The Ethical Hacker Network - Latest posts of: W4nn4B1337

Latest Additions

EH-Net Login

Welcome Guest.

No account yet? Register

Who's Online
We have 26 guests and 1 member online

EH-Net Donations
Enter Amount: $

Google Ads

EH-Net News Feeds
Latest Additions

Book Recommendations

Advertisement

You are here: Home

Forum

Ethical Hacker Community Forums

November 19, 2008, 06:17:19 PM

Welcome, Guest. Please login or register.
Did you miss your activation email?

News: ChicagoCon 2-Day Ethical Hacking Conference with MS Blue Hats Oct 31 - Nov 1. Tickets Only $100! www.chicagocon.com/content/view/103/51/

Home

Help

Calendar

Login

Register

Show Posts
Pages: [1]

1	Ethical Hacking Discussions and Related Certifications / Certification / Re: Just signed up	on: April 22, 2008, 10:11:41 PM
Quote from: iSmith on March 27, 2008, 06:12:42 PM good job! how is the exam? ( i am considering doing it one day). as for needing a low-rent EH-hacker, i'll call you if i need one. Sorry, been away for a while. THe exam took me by suprise a little. I used the "EXAMPREP" book to study for the test and had some outdated training videos. I was able to get around the requirement for the boot camp since I am involved with network security at work. As for the test itself, I can only recommend that you have a strong grasp on TCP/IP and I was suprised at the amount of questions that require that you know web application attacks. (SQL injection, cross site scripting, etc) I also had a tough time with questions that had to do with log files and what an attack would look like to an admin. Everything else was pretty much straight forward questions regarding multiple choice. I had some mixed thoughts about the C\|EH exam. I should have gave it a bit more respect because for some reason I kept thinking that I was studying to the level of "script kiddie" as the exam training seems to be based around all the open source tools on the Internet. That was until I took the exam and they really got into command line syntax and net apps attack code. I wasn't ready for it and it almost caused me to fail the test. If you have a strong knowledge of attacking web applications and get the concepts and tools they are teaching you should do well on the test. Just a little about my background, I've been in the IT industry over 15 years, most of it working as a sys admin for the US Army, the last several years I have been doing patch management and vulnerability testing. I am security+,Network+, CCNA certified and now C\|EH. I don't think I could have passed this test prior to getting the CCNA. I don't think it's a prerequisite but you really need to have a strong grasp on TCP/IP, TCP/UDP ports, TCP/UDP/ICMP flags and headers. Hope that helps.

2	Ethical Hacking Discussions and Related Certifications / Certification / Re: Just signed up	on: March 19, 2008, 10:52:49 PM
I just passed the exam today Now I just need to find work! Anybody need a low rent ehtical hacker for hire?

3	Ethical Hacking Discussions and Related Certifications / Certification / Re: Just signed up	on: March 16, 2008, 02:59:28 PM
Thanks for the response and advice - my past VA experience is as a DoD contractor and yes that is the security team. It is mostly reactive/preventative. Have been doing it for a while however, it is not in our contract to provide pentesting services and the interesting thing is it is a bit taboo to mention it. In fact in all the training the Army provides we aren't allowed to have any kind of offensive capability what so ever. Most of the IT team (especially the security team) consider the network certification guys who do the pen testing as the bad guy in a way. (although they won't say it out loud their attitude shift says enough - people got real nervous!) After reading some of your blog I see how and why the pentester isn't a welcome site for the IT team. Whenever the network certification guys came around it was a bit hostile for them. Anyway, thanks again for your help.

4	Ethical Hacking Discussions and Related Certifications / Certification / Re: Just signed up	on: March 16, 2008, 01:35:28 AM
Quote from: ChrisG on March 15, 2008, 07:02:00 AM Quote from: W4nn4B1337 on March 15, 2008, 12:02:40 AM My big question is how to get a job pentesting? Job notices on Monster.com for this sort of thing seem to be a bit light... First of all, thanks for taking the time to lay this out. And thanks for hitting on pretty much all of my weak areas. I'm familliar with getting around a Windows based NOS and Cisco networks but never looked at them from the "outside in" or from the hackers viewpoint. I know about the weaknesses of these systems and know how to mitigate fixing them. However, I never went as far as learning what those exploits were and knowing how to deploy them. This is new turf for me. With that, I hope you don't mind me asking a few more questions? Quote we're full, go try something else. just kidding I've been around long enough to know that in all humor there is a hint of truth. I can imagine the field is tight because I can't imagine many IT staffers hiring 3rd parties to break into their systems. I for one am not that willing to learn about my incompetence. (Lots of big egos in the IT backend world.) I imagine that those who hire a team are not usually the IT directors does this = true? I can imagine that the marketing for a pentest is not mature yet as this seems to be a evolving market. THerefore, not many CEO's are aware of the benefits or even the service. Is that also true? This would equate to a small and tight job market for pentesting I would imagine. Quote in all seriousness, the CEH != penetration tester. Thanks - how do I market myself once I pass the exam? Quote i'm sure i forgot a bunch of things but thats a start. Also be prepared to not make the money like people used to doing it. with the prevalence of "hey i passed my CEH now i'm going to go be a pentester and people working for peanuts sometimes people that have some of those skills dont necessarily get paid according to their knowledge and ability level. What does the payscale look like? Quote pentesting isnt like running nessus with credentials or the scanner of the month. you've got usually 3-10 days to find the one thing that the old you missed or forgot to do. its a different mindset. i dont know you, so i'm not saying you dont have it, but it is something to keep in mind. most of the guys we have doing the VA work arent real good at or interested in doing the piece that we do. I understand, although I have a VA background it's not where I want to stay. Quote advice for getting in, if you are sure you want to do this, really sure, be prepared to a take a junior role and get mentored and use that time to work on your skills. how much that "junior role" pays will depend alot on your skills and where you live. do your best to find a place that has people alot better than you to learn from get your X number of years of experience and hopefully move on to more $$ and different types of networks/apps to audit. Excellent advice Do you usually work "piece meal" or sit on a list waiting to be picked up on a job like a mercenary or something? Are you employed full time with benefits or are you contracted? i.e 1099 etc. I have a family to take care of so would I need another source of income during the "slow" months? Quote hope that helps Great help, and don't mind my screen name - I have to do things like that to keep myself from getting "too" serious sometimes.

5	Ethical Hacking Discussions and Related Certifications / Certification / Re: Just signed up	on: March 15, 2008, 12:57:38 AM
I have to add that just looking at the broad spectrum of topics on the CEH is pretty intimidating. The rabbit hole goes pretty deep (not a reference to the Matrix) Do you guys who do this for a living have a specialty or does youre employer expect you to be a full expert in all areas? I see the CEH as more of a "frame work" to begin building advanced skills from. Is that an accurate assessment?

6	Ethical Hacking Discussions and Related Certifications / Certification / Just signed up	on: March 15, 2008, 12:02:40 AM
Greetings. I just wanted to drop a note and say hi. I just signed on here after finding the site doing some research for the CEH exam. I'm scheduled to take it on 3/19. I'm looking forward to talkign with you folks so here is a little about me. I've been in the IT biz for over 15 years. The last 10 being part of the IT staff for a large corporate network. My primary duties were vulnerability assessment and patch management. I recently passed the CCNA, net+ and sec+ in 2007 and am very interested in going further into the pentest side of things. My big question is how to get a job pentesting? Job notices on Monster.com for this sort of thing seem to be a bit light... Anyway, thanks for having this site up and I'll be digging through it in time. ~Peace

Pages: [1]

Powered by SMF 1.1.7 | SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com

Page created in 0.058 seconds with 22 queries.

Sponsors

Polls

During the most recent election, I:

	Chose a paper ballot.
	Trusted the machines.
	Didn't care, just voted.
	Didn't have a choice. It was paper.
	Didn't have a choice. It was electronic.
	Didn't vote.

Support EH-Net

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.

Try CBT Nuggets Free!

Recent Forum Topics

Hardware : DD-WRT FTW! (1) by jason
Hardware : DIY USB Keystroke Logger? (0) by jason
Other : New to Ethical Hacking? (1) by jason
Forensics : Working for the dark side (4) by Artful Dodger
Tools : Metasploit 3.2 released (0) by apollo
Malware : Microsoft to Offer Free Anti-malware Tool (5) by jason
Oct 2008 - Scooby Doo and the Crypto Caper : [Article]-Scooby Doo and the Crypto Caper (4) by trolley
CEH - Certified Ethical Hacker : MSS from EC-Council? (7) by BillV
Forensics : It's time to get that data back! (4) by sgt_mjc
Forensics : Gaining experience... first steps (5) by sgt_mjc
News from the Outside World : OS with Highest Security Rating from NSA goes Commercial (3) by jason
Other : Microsoft Hyper-V Server 2008 Released, Free (3) by sgt_mjc
Book Reviews : The Art Of Exploitation (3) by apollo
Social Engineering : How to Run a Con (0) by jason
Social Engineering : History Channel's Secrets of Body Language (2) by jason
Social Engineering : Facial Expression Test (0) by jason
CEH - Certified Ethical Hacker : Howdy - study question/labs bootcamp etc. (3) by BillV
Other : PC geeks Inc. (0) by iSmith
Other : UK Data Protection Act (3) by RoleReversal
Other : Yahoo CEO Jerry Yang to Step Down (0) by don
Network Pen Testing : Backtrack 3 Install (2) by KrisTeason
Certification : 7 Types of Hard CISSP Exam Questions and How To Approach Them (4) by jason
CEH - Certified Ethical Hacker : new guy (1) by jason
Programming : Small Basic (2) by jason
Other : Where to start? (5) by jason
Certification : I need your advice connecting to IS certs and careers (3) by jason
News from the Outside World : Deleting your digital past (0) by jason
OSCP - Offensive Security Certified Professional : Next Up OSCP101 v2.0 (31) by jason
Tools : NetWitness Investigator is now free! (3) by jason
Forensics : Data Recovery (6) by jason
Tutorials : problem with use MSF (12) by geekyone
Book Reviews : Hacking Exposed, 5th Edition (5) by cleanwithit0607
Forensics : Looking for advice on pursuing forensics.. (3) by Ketchup
Network Pen Testing : page action (2) by ChrisG
Tutorials : about Metasploit 3.1 plz help (4) by mr.Z
Book Reviews : [Article]-Skoudis - Counter Hack Reloaded: Chapter 7 (8) by cleanwithit0607
Wireless : The best antenna for cracking wep! (24) by KrisTeason
Certification : Pounds For Dollars Study Guide (6) by FaqMe
Tools : Multi-Distro Live DVD (5) by mr.Z
Other : Open Source and dot com (.com) domain name (2) by BillV

Vote For EH-Net

progenic.com
Click here to Vote!

Sadikhov.com
Top IT Cert Sites

technorati fave

Privacy Notice
for TDCC & All Properties

Advertisement

© 2008 The Ethical Hacker Network

Joomla! is Free Software released under the GNU/GPL License.