On a side-note, when I won a complete year of Hacking Dojo training, it took probably a month or so to set up, but I did receive it. Sometimes meetings were cancelled, but as I won it and it was free, I didn't really care (after all, most of the videos were on the wiki anyway, including connections details to the lab).

I understand that it's a problem you haven't heard anything esojzuir, and I hope you get your situation resolved and that Tom considers, hiring an assistant to deal with these matters, in case he or his assistant teacher should not be available. It may mean less money overall, but in the end it will mean a greater reputation for the company.

After all, companies like OffSec don't have these issues, and they are not that much bigger, but they are efficient at what they do, and I haven't seen them let anyone down.

Anyway, I hope Tom gets better soon in case he is still sick or suffering from a relapse (what could we possibly know about his situation), and that all this gets sorted out.

I am however, more surprised about what cd1zz called out, about vendors getting free advertisement on this site and then not delivering the prizes people have won. I have not had this issue yet, and I don't hope I experience it as it is unfair practice.

But I hope everyone's situation is resolved 

Everyone in favor, say yay!  I am still waiting for my hacklebox but, it should be here next week or the week after hopefully  Even though I am dying over the time it is taking to get here! 

What about kangaroos and fine places to eat?  Anyway 3xban, that's one of the major problem we have had in acquiring people from overseas, as it is usually a wife or a girlfriend that says no.

Do you have eyes? Can you read? Can you move your eyes up to the top of the page? What does it say? Ethical Hacker Network     Not "Unethical Illegal Warez Pirate Mafia BlackHat Cracker Whacker Hacker Network", or "This website will give you illegal software right away just by asking because we are so nice!"  

Here's your options:
A) Go to HackForums or somewhere else and buy them;
B) Download keygens for whatever you need, sleep satisfied your computer is now infected with malware;
C) Learn reverse engineering and create your own;
D) Buy the software or get off the Internet.

If you choose C, I support your actions if you buy the software first. That way, you are actually not breaking the law (in most countries) as long as you have bought the software legitimately and is not selling pirated copies including serial keys.

PS: What does "manuf." mean? (Manufacturer http://websters.yourdictionary.com/manuf ?)

PPS: What is a timelife key? I understand what a lifetime key is, but you wouldn't get that every year. To be honest, it seems like you are just trying to get free warez from us, so no, your request is not URGENT as we don't give a banana about your illegal requests  


Quoted for Truth

It's the same company behind, that runs Hakin9 

Not even after OSCE, will one become Neo or the guy in Swordfish 

The reason why I like OffSec's teaching methods, even though they also make people become bald (for ripping out the hair lol ), is that they force you, to think for yourself, search the net for help, go to IRC for perhaps, helpful peers. Learning about pentesting can be a trial and error process, when something doesn't work.

When you're doing it in real life, you want to know the exact implication of running an exploit before even running it. I.e. will it crash lsass and perhaps force the machine to reboot? Will it only crash a single service that will barely affect the system or perhaps a service that affects many users? And how reliable is your exploit with x payload considered the most stable option?

At least, when I reconfigure devices, upload shells, execute commands, send exploits, etc., I try to know or already know as much as I can about all those things. When I don't know much about the target environment, I must make assumptions based on which ports are filtered, which are open, which services are listening, etc.

I've known about it for a while, it makes my life a lot better 

They are actually constantly looking for people in Australia, even though they are barely advertising it internationally. 

In short: Between 5 minutes and 100 years  Some concepts of testing/information can be applied almost forever, even in Internet time, while other things may become obsolete within 5 minutes if the issue is remediated at such a great scale that the attack vector becomes obsolete. (i.e. Cross-Site Tracing is practically useless nowadays. But it's good to know about.)

If you had written your opinion and how this relates to hacking, as your question was very generic, it may have interested people to respond in other ways 

Quoted for truth. When I read the question I was like... *sigh*

Yeah I know they got enough legal foundation to probably win the case in USA, but it's still bs what they are doing and they should be stopped for this treachery  Suing companies over using SSL/TLS to protect their customers, and TQP didn't even invent these protocols, they were just the first to come up with an idea that conflicts with SSL/TLS and RC4.

There's like 6 billion people on earth, if everyone patented their ideas 2000 years ago, eventually, someone would break that patent.

Hello EH-netters,


Recently I heard that TQP (a company) is suing several companies, some of them being Apple, Google, Intel, Dell, etc., for using SSL/TLS on their websites.

This company, apparently have a patent on the algorithms used in very generic terms, meaning they can use this to their advantage and sue companies using SSL/TLS and similar algorithms if they exist or will exist at some point.

To be honest, I think this is bs, waste of time, resources, money, and that these lawsuits are simply made to make money, nothing else. It's not really protecting their IP (Intellectual Property), as they didn't invent SSL or TLS, or RC4 for that sake. They are non-technical persons just wanting to make a lot of money by suing people like the world's "No. 1 Hacker", except he just does it with people and companies he doesn't like.


You can read the full story here:
http://www.forbes.com/sites/andygreenberg/2012/11/09/meet-the-texas-lawyer-suing-hundreds-of-companies-for-using-basic-web-encryption/

[The company in this thread is currently not looking for any employees.]

Hello EH-netters,


As I couldn't post in the "Looking to Hire" section for unknown reasons, I thought that I would post here instead. Sorry if this is the wrong way to do it Don  

A company that I know fairly well, is looking to hire both new and experienced penetration testers. Good technical skills is a must, and having a passion for IT and Information Security is a big plus, as they only hire people who knows what they're talking about.

You don't have to be an expert in fall fields, but you should be fairly familiar with Windows, Linux and some Unix as a bare minimum.

As this is a technical role, knowing how to pentest a web application but also services is essential, even though exploit development skills is not required, except for web applications such as SQL Injection, LFI, RFI, XSS, etc, which is not that advanced compared to finding 0days in binaries.

English written skills must be very good (required to write the reports), even though it does not have to be your native language. English oral skills should be fairly good, even though the written English must as previously stated be good.

The role is mostly office based in Sydney, with visits to clients from time to time. (Mostly office based, as in testing from the office. The first couple of weeks / months does not require you to meet up with clients, unless you feel ready for that.)

There's extras such as a company laptop (often brand new), cellphone (often brand new or very new too), paid expenses for common things (travel, use of custom tools at a fair rate, etc.), and the salary is not bad either.

They are looking for both skilled people with and without previous information security experience (in a company).

Knowing how to write scripts and/or programs is a plus, and having certifications such as OSCE, OSCP, CISSP, GPEN, OSEE, etc., is a plus, but not a requirement.

NOTE: You must be eligible for a visa if you are not currently in Australia. The company is willing to sponsor future employees after a contract has been signed.

Expect several interviews and some of them to be very technical at some point. If you make it to the end, you may have to complete a CTF/challenge set at intermediate level.

No matter where you are from and if you think your English and pentest skills are good, then you may be their new employee. Relocation packages are available (at a fair rate) as well.

If you'd like to hear more, send me a PM.



Best regards,
MaXe

Me too, we only got Ruxmon, Ruxcon and AISA, where the latter is not technical at all  (At least, that's all that I've heard of)