|
Ethical Hacker Community Forums
|
|
November 22, 2008, 07:16:56 AM
|
|
363
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: hacking adware.
|
on: March 19, 2008, 07:58:24 AM
|
Just had this link from ThinkGeeks http://www.thinkgeek.com/gadgets/electronic/a11e/ and it reminded me of this thread. Basically it plugs in a free USB port and randomly sends fake keyboard and mouse input. My first thought was, 'oohhhh cool prank' but thinking about it a bit more, I'm sure this could end up being nasty in many cases. Don't think I'd want to find someone had added this to my machine whilst I'm in config mode of a live Cisco device for example. Has anyone done or seen pranks that have gone wrong in similar ways? It's all fun an games until someone loses their job... |
|
|
|
|
364
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Social Engineering
|
on: March 18, 2008, 04:02:05 PM
|
I would suggest starting to do presentations to your work colleagues about topics you have confidence in. This will get you comfortable speaking in front of people.
...
If you're not comfortable in front of people how do you present to a room full of clients about the results of the pentest? That aspect of being a pentester is as important, if not more so than being technically proficient.
I think you hit the nail on the head, confidence for me (or lack of it) is the key to doing whats needed. Stick me in a room full of suits and directors and I'll quite happily discuss a vulnerability in layman's terms. Stick me on the phone to a security guard to convice him that "the BLT drive on my computer just went AWOL" and it's a whole different ball park  |
|
|
|
|
368
|
Features / Book Reviews / Offensive security scenarios?
|
on: March 18, 2008, 12:50:03 PM
|
All, I may have been dreaming as I have been unable to find any proof after the fact, but in case I'm not crazy (not likely according to the missus ) I have a question to ask. I once read a sample chapter for an IT security book online, possibly EH-net but I can't find it. The book detailed 'offensive' security practices (not the training company) were admins could use configurations and tricks to thwart intrusion attempts, such as bogus DNS entries such as 'rm -r /' to kill an attackers machine parsing zone files. The book dealt with fictional scenarios going through each from both an attacking and defensive viewpoint. Whilst I have no idea how technically good, correct or advisable the book is as I only managed to read a few pages, it was an interesting read and I would quite like to get my hands an a hardcopy. I know this isn't technically a book 'review' but I couldn't think of a better forum for my plea for help. If anyone can help me out with the title I'm looking for I'd greatly appreciate it. |
|
|
|
|
369
|
Resources / Links to cool sites. / Re: VTC Learning Library Free One month subscription
|
on: March 18, 2008, 11:55:24 AM
|
it was kinda fun and exhausting 24 hrs.  It's the examination that is putting me off at the moment. I know the theory and handle security systems and audits on a regular basis, but I'm not confident that my skillset it tuned enough to work to that level under pressure. If I take the course I'll definitely be going for the 60days lab access first and just spend 2 months solid at it. How well are the labs set-up? From previous training I've seen some fantastic labs and I've seen some that I could have knocked together in under 30 minutes. How good is the training material? I've seen/read the C|EH courseware (older version though) and was disappointed with the general finish and readability of it. Although the technical information seemed excellent at the time. As with the VTC course, I'm on a limited budget at the moment so would like to make sure I'm getting the best ROI for my level of experience and ability. First hand experience always seems to be the best guide with these things. |
|
|
|
|
370
|
Resources / Links to cool sites. / Re: VTC Learning Library Free One month subscription
|
on: March 18, 2008, 11:41:34 AM
|
I think OffSec 101 is going to be the best choice if you are comfortable with the basics. Be prepared for the Offsec - its really going to be a real challenging experience. I am currently doing it.
Thanks Manu, think that confirm my suspicions. If OffSec 101 is that challenging do you mind me asking what your experience/skill sets was like before you took the course? Would be nice to be able to better gauge whether I'm ready for some of the training I've got my eye on. |
|
|
|
|
371
|
Resources / Links to cool sites. / Re: VTC Learning Library Free One month subscription
|
on: March 18, 2008, 10:57:07 AM
|
|
Guys,
I've just completed the free portion of VTC's "Ethical Hacking & Penetration Testing Tutorials", thanks again for the link Manu. Whilst I've enjoyed the experience there wasn't a lot of specific content. I appreciate that the tutorials available freely just cover the overviews of each topic, but I was expecting a bit more.
Does anyone have any experience of this offering before I part with my hard (possibly) earned cash to get access to the rest of the series? Or would I be better off saving and spending a bit more with another trainer (the Offensive Security 101 on line program for example)?
|
|
|
|
|
373
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Pentesting Kit
|
on: March 18, 2008, 10:04:20 AM
|
The hacksaw is for when he's on the road. You know the story: you're in a hotel for a week while you're doing the pen test, you meet someone in the hotel bar, bring them back to the room, it goes badly, and the next morning you need to get handcuffs off your wrists and ankles. We've all been there.
That answers my question, guess I'm just too young and inexperienced to have come across that particular issue yet |
|
|
|
|
Loading...
|
Forum 
Show Posts
Tools : NetWitness Investigator is now free! 
