I thought one of the fundamental rules in all warfare is to "know your enemy". Seems like we sometimes underestimate the cunning of people living in 3rd or 4th world countries. Thats a big mistake not only for the military but anyone involved in security.

I just got my IronKey flash drive; a nice reward for having made a number of posts through the years on the EH-net forum. Thanks to Don and IronKey.

I was extremely impressed the moment I opened the box with its durable brushed metal appearance. More importantly, the method incorporated for securing data is by far one of the most reliable I seen available to the general public. This is not to be confused with what is often passed off as secure data encryption. This is military level technology with a little touch of 007.  

Your data is secured with military grade AES CBC mode encryption that can’t be turned off or disabled and is password protected.  If you lose your password you are simply SOL.  Another feature I like is if after 10 consecutive incorrect password attempts are made, your IronKey will self-destruct. That’s awesome!  

I really have no problem backing up sensitive data on the Iron Key after a pentest. Unfortunately this is sometimes overlooked by pentesters and can open them up to legal problems if the data they retrieve is compromised.  I am definitely going to recommend the IronKey to my clients that need to transfer data in a secure method.

Simple nmap scans are not illegal.  However, if you caused a server to crash you might be held responsible for damages.  Most ISPs look down on it and if you are caught scanning, will freeze your service until you give them a good explanation.  My ISP has a 3 times caught and you’re out policy. They have the right to refuse service to whomever they deem undesirable.  So while you probably wont have the FBI banging down your door, loosing your high speed internet connection would blow.

Thanks Don 

First class effort and with the exam process included, makes this one of the most complete reviews concerning a training program like this.

Hope everybody had a TG day and didnt eat too much!

Ok good luck and dont stress it.  Its really not too bad.

What are you afraid of, failure? That is not the spirit of a true hacker. As hackers we fail daily, but persist till we get in or decide its impossible. There is nothing wrong with failing a test one time and taking it over. How many times it took to pass the test will not be printed on the front of your cert. My thinking would be go ahead and take the test since its already set up and if you need to do it again, so what.

If all you got was the DNS for a you did something wrong. You can easily get the IP, and sometimes even the kind of Browser and OS of the average user. Well,unless he is going through some kind of proxy. One of the two most popular ways of getting an IP is as you mentioned and the other is to send a coded email that when opened returns an IP. Both techniques could be classified as social engineering or tricking the individual as you stated and are not fool proof. The personal information connected to an IP address are usually guarded by an ISP and usually are only given out with a court order.

I will definitely keep an eye out for it! 

Nice site Brian.

Nice !

I havent seen the latest edition but the last one I read was very weak and not worth the time or money. I hope 3.0 corrects this because there is increasing competition out there and some decent books.

What training program out there doesn't include lots of open source  tools,etc... that you find easily on the net?  Its really about how the material is presented and made accessible to those new to the subject.  Good job on the review and thanks for the effort.

Who said writing open source doesn't pay off in the long run?  I am willing to put money on it going the way of Nessus.