LOL how did you do that? Just kidding. I think Backtrack has a place but it should not be a crutch. I think its a good place for those new to Linux to see how tools work. But its so important to  get beyond that. You need to know Linux inside and out to really appreciate how it applies to hacking. Dont get me wrong, I love easy and fast.  But you need to know how to craft an OS to do what you want. Thats what "hacking" is all about in my opinion. Doesn't matter if its an xbox or some interesting piece of hardware, you need to  know how to hack it and make it do what you want. Windows is to restricted.
  While on the subject, how many heavy duty hackers even use a live cd? To be honest I have not met one yet. Even the creator of Backtrack installs it as  a hard drive install. I asked him why and he told me its too slow if you don't. So, if you are going to run it as a HD install, why not pick your favorite distro and really learn it? There are advantages.  You can install new apps with more ease.  In my experience its easier to customize and upgrade a regular Linux distro rather than some "live" cd versions. 
  Again dont get me wrong, I have nothing but respect for Backtrack. Its an important part of the learning process. Just don't get stuck on any OS,whether its windows, Backtrack, Gentoo, etc... The idea is we are hackers and work with what works for us.

Hmm, well I guess its a sad truth that anyone that is from Microsoft makes one a little skeptical, but I have to admit I am.  I have found it is really is up to the Admin and have found Apache as secure if updated and applied correctly.  I do understand how someone can react that is very close to something like IIS and even  more so if they are involved in writing the code. Its your baby and you will defend it to the death, but is that really objective?  It would be interesting to have someone involved with writing Apache to do a counter to this. 

Hey thanks for posting here.  If you have been in linux for years thats cool. To be honest, I dont think your choice of books has much value. To be blunt, I think that book is weak!
 
 I love linux with my entire heart but it doesn't always answer your needs unless you can program.  Linux only comes to fruition to those that can tweak and change things. Its the ultimate "hackers" OS. 
 
 Wine is really a drink to get you inspired, not much of a simulator.  If anyone wants to pay me, I will be happy to convert windows apps to linux.   I was a bit surpised that cain and able never came out for linux, but oh well. The idea is if you are hacking windows, there is an advantage with a windows app.  Well, sorry I never believed that but oh well. There is nothing similar and I suppose thats one more reason to dual boot. Damn you Bill Gates! Your best bet is to collect as many linux apps as possible and try to go from there.

Hey Ziplock!

     It is cool to see this here and thanks for stopping by.  I enjoyed having lunch with you and Muts at the Blackhat conference.  I am sure everyone here is eager to see BT3 and best of luck with your courses.

Many people don’t realize that nmap has a print out function that displays everything the way script kiddies used to type way back in the day if you happened to be in a hackers IRC channel.  Its really more of a joke, but its fun to do once in a while.  Ok so you want to be elite? You want to be a first class hacker?  There is really only one way.  To quote an old joke, “ how do you get to Carnegie hall? Practice, Practice Practice!” .   I don’t mean read, read, read or hang out on the net.  You really need to practice your trade. Ok so how do you do that without getting the FBI knocking on your front door?  Well, you need your own lab.  All real hackers have one.  Whether they are a black or white hat, the attack lab is a must. If you don’t have one or access to one, then I cant see how you can call yourself a hacker. Its that important at this time.  In the past not so much, because most hacking a long time ago was 90% password cracking. Yup, that’s right, just cracking passwords.  Sometimes not even that because it was easy to log on to FTP servers as anonymous back then.  We would try guessing passwords first. That still works today and I am still amazed that 123, 123321, qwerty, name of company, etc... are still used! Even hackers can get lazy and I hope I didn’t embarrass too many readers here if I hit a nerve, LOL!  Stop reading and go change that password right now!   The movie War Games is a classic and perfect example of cracking computers back in the eighties.

Ok, so back to attack lab. I have noticed that most of us go through a natural progression when working with our labs.  The very first thing most do is download vmware and install an OS we want to crack. That is a good place to start and actually you will find that you will keep this tactic up for the rest of your hacking life. Even if you have a complex attack lab, attacking a single OS in vmware is still important. For instance, say you are waiting at an airport and you are trying to fuzz an app to create an exploit. You want to test it quickly so you load up your vmware on your laptop and try to run your exploit. The normal approach is to run your OS with no service packs or firewall. Then you begin to add patches one at a time. You keep hardening the OS until you can not crack it any more.  As you do that, you are keeping very careful notes.

The next progression is to actual build multiple vmware installations in order to simulate an entire network.  You can make a fun puzzle with this kind of set up.  Next time you are 30,000 feet in the air, try making a network with say 7 installations and the only way you can get to the target box is to hack and own each box one at a time. That is, you go from box 1 to box 2, then box 2 to box 3,etc. until you get to box 7. If you have a buddy set this up for you before hand its much better so you don’t really know how to get to box 7 other than trial and error.  There is a really good article on how to set up a vmware attack lab written by one of EH-nets most prestigious members Negrita.  Hmmm, I still haven't tried that brand of rum yet!  Is it really better than any others? Hey what can I say, I am not a rum expert, but if I get the chance I will have a shot in honor of you brother.
  http://www.ethicalhacker.net/content/view/63/1/

The next step is to actually build a real network of boxes. This doesn’t need to be elaborate.  You can basically build it from computers people are throwing away.  I like this approach the most because it has the most authentic feel of a network when you are hacking. You can easily change it from a hub to a switched environment which is crucial to developing your “sniffing” skills.  I wrote about this in the past and you can actually build this for way less than $600 now.
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,1094.msg3450/#msg3450

The final place to go is where you potentially can reap the most benefits, but it’s a bit dangerous. Only think of doing this if you really feel  secure with your networking and monitoring abilities, because it could really bite you.  It involves turning your attack lab into a honeynet.  A honeynet is different from a honeypot. A honeynet involves creating a complete network that will appear “real” to an attacker. A honeypot is a simple box or two that is setup as easy prey for an attacker to distract him from the real target. This was an interesting concept early on but is really considered a bit dated.  One problem was it only caught the dumbest flies. Any highly skilled hacker could detect it even from the outside but even if he or she took the bait, the hacker could tell quickly what was going on and leave quickly.  On the other hand, a honeynet is virtually impossible to distinguish from being authentic because it is authentic!  Its amazing what you can learn if you are lucky enough to catch a big fish. You can actually see how many attackers plan their breach. You might even be lucky enough to sniff out an exploit that has never been published.  Basically you are being taught by some of the best attackers on the net if you set it up correctly.  But remember if you don’t set it up correctly, it can be very dangerous because attackers often use a network like this as a launch platform for other attacks. Believe me when I say its going to difficult to explain to the FBI that you are an innocent victim when they come to your place and see your attack lab with a copy of Hacking Exposed,etc.. laying on one of the towers! It would be better if you can set up the lab in a professional environment like a security business or university or if you work for an ISP and can talk then into it as a project rather than in your home.  But on the other hand if you are reasonably skilled you should be ok.  My rule of thumb is to reset the lab every few days even if I don’t see a breach. I guess I get a little paranoid about some unknown rootkit that cant be detected.  By the way, rootkits are not really an issue so far because they cant hide from an outside scan of the network and that’s part of a well monitored  honeynet.  Rootkits only “fool” the boxes they are installed on so never rely on scanning from the same box. If you are still interested in setting up a honeynet, “Know Your Enemy” by the Honeynet Project is an excellent book on the topic and I suggest anyone interested should read it completely before taking on a project like this.  I hope any one new to security reading this post can see how vital it is to having a lab to work with. In fact, in my opinion you cant really call yourself a skilled hacker if you don’t have access to one. One last thing to mention is all the above examples are valid and good and have their place. They should stay in your repertoire for as long as you are involved in hacking.

Yes I agree, comparing a newly certified CEH to a Doctor would be absurd and I certainly didn’t mean to create the impression that I was doing that.  I was simply trying to say in a nice way that a newly certified CEH does not necessarily mean he is qualified to practice. If I was looking for a heart surgeon I would rather use someone with years of experience rather than someone fresh out of med school.  I see the CEH as a flawed beginning, but I am hoping it will continue to improve.

I have been active in the security field for years and I assume others posting here have also? I mean pentesters that have to try and win a gig doing an audit on a large company. Not people that hack for fun or Admins that only hack test their own networks. Dealing with corporations can be difficult because people there often have a certain mind set.  Being able to provide credentials goes a long way in getting the contract for a security audit, at least that has been my experience and other pentesters that I associate with.

  I am not sure if I follow the logic of there is no need for a certification because pentesting has been around years before any certification process was available. One could use that argument against any cert then, all the way from a cissp to an A+.  Why do certifications become available any way?  Because people begin practicing in a certain field and soon there are many people with variations of skill levels all claiming to provide the same level of skill. So the certification process becomes available in an attempt to prove or certify a certain level of skill. Am I saying the CEH as it stands today does this. No I am saying that at all. I would like to see this cert improve or another one comes in its place that the majority of us in the security field would say “yes this proves a good level of skill.”.

Good review and I agree totally.  I had a chance to preview the book and ended up putting it back on the shelf of the store. The general feeling the book gives is if the authors were rushing to put something together. That might be unfair and I do know it takes a lot of effort to write a book, but if you are going to go 80% why not push it a little harder and go 100%?

Yes Emanon (or Noname?) , you  have some valid points, but I don’t agree with everything you stated.  Just because a newly certified CEH might not be on the cutting edge of hacking doesn’t mean the CEH cert has no value.  For instance, when a Doctor first graduates from Med school he certainly is not qualified to present himself as an expert in his field.  Depending on the field he pursues, there might be several years of internship.   To dismiss the value of his Doctor “certification” simply because he might not be at a high level in his field would not be justified and nor would dismissing the CEH certification on similar grounds. IMO, a newly certified CEH is simply showing that particular individual has the grasp of the fundamentals of how an attacker might “think”.  Now how far a CEH wants to develop his skills will depend on his ambition and natural abilities. As in the Doctor analogy, there are good Doctors and bad Doctors. So ultimately it will depend on an individuals reputation, rather than simple certifications.  The CEH cert is rather new and developing, but it is a needed concept in computer security. Let’s work on improving it rather than throw the baby out with the bath water.

 I do agree that perhaps the term Certified Ethical Hacker might not be the best choice.  You cant really certify someone as ethical and the term hacker has so many negatives that some times I am tempted to throw in the towel on that one.  I can think of a few easier ones for the public to embrace like Certified Computer Security Consultant, etc…
 
BTW, the next time you know a group of CEHs being asked to crack a window xp sp2, let me know so I can be there!  I do it all the time as do many other CEHs I know.