|
EH-Net
|
|
May 19, 2013, 07:57:54 PM
|
Show Posts
|
|
Pages: [1] 2 3 ... 62
|
|
3
|
Resources / Tutorials / Re: I cant install MSF on my ubuntu 12.10
|
on: December 07, 2012, 06:56:25 AM
|
|
Could be many things, have you checked all the usual candidates? download checksums? File/user permissions? etc?
Possible stupid (and/or insulting - not intended) question, you are in same directory as the *.run installer when issuing the ./*.run command?
I'm running on 12.10 and MSF running perfectly my end.....
|
|
|
|
|
6
|
Ethical Hacking Discussions and Related Certifications / OSCP - Offensive Security Certified Professional / Re: CHECK V OSCP?
|
on: December 05, 2012, 05:31:44 AM
|
They both have their uses, and having done both I'd strongly suggest doing both (if UK based). OSCP will develop a deep technical understanding, CHECK/CREST will help get you the work to put that understanding to the test. That's not to say the CHECK/CREST isn't technically challenging, but having done OSCP first CHECK certification was a challenge, but not on the Bob/Pain/Sufferance scale. My route: I self funded OSCP (cheaper of the two) to prove ability/commitment, then put CHECK through work's budget 
|
|
|
|
|
7
|
Resources / Career Central / Re: Ethical Hacking, need hackers, tips
|
on: December 05, 2012, 05:27:11 AM
|
|
Hi Ender,
welcome to EH-Net.
Depending on your location you could look to local security businesses who may be willing to assist in return for a share in the publicity, or to local groups (DC#, 2600, etc.) for individuals.
Only concern I'd have, is I've seen the same marketing spin tried over the years, often resulting in some very bright individual finding a flaw, leaving the 'bragging' company with egg on their face. Before you start the PR exercise I'd suggest that your client hires multiple, VERY good pentesters to put the systems through it's paces first.....
|
|
|
|
|
8
|
Ethical Hacking Discussions and Related Certifications / Malware / Re: 12 Steps to a malware free existence
|
on: November 26, 2012, 03:17:56 AM
|
Hi Hudson, welcome to EH-Net  Not wanting to pull your first post apart, but this seems to be computing for the truely paranoid. Whilst most of it is good advice, in the real world you've got zero chance of getting standard users to take this precautions; I'm an overly paranoid infosec guy and the only step I follow is checking the hash sums of downloaded files - and my machines are malware free (ignoring the malware there deliberately...). And if you're running a 'nix OS, why run winmd5Free under wine when you've (usually) got md5sum on the commandline as standard? Oh, and one of my primary malware-free machines? Running Windows....
|
|
|
|
|
11
|
Resources / News from the Outside World / Re: The guy suing companies for using SSL/TLS
|
on: November 13, 2012, 02:39:17 AM
|
|
From my limited understanding of the situation I also called BS.
But I also believe (can't find my sources, sorry) that several big names have already paid up to avoid the legal costs, so TQP must have something with a legal foundation to it.
Time to grab the popcorn and see how this one plays out.
|
|
|
|
|
12
|
Resources / Tools / Re: dns2geoip.py
|
on: November 12, 2012, 11:02:23 AM
|
|
Interesting looking script, thanks for sharing.
I'll definitely keep it in my bag of tricks for a rainy day and let you know how it goes.
|
|
|
|
|
13
|
Ethical Hacking Discussions and Related Certifications / General Certification / Re: Certifications you need to have in order to be a Pen Tester.
|
on: November 08, 2012, 03:07:44 AM
|
Regardless of opinions of particular certs, surely having a questionable (in some people's eyes, discussion for another thread) cert like C|EH is still better than an empty space in it's place?
I would say it depends on the company you are applying at, if you only got CEH, and it's a highly technical and very serious company, they might think you're joking. No offence intended. If you've not got the certs/experience/skills for any position, your application won't be successful, that's true of any industry. What I don't understand is people that have C|EH and higher/more advanced certifications dropping C|EH. At a minimum it shows your development path to get to where you are now. All else being equal I'd hire a CHECK/CREST and C|EH applicant over 'just' a CHECK/CREST applicant. Root, as Maxe states be aware of non-technical workload if working alone. A general truism for consultancy type roles seems to be 1/3 of your time chasing new work, 1/3 doing admin/paperwork and a 1/3 actual billable work. Just make sure you work the excess into your billable prices  Good luck
|
|
|
|
|
14
|
Ethical Hacking Discussions and Related Certifications / General Certification / Re: Certifications you need to have in order to be a Pen Tester.
|
on: November 07, 2012, 05:08:07 AM
|
|
Not wanting to hi-jack the thread but I'm not sure I understand the logic behind removing certifications from CV's or LinedIn. I've achieved more respected and advanced certifications since gaining C|EH, but C|EH still holds a mention on my resume.
Regardless of opinions of particular certs, surely having a questionable (in some people's eyes, discussion for another thread) cert like C|EH is still better than an empty space in it's place?
Admittedly I sat C|EH with it's reputation in mind as a way to bypass HR filters rather than 'prove' technical capabilities, but I still sat the cert for a purpose. If you're not going to display a cert, why take in the first place?
To answer Root's original question: you don't necessarily need certs to to be a pentester, but if you want to find work you will likely need to be able to by-pass HR filters and pass minimum requirements in particular industries. Using the UK as an example, C|EH can often achieve the first, with CREST/CHECK providing the second (as MaXe has already stated). YMWV depending on location/business sector though.
|
|
|
|
|
15
|
Resources / Tools / Re: Nessus
|
on: October 29, 2012, 09:21:50 AM
|
Haven't used it in anger yet (still beta, getting nowhere near production environments  ). But from testing in the lab its a much cleaner interface, no empirical evidence but feels more responsive. No additional functionality at the moment, but from listening to the weekly Tenable podcasts it seems that replacing existing functionality is only the first step, other improvements are in the pipeline. Although I'm not expecting too much in way of new features, if they put too much useful stuff in the Nessus Scanner, it would detract from the (comparatively much more expensive) Security Centre. Always like new and shiny though toys though, and the move away from Flash should help those with portable devices of the flash-less persuasion...
|
|
|
|
|
Loading...
|