|
EH-Net
|
|
May 22, 2013, 11:35:59 PM
|
Show Posts
|
|
Pages: 1 [2] 3 4 ... 62
|
|
16
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: My Experience With Hackingdojo Ripped Off My Money
|
on: October 19, 2012, 04:32:16 AM
|
Well i can stop the course if i want & request for refund, there's no need for people try to tell me i don't have valid reasons to ask for my money back or request for refund. Nobody can tell me my reasons is invalid cause i have a lot of reasons to stop the course, also everyone has their reasons to do what they do .
You're quite correct: but there is a difference between you asking for a refund (for whatever reason) and you publicly stating that HackingDojo ripped you off.
|
|
|
|
|
17
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: My Experience With Hackingdojo Ripped Off My Money
|
on: October 19, 2012, 03:46:20 AM
|
Simply because i don't want to write the exam & i want to stop i ain't entitled to get refund my money?
If that's all there is to it, I'm going to go with yes. It was YOUR decision to sign-up to the course, and YOUR decision not to take the exam. As others have stated, the criteria for moving through the ranks is well publicised and available prior to sign-up. From my perspective (like yours, purely anecdotal) I'm working through the Shodan material (slower than I'd like) but have had all the support I've requested from the HD team.
|
|
|
|
|
18
|
Resources / Tools / Re: Nessus vs. OpenVAS
|
on: October 19, 2012, 02:50:27 AM
|
|
I can't comment on OpenVAS too much, got it running in a lab environment but haven't really used in anger.
Placing technical issues to one side, if you're providing a chargeable service some (rightly or wrongly, a debate for another day) will be more comfortable with a service backed up by a commercial organisation; and I have come across a handful of organisations that specifically disallow open source in their environment.
Given the relative low cost of a single Nessus license (compared to other commercial offerings) I'd suggest this may be the way to go in a commercial setting. The cost of a license can quickly be offset by picking up business from clients that otherwise wouldn't consider you.
|
|
|
|
|
19
|
EH-Net / News Items and General Discussion About EH-Net / Re: Need Everyone's Feedback!!
|
on: October 01, 2012, 06:20:03 AM
|
Answering Don's question direct: I don't like brain-dump, learning to the exam type activity, but at the same time: - Those that purely study to pass the exam aren't doing themselves any favours and will quickly get passed by in the industry if they don't learn beyond passing the cert
- Certifications that can be passed purely by brain-dump are intrinsically of less value that those that require more indepth testing and/or practical portions
- Businesses that can't identify paper tigers through either the interview or procurement processes will have issues regardless of what we do as a site.
- Typically members getting involved in these sorts of posts disappear fairly quickly, but there are plenty of examples of those (probably myself included) that have started out that way, but with the help of the community have grown beyond.
EH-Net has always (mostly) been a friendly and helpful place to study so I'd be inclined to continue to allow such discussions. The community is good at self-censorship if a member starts asking questions beyond what is deemed 'acceptable'. From a personal perspective, if I don't agree with a topic, discussion or tone of a post, I just don't reply. my £0.02....
|
|
|
|
|
21
|
Ethical Hacking Discussions and Related Certifications / Other / Re: Back Track
|
on: September 25, 2012, 06:33:51 PM
|
[...] i thought maybe only BT is used for pentest, since it's extremely popular .
Personally I think it's a bit of a feedback loop: - Backtrack is popular because it's a good package, no getting away from that
- Because it's popular (and relatively stable) it's used for a lot of training or self-taught from books/articles
- Because it's used in a lot of training, a lot of people become comfortable/confident with it
- Lots of people using BT, means it becomes more popular
- GOTO top
|
|
|
|
|
22
|
Ethical Hacking Discussions and Related Certifications / Other / Re: Back Track
|
on: September 25, 2012, 06:03:23 PM
|
Hi, there's many different options to use on a test, for alternative dedicated distros take a look at BlackBuntu or BackBox for example. Additionally you don't need to use a dedicated pentest distro to perform pentest activities. My main machine is a vanilla Ubuntu (Mint) installation with my preferred tools either installed from repos or compiled from source. Plus I keep a BT VM image handy incase I need to rapidly confirm output from my own system, or access a tool a rarely use. The main reason for using BackTrack, especially in a training environment is that it ensures that all student system configurations (should) be identical, so effort can be focused on learning the tools and techniques, rather than trying to troubleshoot each student's unique configuration issues. Ultimately use whatever you feel comfortable, try a few and see what works for you.
|
|
|
|
|
23
|
Ethical Hacking Discussions and Related Certifications / Malware / Re: Need Obfuscated Javascript samples
|
on: September 25, 2012, 05:53:21 PM
|
If I'm wanting to quickly analyse some JS in the wild I usually turn to Wepawet. I've no affiliation with the service but it couldn't hurt to get in touch with the team there to see if they're willing/able to provide access to some of their samples? Alternatively, some of Wepawet's reports can be accessed based on md5 hash of the content (I found this report via a quick google search for example). I've not read their Ts&Cs so use at your own risk, but a quick Google Dork of: site:wepawet.iseclab.org intitle:report inurl:'type=js' is currently returning >15k results Unfortunately Wepawet's report format only lists the de-obfuscated operations rather than the original source so may not be exactly relevant to your needs, but you could always use the listed report targets to grab any scripts that are still live yourself. Hope this helps, good luck with your project.
|
|
|
|
|
24
|
Ethical Hacking Discussions and Related Certifications / Programming / Re: python newbie
|
on: September 25, 2012, 05:40:57 PM
|
Do you have a direct link for that? Other than a couple of course samples best I can find is the promotional pricing of $250 for course + cert. Still looks (and sounds, from those I know working through it) to be well worth the price, but if there's a (legit) free avenue to the material I'd be a fool to part with my cash....
|
|
|
|
|
25
|
Features / Book Reviews / Re: Violent Python
|
on: September 25, 2012, 01:56:45 AM
|
Thanks for the heads up, wasn't aware of this one but looks like an interesting read, and just in time to make a good stocking filler  Show's one of the standard bug-bears with being this side of the pond the though, choice between 20USD or 20GBP. I might have missed something in the world of FX, but the exchange rate isn't 1:1.....
|
|
|
|
|
26
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Avoiding Pentest DOOM
|
on: September 24, 2012, 02:53:33 PM
|
Thanks for sharing the advice; and perfect timing, been meaning to look at improving data retention/destruction provisions, this should be a great foundation. With regard to destroying data once report is in client possession, how do you handle client's losing/forgetting the report and then claiming you didn't fulfil contract if you can't provide deliverables down the line? It's the biggest argument I've encountered against destruction of data. I'm assuming project sign-off etc, but curious to know if there are other options I've not thought of. And I'll apologise now, but I will be stealing Resume Generation Event for future use 
|
|
|
|
|
30
|
Ethical Hacking Discussions and Related Certifications / Other / Re: GoDADDY.com gets hacked. DoS for millions of websites.
|
on: September 11, 2012, 08:33:59 AM
|
I've heard (unsubstantiated) reports that the issue can be traced back to an outage/attack within GoDaddy's DNS infrastructure. Assuming that's the case (I'm not a GoDaddy customer or have any inside knowledge) I came across this article today that indicates that GoDaddy's DNS infrastructure isn't as resilient as it could be. Whether this has any impact on the outage or not, it is an indication that weaknesses were/are present within the hosting infrastructure for GoDaddy. (although recent comments on the article suggest that it may not be as simple as initial research suggests, pinch of salt required.....)
|
|
|
|
|
Loading...
|