I just passed the v6 material.

As Chippybox said, a lot of the tools discussed are outdated, to the point where most of my study time went into learning about legacy stuff that I've never encountered in the real world any more.

If you're looking for C|EH to give you the knowledge required to start out in the field then I'd move to v7, or look at alternatives if training centres are still focusing on v6.

Either way, good luck

Wondering who else is attending?

I'm going to be in London 19th-21st, would be good to meet up with some EH-Net'ters in person and talk tech

Nice one j0rDy 

I'd half typed a response (would have been frist), then remembered the date and hoped you were kidding.

well played

Link is dead for me, try here.

Not sure how I forgot that as I wrote the article, it's been one of those days....

Hi,

I wrote two posts a while back detailing my my lab's network setup that I use for testing. Will hopefully give you an idea and point in the right direction:

• Virtual Lab Network
• Virtual Lab Machines

Hope this helps,
--Andrew Waite

Hi All,

I've just ticked off the latest certification I've been working on (CheckPoint Certified Security Expert - CCSE).

Once the dust and celebrations (pizza and beer) settle I'm looking forward to what's next. First choice at the moment is to self study for C|EH, but I'm struggling to find any study guides covering v7, can anyone point me in the direction of anything I've missed?

Alternatively, I've already got some guides covering v6. How much difference is there between the two, do I stand a chance studying for one and taking the other?

Thanks in advance,
--Andrew

(p.s. apologises if this has already been answered, tried searching the forums (and Google) but came up empty.)

Hey Bushman,

this may not cover everything that you're looking for but, the there is a 'permission memo' provided on the Counter Hack site which should give you a starting point.

Welcome to the forum.

I'd guess it depends how intelligently Nemesis is mimicking then true open port.

For example, if it's just throwing a syn-ack packet in response to a syn then you should be able to just look for one port that doesn't behave like the rest, that will be the real service. With nmap I'd suggest trying the version detection flag (-sV) and look for different output.

Similarly you could easily script nc to connect to each open port, pass some arbitrary input, and look for differences in response. Again I'd expect all of the Nemesis ports to respond in the same manner, with the real port being unique.

Depending on how convincing the Nemesis responses are, you may need to craft some complex data/input before you identify a difference, but you will get there. If not, and Nemesis is responding exactly like the real service, then you've just opened the same service on multiple ports

Hope this helps, let me know how you get on, would be interested to confirm how well the above works in practice....

+1, I did the same, nothing like a rookie error on a public board

which part? Unless I'm missing something I can't see anything in the code you've uploaded that indicates a shell.

Again, not a Joomla expert so I'm going blind on some things, but:

'Edited' index file includes two additional php files (helper.php & toolbar.php). Are these a legitimate part of the framework? Are they also edited? Are they required? What do they do?

looks like the edited file removes an authorisation call, suspicion levels rising...

Finally, the edited index file looks like to calls a function to get a gzipped copy of the configuration file.

From my knowledge of Joomla this could be legit (if you're seeing it across multiple systems, any chance you've just upgraded Joomla?). But at worst looks like a data leakage issue, I'd still suggest focusing on locating the original compromise, this looks to be more a symptom than a cause.

Can anyone shed any additional light?

Agreed, most home security isn't great, but for the most part it could be as secure as it needs to be. Investment (time, cash, resources) into security above the level of the value of the protected assets doesn't provide a good ROI.

It's easy for use as security people to scoff at the inability of 'normal' users to secure their systems, but this is what we do. On the flipside; I drive a car, but have no (indepth) idea of how it runs, or how to fix if it breaks. Despite the mechanics that I know telling me that it's simple. There just isn't enough time to know all topics indepth, and for most, computer security isn't a priority.

Wireless (in)security is rife though, I did some wardriving a while back (and need to re-do to see if there has been any change/improvement), almost 50% of all APs were either running WEP, or completely open (findings here.) I'm guessing one problem may be compatibility issues, from my own experience I have an older Nintendo DS that can only communicate with open or WEP networks.

Whilst increasing home network security is a good goal to work towards, if we did provide average users with greater access to security resources and knowledge, would they be interested enough to take advantage? I'd argue that they already have all the resources they need online...

Alexsp,

I've no experience with Joomla, so apologises if this is overly generic. If you can post what the file should be, or just outline which code is added/modified that will help.

However, whilst this may be a result of a compromise, I'd not expect the code you've found to be the first point of intrusion, as any attacker would already need a foothold on the server to be able to add/alter any of your existing source.

I'd strongly suggest a thorough review of server logs, access, user etc. (basically the usual candidates), as well as a security audit of the code hosted on the site.

Is this site the only web application running on the server, or is it shared? If shared, it could be that the fault doesn't existing within your application, but a weakness on a different site has allowed a malicious user to system access to modify source code of otherwise secure web apps.

Hope this helps.

I don't use AEBS, but I have seen similar problems when scanning through other devices. Unfortunately only options I've found are:

• Accept that the ports are a false positive (& possibly ignore an actual positive)
• Replace the hardware, as you've tried
• Shift scanning source to outside of the device causing issues (not always an option)

If anyone has a better solution, I'd also welcome the advice.

Sounds like you're already doing a lot.

Might not directly get you a job but I've found it can't hurt, start a blog and write up anything you're are doing whilst studying and learning; new tools & techniques etc. (I know, hated the idea when I started).

As well as helping you retain the info by having to write about your understanding, it can also get you involved in the community and provides a stage to show employers what you are capable of and help you stand out from other applicants.

If getting a security specific role is difficult, look at an admin or support role in a smaller organisation (<250 employees). You'll be amazed at the number of other techies that are delighted to pass off the 'boring' security tasks if you show an interest

Hope this is of some help, good luck out there

(& twitter doesn't hurt either...)