There are some good articles on the following website if you're new to NMAP: http://www.networkuptime.com/ (Professor Messer) for example:
http://www.networkuptime.com/archives/2006/07/nmap_os_scan_through_firewall.html as well as the guide with some tips and tricks and usage information: http://www.networkuptime.com/nmap/index.shtml

Yep, Rarcrack stops and says that the password was cracked.
When RarCrack runs, it creates an xml file for the current rar file you're trying to crack, if the password has been cracked (or at least thinks its cracked) the xml file will contain the cracked password for example: <good_password>5Di</good_password> I also edited the xml file and removed the cracked password as well as modifying the <current></current> info so that Rarcrack won't continue and falsely crack the password again. I then ran Rarcrack again and this time the password was falsely cracked with the password "eW4"

I'll try rarcrack from the BT distro and see if I get the same results.

Anyone used RarCrack before, with success? 
Out of curiosity I have been running some tests on my system using rarcrack 0.2 using a personal rar file with a password of "pAssw0rd" (zero not o) and after a few minutes of running the program the program says that the password has been cracked and is "5Di"
I then thought I'd try a shorter password of "D00dle" (zeros not o's) on a new rar file and ran rarcrack again and this time the password was cracked with a password of "91t"
The test.rar file that came with the rarcrack program was cracked correctly but had a simple password of "100"

Just wondering if anyone else out there has had similar results with rarcrack

Thanks for your input everyone, much appreciated.

I'll create a rough draft soon and see how I do with content and time. Definitely want to have a live demo of Backtrack/Metasploit.

I've been asked to do a one hour presentation on Security threats and tools. I know, one hour isn't much but I was thinking along the lines of presenting on the most common tools used in Hacking/Cracking. I think NMAP is an awesome tool, I was thinking about spending a few mins talking about how it's used and how the TCP flags are manipulated - show some real packet captures in Wireshark to display the flags. Another tool that I like and think is worth mentioning is Ophcrack, I'm planning to have a live demo on Vmware and crack a few basic passwords. Cain and Abel is also another tool I'd like to have a live demo on, show some ARP poisoning and live HTTP credential gathering, maybe some Windows passwords as well. Lastly, Backtrack, have a live demo and show a few exploits on vulnerable machines. Plenty to fit in an hour!

I'd appreciate any input and suggestions from fellow EHN members, especially if you have done something similar. Is there any other tools that have a "wow" factor that I should include over any of the tool mentioned above?

TIA

This looks like a fun challenge, glad that I managed to catch this one in time. 

My advice would be to contact people that can answer your specific questions about the pentesting market in India: recruitment agents and companies that focus on the security sector. Join LinkedIN (www.linkedin.com) and join a few of the groups that are relevant to your interests. I found a few groups that sound promising:
"India - Information Security Community" and "Security Technology Professionals India" then there are the security related groups that are global: "Information Security Community", "Information Security Network", "InfoSec Careers" and "InfoSec Jobseekers Community" and many more.
 

Awesec beat me to it - highlighted in bold.

To the OP, why would you want to access your "friends" hard drive? If she/he's your friend surely she/he can provide you with the information you require upon request?

Just thought I'd post this for the people that may not have heard of this tool.

Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. Scapy can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery. It can replace hping, arpspoof, arp-sk, arping, p0f and even some parts of Nmap, tcpdump, and tshark).

http://www.secdev.org/projects/scapy/

For those you who have taken the CISSP test what were you thoughts on it?
I found the exam brutal (mostly because of the length), you need to really concentrate and understand the questions and choose the "best" answer. I used the full 6 hours and only had one bathroom break and a 10 min food break. Definitely did not want to repeat that exam, I thought to myself that if I fail I'd probably not do it again but after a few days rest I changed my mind and thought that I've come so far so I would have taken it again if I failed.

I am going through the CBT Nuggets (thanks EH.net, I won it here) and I was wondering about the test.

How much studying did you do, if any?
A lot! Daily studying around 6 hours a day weekdays and around 10 hours per weekend day for roughly 3 months. I read the Shon Harris All in One Exam Guide mostly, cccure.org, NIST docs and other resources on the Internet.

How comfortable did you feel going in?
Relatively comfortable. However, the exam is very different to any of the practice tests that I used.

Did you pass your first time?
Yes, I didn't feel that I did after taking the exam but I've heard from numerous people that this is the norm, most people feel that they failed after taking the exam.

Do you normally take tests well?
Normally yes depending on the exam, but the CISSP is nothing like I have taken before. The exam tests your reasoning, experience, concepts and more. It's the type of exam that I would read a question and think to myself that I wasn't even sure what they were asking and would have to re-read some questions twice or even three times!

Any random thoughts you want to add?
There are plenty of good CISSP resources out there, cccure.org is highly recommended especially to watch the CISSP exam overview and practice tests. There is also a LinkedIN group for CISSP study materials created by Shon Harris, I'm not a member of the group though, only found out about it after I did my exam. I also purchased the PrepLogic CISSP Lecture series audio training package which was a total waste if money, it's only 2 hours long and is very basic in content.

HTH

I would first start by scanning your computer for any Malware/Viruses etc..
It's possible that your computer is infected with either a keylogger or some other type of malware, so I'd start there first
There are a few free applications that may help to scan and remove malware from your computer:

http://www.superantispyware.com/
Spybot - Search & Destroy http://www.safer-networking.org/en/index.html
http://www.prevx.com/freescan.asp
http://www.free-av.com/en/download/index.html

I'd also recommend changing all your passwords for email, Face Book and other applications that require a password, only after you have scanned and removed any malware from your computer .. or use a computer that you know is clean of malware.

I don't have any experience with ISA but thought I'd mention that one reason why a customer installed an ISA server instead of other similar products from different vendors is because they have strict criteria regarding security and ISA has EAL4 accreditation: http://www.microsoft.com/forefront/edgesecurity/isaserver/en/us/common-criteria.aspx
Even though other vendor products were tested and proven to be faster and more scalable than ISA the only reason why ISA was chosen was because EAL4.

Will be sad to see Milw0rm go, it's a great site.
It seems that sites that host exploits never seem to stick around for long, anyone ever remember Rootshell? http://web.archive.org/web/20001206105900/rootshell.com/beta/exploits.html

I found this very interesting, some key points from the article:

"China has developed more secure operating software for its tens of millions of computers and is already installing it on government and military systems, hoping to make Beijing's networks impenetrable to U.S. military and intelligence agencies."

"Additionally, Mr. Coleman said, the Chinese have developed a secure microprocessor that, unlike U.S.-made chips, is known to be hardened against external access by a hacker or automated malicious software. "

"A third computer specialist, Alan Paller, told the Senate Committee on Homeland Security and Governmental Affairs on April 29 that China's military in 2005 recruited Tan Dailin, a graduate student at Sichuan University, after he showed off his hacker skills at an annual contest.

"Mr. Paller, a computer security specialist with the SANS Institute, said the Chinese military put the hacker through a 30-day, 16-hour-a-day workshop "where he learned to develop really high-end attacks and honed his skills." "


Full story: http://www.washingtontimes.com/news/2009/may/12/china-bolsters-for-cyber-arms-race-with-us/

15 mins? That's a cinch 
Best advice I can give is to practice your speech, present to your colleagues or family at home, any live audience should do (dogs and cats might help too). This should help to get you familiar with standing in front of people and presenting as well as helping you deliver your content. It's also useful for timing your presentation as well as asking your attendees to provide feedback about your presentation and skills.

HTH