 |
| |
| |
|
Who's Online |
|
We have 28 guests online |
|
| |
|
|
 |
|
EH-Net
|
|
May 26, 2013, 02:39:14 AM
|
 Show Posts
|
|
Pages: [1] 2
|
|
1
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Where and how to gain knowledge?
|
on: November 04, 2011, 11:06:13 PM
|
@charliemong - ++1  I like your signature. That was the quote I'd used, in my previous one. Thanks Dude i like my "Art of War" Still studying my nuts off thanks to your advise. Nearly finished all my M$ stuff (along with python etc). Then after reading Dom's american werewolf in london post about the 7 safe guys I asked about ages ago am gonna pop down and do their CSTA. Should be a good grounding for the OSCP. |
|
|
|
|
2
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Cloud and what it means for Security Pro
|
on: November 04, 2011, 10:44:58 PM
|
Funny timing. I just got done speaking at FinCLOUD. According to all the cloud vendors their environments would put the NSA to shame and there are no, and never will be, any security issues. My quick points:
-don't fall for the entire "the cloud" concept where everything is treated the same. Find out exactly is going on. Is it a public cloud? Private cloud? Hybrid? Software/data/infratstructure/platform as a service? Every combination of those answers will result in different security pros and cons.
-example pros and cons for public could. (meaning a lot of the hardware and data is co-mingled at some point) Generally I see the infrastructure is "more" secure than many of the environments within my clients. They have more bodies and skills focused on hardening the systems and apps, controlling access, monitoring, etc. Downside? Lookup the recent whitepaper showing how researchers figured out how to own all of Amazon's web services. While cracking a major cloud provider might be difficult, all it takes is one breach to tank the whole thing. If I'm a hacker do you think I focus on breaking into 500 individual environments or do I break a single environment that has all their data. Low probability but huge impact.
-example pros and cons for private clouds. (meaning the systems/apps/data are generally dedicated to one customer often within their existing environment) You have far more control over your systems/apps/data because you know right where they are. In a public cloud your stuff could be scattered everywhere. You can monitor and audit at a more granular level. Downside? Private clouds tend to be very tied into the existing environment and therefore suffer a lot of the same problems. Perfect example: A vendor today was bragging how easy it was to roll out their private cloud product because they could simply roll all the existing active directory authentication right into their platform. I ask him nicely what security advantage that provided since I could pop one of their current systems, get AD admin rights, and then proceed to own their shiny new cloud. A rambling, stuttering 2 minutes later he kind gave up trying to come up with a good answer. I wasn't trying to screw with him, just demonstrate that bring a cloud solution directly into the current infrastructure created its own problems.
I didn't even get a chance to start talking though the attacks against CAs, TLS, etc that go to the heart of cloud infrastructure.
Thanks pseud0 for taking the time to answer. Your answer has given me some food for thought. Though not looking at getting cloud I have been reading up on it as its an up and coming thing. I just wanted some views from people in the know. |
|
|
|
|
4
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Where and how to gain knowledge?
|
on: November 03, 2011, 02:51:20 PM
|
Ok has anyone ever seen or heard of a site called hack this site? From what I read on it it's sappose to teach you the basics to the more advanced but I question the site entirely. Anyone ever heard of it?
I have used this site. It has some interesting things on for noobs like me.  though my search for knowledge is as ever leading me away from studying what I should be for work. There are some good Python tutorials about as I have been hammering these for a while now and its finally starting to glue in my head. Had a look at perl and to be fair I wont be ready for it for a while yet. Not till am comfortable with Python. |
|
|
|
|
6
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: An Ethical Hacker must have these skills...
|
on: November 03, 2011, 02:36:59 PM
|
Necessary ethical hacker skills, the starter edition:
TCP/IP
OS basics for M$ and the *IX distro of your choice
Internal network basics (switches, hubs, firewalls)
A sense of humor (preferably dirty but manic is also acceptable)
External network basics (routing, IP, interaction with internal networks, etc)
Relationship between services, ports, and how exploits work
Washboard abs
Some familiarity with coding (not expert, but can muddle through)
Understanding of general web application construction (front/back end, etc)
A WOW account (maybe EverQuest if you roll like that)
Some level of business sense (need to explain business impact of your findings)
A comfort level with your skin tone being 3 shades more pasty than your racial peers
Washboard abs?! Well, that disqualifies almost everyone I know in IT.  The skin complexion though? Got that one nailed... Am with you on the skin tone but Abs??? try AB! lol |
|
|
|
|
7
|
Columns / Editor-In-Chief / Re: [Article]-An American Hacker in London: Course Review of CSTA by 7Safe
|
on: September 02, 2011, 11:00:57 AM
|
|
Hi Don,
Loved the article was a very enjoyable read. I seam to remember posting some questions about these guys and no body seemed to have a clue. Am glad someone who is worth their salt (Knows there $h!t) thinks this is a good newbie course. Would you say this would give you a good ground level knowledge base to attempt the OSCP??
Thats again for a good read dude.
|
|
|
|
|
13
|
Ethical Hacking Discussions and Related Certifications / General Certification / Re: A+ and Net+
|
on: September 02, 2010, 10:15:16 AM
|
|
Posted by: ziggy_567
Insert Quote
Quote
You were correct in assuming that im focusing on security and system administration.
Have you thought of doing Security+ and Linux+?
I know you say you're going for your MCSA/MCSE, but why pigeonhole yourself into just Microsoft system administration? I don't know anything about Microsoft certification electives and whether or not Linux+ counts toward anything. But, I would encourage you to learn Linux as well as MS as a system administrator.
If you are doing your MCSA/MCSE I would go for the Sec+ as you can use it for a elective and give yourself the MCSA/MCSE security. I would also advise to do the Linux plus. Not just for the qualifications but for the knowledge. All knowledge is important. And if you want to get in to security Linux seems to be the way to go.
|
|
|
|
|
Loading...
|
|
|
|
OSCP - Offensive Security Certified Professional : Failed my first attempt at the OSCP exam
