t3st,

assuming by wifi analyser you mean the wireless tool by Farpoc?

I use the same tool, as it's essentially a wireless spectrum analyser similar to aircrack/kismet/etc, My guess is CandC is merely a SSID of a neighbouring AP and (hopefully) not a direct threat to your environment.

Hence my attempted caveat. But you are having problems, and you did ask for help; which I was trying to provide. Won't bother next time.

Could be many things, have you checked all the usual candidates? download checksums? File/user permissions? etc?

Possible stupid (and/or insulting - not intended) question, you are in same directory as the *.run installer when issuing the ./*.run command?

I'm running on 12.10 and MSF running perfectly my end.....

Sorry, should have been clearer: my experience is with the Team Member level certs.

Team Lead on old the to-do list (which I believe is far harder). Robin Wood has a good right up of his experiences with the TL level exams

I've not taken a good look myself, only ran across them myself a couple of days ago, but Risk.io may do what you need.

It is a commercial service, but there is a free/limited option, and all new accounts start with a 30day Pro trial.

Hopefully it might solve your issues, either way I'd be interested in your thoughts and experiences if you do give them a go.

They both have their uses, and having done both I'd strongly suggest doing both (if UK based).

OSCP will develop a deep technical understanding, CHECK/CREST will help get you the work to put that understanding to the test.

That's not to say the CHECK/CREST isn't technically challenging, but having done OSCP first CHECK certification was a challenge, but not on the Bob/Pain/Sufferance scale.

My route: I self funded OSCP (cheaper of the two) to prove ability/commitment, then put CHECK through work's budget

Hi Ender,

welcome to EH-Net.

Depending on your location you could look to local security businesses who may be willing to assist in return for a share in the publicity, or to local groups (DC#, 2600, etc.) for individuals.

Only concern I'd have, is I've seen the same marketing spin tried over the years, often resulting in some very bright individual finding a flaw, leaving the 'bragging' company with egg on their face. Before you start the PR exercise I'd suggest that your client hires multiple, VERY good pentesters to put the systems through it's paces first.....

Hi Hudson,

welcome to EH-Net

Not wanting to pull your first post apart, but this seems to be computing for the truely paranoid. Whilst most of it is good advice, in the real world you've got zero chance of getting standard users to take this precautions; I'm an overly paranoid infosec guy and the only step I follow is checking the hash sums of downloaded files - and my machines are malware free (ignoring the malware there deliberately...).

And if you're running a 'nix OS, why run winmd5Free under wine when you've (usually) got md5sum on the commandline as standard?

Oh, and one of my primary malware-free machines? Running Windows....

If you've already got a virtual environment for your server/app lab set-up take a look at Vyatta's open source edition.

They've got some fairly powerful network kit available as virtual images. I've got one running as a router handling the core of my lab environment without issue.

If you've got some experience with other network kit (Cisco et al) it should be fairly intuitive to pick up.

OK, I'll give benefit of the doubt; you start first, as you already have an answer.

From my limited understanding of the situation I also called BS.

But I also believe (can't find my sources, sorry) that several big names have already paid up to avoid the legal costs, so TQP must have something with a legal foundation to it.

Time to grab the popcorn and see how this one plays out.

Interesting looking script, thanks for sharing.

I'll definitely keep it in my bag of tricks for a rainy day and let you know how it goes.

If you've not got the certs/experience/skills for any position, your application won't be successful, that's true of any industry. What I don't understand is people that have C|EH and higher/more advanced certifications dropping C|EH.

At a minimum it shows your development path to get to where you are now. All else being equal I'd hire a CHECK/CREST and C|EH applicant over 'just' a CHECK/CREST applicant.

Root, as Maxe states be aware of non-technical workload if working alone. A general truism for consultancy type roles seems to be 1/3 of your time chasing new work, 1/3 doing admin/paperwork and a 1/3 actual billable work. Just make sure you work the excess into your billable prices Good luck

Not wanting to hi-jack the thread but I'm not sure I understand the logic behind removing certifications from CV's or LinedIn. I've achieved more respected and advanced certifications since gaining C|EH, but C|EH still holds a mention on my resume.

Regardless of opinions of particular certs, surely having a questionable (in some people's eyes, discussion for another thread) cert like C|EH is still better than an empty space in it's place?

Admittedly I sat C|EH with it's reputation in mind as a way to bypass HR filters rather than 'prove' technical capabilities, but I still sat the cert for a purpose. If you're not going to display a cert, why take in the first place?

To answer Root's original question: you don't necessarily need certs to to be a pentester, but if you want to find work you will likely need to be able to by-pass HR filters and pass minimum requirements in particular industries. Using the UK as an example, C|EH can often achieve the first, with CREST/CHECK providing the second (as MaXe has already stated). YMWV depending on location/business sector though.

Haven't used it in anger yet  (still beta, getting nowhere near production environments ). But from testing in the lab its a much cleaner interface, no empirical evidence but feels more responsive.

No additional functionality at the moment, but from listening to the weekly Tenable podcasts it seems that replacing existing functionality is only the first step, other improvements are in the pipeline. Although I'm not expecting too much in way of new features, if they put too much useful stuff in the Nessus Scanner, it would detract from the (comparatively much more expensive) Security Centre.

Always like new and shiny though toys though, and the move away from Flash should help those with portable devices of the flash-less persuasion...