Seems cool, thanks!

Thanks!  I got some good presents this year, but this is definitely the best. 

They are definitely more expensive, but I guess you can do more with them too... thanks

Apparently you're right and the network performance isn't good.  Oh well, maybe they'll come up with a better version in the future.

I'm reading TJ OConnor's Detecting and Responding to Data Link Layer Attacks and I'm wondering how well the Raspberry Pi work with detecting these layer 2 attacks using the Python example scripts in the paper.  Does anyone have any experience with it?

http://www.sans.org/reading_room/whitepapers/detection/detecting-responding-data-link-layer-attacks_33513

How hard is it to pivot in the exam?  Do you have to exploit vulnerabilities, or can you pivot with meterpreter by stealing tokens, passing the hash, getting service accounts, etc?

We all know about hardware and software based keyloggers, but I think there's actually another one that is on just about every computer; the human keylogger.  These are the most common, and perhaps most sophisticated keyloggers that organize keystrokes into nicely formatted documents, Facebook posts, e-mails, etc., and have a few unique benefits:

1.  They log keystrokes years before you ever got access, giving you the ability to go back in time!  Sometimes all the passwords are already conveniently logged in a file called passwords.txt.

2.  Logs from human keyloggers often end up on multiple computers via the network.  So if you gain access to a computer and get the users' e-mail, you can see not only the keystrokes that your target has entered, but the keystrokes from people responding.  The same applies for documents on network shares.

3.  You sometimes don't even need to gain access to a target computer, and can learn quite a bit by using OSINT.

4.  Not only do keystrokes get logged, but general user activity like browser history, program execution, contacts, files system activity, Wi-Fi networks used, etc.

5.  No malware or hardware needs to be installed, human keyloggers are FUD.

Wow, I guess I somehow missed that blog post... thanks.

It seems the thing to do in detection now-a-days is to sweep the network looking for bad guys by collecting data off individual computers in the network.  For example, running various WMIC queries across a domain; with a domain admin account.  But as you guys know, that's apparently not a good idea with Windows storing password hashes and even clear text passwords in memory.  So how can those responsible for finding compromised boxes avoid giving attackers domain admin?

Man I had no idea...

@m0wgli, do you know of any good links you've found on evading AV?  Anything on python and encoding, obfuscating, slicing a program into pieces to find the signature, etc.?

@ajohnson Yeah, it's like creating a chapter on NIDS evasion and just running fragrouter and calling it a day...  I didn't learn anything on AV evasion other than AV sucks even more than I thought.  I mean jeez, he went from being detected by 10/14 AV vendors, to 0 just by compiling it as an .exe using Python?  Are other people that successful with this technique?  I'm watching the video now, thanks.

I just got the book and read a little of it.  The AV Evasion chapter was disappointing.  The only thing that was done to evade AV was to run msfpayload, paste the shellcode into a basic template python script, and compile it.  No encoding, obfuscating, or anything what so ever.  Just compiling shellcode msfpayload generated... not even msfencode was used.

The little bit of the forensics chapter I read was decent for a beginner.  An entire book could probably be written on most, if not each chapter, so I guess it has to be somewhat general.

Has anyone taken the CHFI v8 exam?  How much has it improved from the old exam?

You guys are talking about using Metasploit for the OSCP, but I thought that wasn't allowed?

@cd1zz  Looks good, thanks!  A book like this is great since Python has become the scripting language to know if you're into security.