I prefer to stick with networking, programming and systems based reading. For the most part, there are under one handful of books that are alright when it comes to pentesting. The problems I have are:

1) Content is tailored for your reading pleasure
In most books, they're using loaded examples. Similar to shooting fish in a barrel. What are you learning? Certainly not the core of what happens during an exploit. You're leaning what they did to compromise their loaded machine.

2) Content is horribly narrow
Name me one pentesting book that does not use MS08-67 and I will show you 20 that do. Pentesting does not revolve around Windows MSRPC. There is a lot more to understand and learn.

3) Rehashed rehashed rehashings
Most books I have read (and I have read about 10-12 books this year alone) are so repetitive of the things that I have seen in other books and blogs that its disgusting. I would (and always do) recommend understanding systems and networking at an extremely level (understand the protocols) moreso than focusing on wasting money on "Hacker Voodoo Edition 7 Multi Platinum Bling Bling Edition."

Reasoning for me so adamant about learning such content (sys/net) for those new to pentesting is that it makes them well rounded where they begin to compile a wider array of expertise. Makes little sense to compromise a system only to get on the system and not understand even the basic commands, the basics of say a multi-homed network, a NAT'd network, VPN'd network and so forth.

Get licensed by whom? In a conventional licensing scheme, one takes exams and is certified by a governing body who sets forth parameters of checks and balances alongside rules to ensure that the individual licensed is "on board" with the objectives of whomever gave them the license. When the individual strays from this, the license is revoked, penalties applied and so forth. There is not ONE organization that 1) has the authority to make this sort of rule 2) has the capability/know-how to enforce any silly rules it could apply when it comes to "cybersecurity." The framework for global cooperation is not and will never be there so such license would be utter nonsense and complete marketing.

You don't need a license to perform penetration testing and anyone who tells you this needs to stick to reading re-hashed nonsensical books. What you will ALWAYS need is insurance to cover yourself and the possibility of damages you may incur from doing something wrong. No one, not one organization be it SANS, EC-Council, even the US Government can make a push for "licensing" pentesters. The content would be so broad and never-ending no exam could possibly be given. This is because of the many areas of security involved in penetration. (See http://infiltrated.net/TechnicalSecurityRoadmap.html)

Now, to answer your question, the link above will also give you a glimpse and starting point at the many different and diverse areas concerning security testing. I suggest having a look..

Hrmm yea... No its not better. I often got tunnel vision going through CISM stuff and wasn't sure if I wanted to choke the authors of the content or myself for bothering with it. What I did notice about ISACA in correlation to the "hardcore technies" (you know... people who don't live in Spreadsheet world) is... Don't apply any technical thought into anything related to ISACA. The more business driven drivel you can concoct for an answer, the higher likelihood you will get the right answer.

My suggestion is to file a stalking and harassment report with your local authorities. They will (theoretically) be in a better position to assist you. Anything anyone does will likely tamper with potential evidence should you want to go to the legal system so if your ultimate goal is to that (somehow seek prosecution), then literally call the cops.

Because there is so much that could be done to remotely take over your machine, anyone can write a booklong response which will likely leave a non-technical person confused. If you don't seek to go the legal route, hire someone to figure out how the investigatory work. Your best best, copy any information you deem "sacred/holy/worthy" onto a storage device and rebuild your machine. This ensures you have a clean machine. Apply patches,etc., then change your passwords to something worthwhile.

Then have those with the ASS certification would need to follow strict RMBSS guidelines to qualify http://www.infiltrated.net/rmbss.html

The overall goal was to keep it symmetric and working across the differing platforms:


-t never works on any BSD nor Solaris and in HPUX it wouldn't work either. I thought about doing if [ uname == $THIS ] then ... But I was lazy and it meant more lines of code. Aside from comments, the entire thing can be streamed into under 25 lines so you can copy it right on a term without raising a bandwidth flag if someone is doing SIEM.

Ransack Post Exploitation Tool v 0.1 - Ransack is a post exploitation tool to be used by penetration testers. It is more of a proof of concept and its purpose is to grab any information deemed relevant on a system, post root compromise. This information may include config files, ssh keys, ssl keys, or any other information deemed valuable.

After seeing a lot of posts here on finding information for the OSCP exam, I figured I would try to give people something to 1) think about and 2) others to put to use while performing authorized work. As I am a stickler for going against the grain, its a simple shell script. It could have been written in Perl, Python, Ruby or another language but as usual I chose not to. The reasoning for this is logical and simple: There is never a guarantee that a specific programming language will be installed on a machine. If it is not, that would mean I would have to either install it on my own (which raises the detection rate), re-program it to match the system I am on (which again raises the ratio of detection).

Once on a system, there is no guarantee that 1) you will know what to look for 2) will NOT miss something important because you are scrambling to figure out what the system is, what it does and so fort. The goal was to ransack the system for files that are usually valuable. Those files are copied over and tar'd in order to extract and dissect the data on another machine.

Data extracted includes SSL certificates, SSH keys, config files, and so forth. It will also determine who is in a "juicy" (privileged) group and rasack their directories as well. This will include a user who may be in a group such as wheel, mysql and so forth.

Since its simply a shell script, anyone can modify it to look for just about anything and "ransack" that information as well. Most information can aide a pentester since password reuse is rampant, many configuration files will yield other networks and IP addresses and so forth.

Lastly, lest anyone complain about the tool, the tool was released to aid penetration testers. Not assist malicious individuals. The reality of life dictates people will likely use the tool for nefarious purposes. Much similar to a handgun; a police officer may use his weapon to put down someone deemed as a threat (life saving) while someone else may use a handgun to rob a bank. Don't shoot the messenger there is a valid and legitimate purpose for Ransack.

http://www.infiltrated.net/scripts/ransack.sh
sh ransack.sh

Maxe +1 at the Snowflake remix. As far as the rap is concerned, reminded me of when I lived in Sweden and would listen to Petter

K since dynamik named names here is a brief list of whats on my laptop:

Assembage 23
VNV Nation
KMFDM
Vinny Paz
Jedi Mind Tricks
Immortal Technique
Slaine
DJ Kentaro
Beborn Beton
Dismantled
Sevendust
Godsmack
Mindless Self Indulgence
Seize

Then there are a couple of tracks I made: http://www.tormenting.net/dr8/

There isn't a miscellaneous forum so I posted this here (sorry Don couldn't find an alternative). Since many of us cross forums, industries, paths in life, emails and so forth (some of you I have known and corresponded with for years), just curious to know outside of tech... What does everyone listen to. When I work I tend to throw on headphones to listen to music. In fact, when I read, I also listen to music. Personally, I listen to everything under the sun including foreign music (German, Swedish, Russian, Asian, etc)

I noticed that when listening to music I get a lot of "aha" moments when doing security work. Most tracks I listen to tend to be fast paced and very "lyrical." Lyrical in the sense that most songs I listen are craftily worded. ... So what's everyone else listening to? Today I'm on a hip hop frame of mind. I don't mean rap music you will hear on the radio. Current playlist: Immortal Technique, Jedi Mind Tricks, Slaine, Block McCloud

Funny thing is I can switch it up an hour later and listen to Hall and Oates, Styxx, Ratt, Kenny Rogers, industrial music .... I'm just curious to know who else out there has as much ADD/ADHD as I do

Utter stupidity... Had he simply kept it in his pocket, they'd of likely NOT looked at it and brushed it off as porn. Had they wanted to TRULY keep it secret, they'd of posted it to something like the Pirate Bay under a random name. They deserve to be caught...

A CCNA will give you enough to become a minor router admin and is not enough to get into security. Networking is important as a whole as it will assist you in being able to weave your way around networks figuring out what is connected to what, how, why and where. Unsure what you mean about "second level" of networking.

Personally, I always recommend CCDA/CCDP studies in relevance to security as it helps you understand the architecture from the 50k foot view. The CCDP forces you to understand topics such as QoS, MPLS, VPN and other topics you can run into when doing this. Unsure how many pentesters I have met that couldn't tell you default information for say BGP, OSPF and why they'd likely not pierce a hole in an MPLS tunnel. But that is going too a bit of extreme for a pentester with less than say 10 years experience. Not too many people can stomach or tolerate networking so they end up stuck on Web Application Security and other boring areas of pentesting.

So to re-answer your question: No the CCNA does nothing for you when it comes to security. Understanding the OSI would have been enough and if you wanted to immerse yourself deeper on the networking side, CCDP and IE Security studies will get you there.


Here is the reality of this: 1) Programming simplifies your work and helps you out whether you choose to build your own tools or modify someone elses. It helps in discovering and exploiting faults (fault injection aka fuzzing) in badly written programs. Whatever language you choose, is optional and always opinionated. I snicker at those posting: "You need to learn Python" when almos NOTHING I DO is in Python. It might help you in a situation but is NOT the de-facto language and anyone telling you this is underclued. Had I to recommend a language it would be: "Any that makes you comfortable."

I tend to use shell scripting almost 99.99999% of the times as I try to avoid installing anything on a system since it attracts attention. Most people touting "Learn Python! ... Learn perl! ... Learn Ruby! ..." are generally someone who is used to firing off tools from their own workstation. Throw them on a contained system where they cannot use these tools because they are not installed, and watch them fail miserably. Understanding specific systems and their tools is THE MOST crucial thing you can teach yourself however, certain languages will AID you. If YOU however, rely strictly on a specific, you will eventually fail.


The better you understand the systems, the quicker and easier you will be able to find flaws, misconfigurations while keeping your noise ratio down. I say focus on systems more than programming for now.


Any cert you have will help not hurt. Providing a measurable record of what you know goes a long way so if you want to get them, then get them. Just be aware that experience ALWAYS trumps the cert.


I started taking certs out of boredom. I already have over 13 years experience when I started taking them. Then I continued out of i) Boredom ii) a personal challenge iii) to annoy people with an annoying long signature (serious). Experience always trumps the paper in reality, and certs to nothing more but add to your salary depending on your logistics. Depending on your area of work, they may be mandatory as well. The goal to getting tangible results and your moneys worth, is to find out what interests you in the field of security. Then focus on becoming the best you can be for your own personal gain. The more you learn, the easier it will be to pass cert exams.


This sounds more to me like: How can I hurry up pass exams and make more money... Nothing wrong with the concept, but the industry is cluttered with entry level people who have beginner "hacker" certs along with CCNAs.

My suggestion, first find the area of security which most interests you and learn as much as you can about it. Focus on making yourself the top expert in that category, read study break, break study read. Understand as much as you can until any question you're asked, you will not hesitate to answer. Once you're comfortable and you start seeing many people come to you for help, to ask a question, then start focusing on the exams. By the time you get here, it will be from experience and learning. Then start banging out the exams.
   
What too many people nowadays is rush the issue. A LOOOOOONG time ago, individuals were required to learn, then apprentice for years before taking the exam. Nowadays, it seems everyone is in a rush and when things are rushed, they barely go right in the long run. This is your life, no one's comment is going to make any impact on your life, only you can make an impact by doing what is right for you. Logically: "the right way is the only way..." The right way comes from time, patience, experience and learning... Not trying to rush through 6 months experience and oh college and oh... Learn as much as you can at the pace you feel comfortable with. Learn it because you want to learn it, because it interests you, not because everyone else is doing X or Y. If I had a dollar for every answer I have to shake my head at, I would be able to dish out monthly payments on a pretty nice car.
   

This is probably on par to being the best free material you can find on malware from a realistic perspective (meaning, what really occurs when analyzing malware).

http://fumalwareanalysis.blogspot.com/p/malware-analysis-tutorials-reverse.html

I enjoyed the read. Right now though, I'm studying Cisco 352-001 stuff and have about 8-12 books on design stuff (MPLS, QoS, Security, etcetcetc)). I'm also going back and forth with Managed Code Rootkits and Introduction to Eletronic Warfare Systems 2nd edition. I think I may step back for the summer though as I am starting to feel overwhelmed with work, teaching, learning, life as a whole. May need a quick break

Would be good to use as a virtual drive in order to share massive hashes

Let's take an example IP from a business: (IP is random)

What do we notice with my example? Comcast Business Communications, What about normal Comcast cable users?


Notice the differences? Now let's look at what Rel1k posts in his book:


Most BUSINESSES will have their business information posted on the whois. We see none of this, alongside that statement, there is no indicator of any business name or secmaniac or maniac or sec or any other worthwhile identifier to state this IP space belongs to the author. So let's see who owns the IP space and what type of business they are in: WideOpenWest Finance LLC WIDEOPENWEST (NET-75-118-0-0-1) 75.118.0.0 - 75.118.255.255 Doesn't seem like a security company to me, its a cable provider (http://www.wowway.com/).

Let's try this with Microsoft:


Notice two things 1) the information for the COMPANY and 2) the AMOUNT of information being returned. Most whois lookups will return A LOT of information for companies whereas for most ISPs, the return will be a line or two long. That's first. The second thing to notice is the names of the business itself or the association with the domain you are looking up and the return information.


So who is this? What kind of company is it? I will let you answer this question now. It all boils down to power of logic and reasoning when unsure. You can i) Visit the website a whois returns to see more about the type of business associated with
the address and so forth.

This is THE BIGGEST REASON that I am a stickler for understanding the common grounds of networking and systems before even attempting to venture out into security.