentioning of course.)

They also look on education and especially previous business experience, at least in most countries as far as I know.

Certifications alone isn't enough to get a job mostly, but they're a good start and help, and even get you past the usual HR screenings, but you still need to sell yourself. (Something I am not good at xD)

Set up a network IDS like Snort and wait for the malicious / illegal traffic to occur.

When it occurs, save it and follow the "stream" to see what happens but also where it comes from.

That's probably the easiest way.