HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 40 guests and 3 members online
 
Advertisement

You are here: Home arrow EH-Netarrow News Items and General Discussion About EH-Netarrow Another new member intro
EH-Net
May 24, 2013, 08:39:18 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: 1 [2]   Go Down
« previous next »
  Print  
Author Topic: Another new member intro  (Read 20789 times)
0 Members and 1 Guest are viewing this topic.
oneeyedcarmen
Full Member
***
Offline Offline

Posts: 233


Klaatu, Borada,Necktie?


View Profile
« Reply #15 on: August 08, 2008, 08:19:35 AM »
Quote from: BillV on August 07, 2008, 09:00:53 PM
It's a much more well-rounded certification than it used to be Smiley

That may be the case, but until it loses its stigma with hiring managers, is it really worth anything?  (understanding that any training/education is obviously good for you)
Logged
Reluctant CISSP, Certified ASS
BillV
Hero Member
*****
Offline Offline

Posts: 1892


View Profile WWW
« Reply #16 on: August 08, 2008, 01:53:23 PM »
Quote from: oneeyedcarmen
That may be the case, but until it loses its stigma with hiring managers, is it really worth anything?  (understanding that any training/education is obviously good for you)

Yeah, I see where you're coming from. I guess we have to hope CompTIA does their part of promoting it properly Undecided Seeing as how the [new] objectives are now 2 years old, I'm not sure how far it'll make it.
Logged
$w33p3R
Newbie
*
Offline Offline

Posts: 30


View Profile
« Reply #17 on: August 09, 2008, 01:07:35 AM »
Quote from: BillV on August 01, 2008, 02:57:46 PM
Nope, you certainly don't need to be an "enterprise developer" in any language. More so like you have stated... that you can look at the code and understand it well enough to determine what's going on and where the security holes are.

So, for the PHP example, when you see something like...

Code:
<form action="" method="post">
<input type="text" name="username"><br />
<input type="password" name="pass"><br />
<input type="submit" value="Login">
</form>
<?php
if ($_POST[submit]) {
 $sql "SELECT * FROM users WHERE username='$_POST[username]' AND password='$_POST[password]'";
}
?>

You would know that we quite obviously have a problem. I also don't mean that you need to know 'every' language either.

Also, going along with your 'studying for A+' idea and wanting to get into something... you may also want to have a look at the Microsoft MCDST (Desktop Support Technician). You can study for the exam for FREE directly though Microsoft with their E-Learning site...

https://www.microsoftelearning.com/eLearning/offerDetail.aspx?offerPriceId=54989

Good luck Smiley

BillV

Just wanted to say that this is very great advise for anybody wanting in the security field.  I work in the profession and several months back I was contacted by our programming department when their website was a victim of SQL Injection.

First, they didn't realize how it happened and secondly wanted to know how to fix it.  The site was built with ASP and I was asked to look at the code and help them find the security hole.

So, to the OP, if you plan on working in the profession, you kind of have to be a jack of all trades when it comes to security.  If you plan on Freelancing, you can specialize in certain fields of security, but in most cases, an employer expects you know how to fix any security problem once you get CEH, ECSA, LPT or some other security cert by your name.  Just be prepared for that.
Logged
MCP, CEH
Andrew Waite
Hero Member
*****
Offline Offline

Posts: 928



View Profile WWW
« Reply #18 on: August 09, 2008, 03:53:58 AM »
Quote from: $w33p3R on August 09, 2008, 01:07:35 AM
First, they didn't realize how it happened

Unfortunately I'm seeing this far too often lately with developers.

A site (or several) get hit with an (often automated) SQL injection attack and the 'fix' is to roll the database back to a clean state. Then get confused when the same thing happens less than a week later (lather, rinse, repeat...). People seem intent on fixing the symptom rather than the cause where web-site infecction is involved.

I've also seen cases of otherwise secure coders cut&pasting code from another source without checking it cuts mustard from a security perspective
Logged
-- http://www.infosanity.co.uk
-- http://blog.infosanity.co.uk
sgt_mjc
Sr. Member
****
Offline Offline

Posts: 294


View Profile
« Reply #19 on: August 11, 2008, 09:55:35 AM »
Nothing wrong with finding a DB vulnerable to this. The problem is that they (DBA, SA, NA) don't know that they don't know how to fix it. So instead of asking the question, it's easier to just roll back to the last backup. Which as RR pointed out, leaves them open for round 2. got to love the admins....
Logged
Mike Conway
CISSP
CompTia Security +
C|EH
Cheap5.0
Newbie
*
Offline Offline

Posts: 10


View Profile
« Reply #20 on: August 13, 2008, 01:02:49 PM »
Thanks again for all the help with this guys, but i am having some trouble finding info about setting up a hack box/what kind of things i could do with one. 

I am slowly buying parts to rebuild my computer (getting stuff as 24 hour sales pop up, waiting for price drops, etc...) and i am thinking i will turn my current computer into a hack box.  Can someone link me to anything useful?
« Last Edit: August 13, 2008, 01:04:21 PM by Cheap5.0 » Logged
Cheap5.0
Newbie
*
Offline Offline

Posts: 10


View Profile
« Reply #21 on: August 25, 2008, 03:54:36 PM »
Anyone want to lend a hand here?  What should i be looking to accomplish when building a hack box?  Should i just throw some spare parts together, put *nix on it and network into everything else at home?  Then what? 

Sorry if it seems like a 'duh' question, but i really do mean whats next?
Logged
dalepearson
Sr. Member
****
Offline Offline

Posts: 357


View Profile WWW
« Reply #22 on: August 25, 2008, 04:26:19 PM »
Any box can be a hackbox really.
As Linux is not really hungry on resources, it doesnt ask for to much, but I prefer to have a reasonable amount of memory for number crunching.
Logged
:: Subliminal Hacking :: / :: Security Active Blog ::
sgt_mjc
Sr. Member
****
Offline Offline

Posts: 294


View Profile
« Reply #23 on: August 26, 2008, 11:42:28 AM »
A good processor and a decent amount of memory will help. All of our boxes here run on Linux. As dale pointed out, Linux runs light freeing more system resources for what you want to do. there are also many tools out there written just for just for Linux. Aircrack -ng for instance can be compiled to run on Windows, but the developer basically said that you are on your own for the required drivers for Windows. Good luck and happy hunting.
Logged
Mike Conway
CISSP
CompTia Security +
C|EH
Cheap5.0
Newbie
*
Offline Offline

Posts: 10


View Profile
« Reply #24 on: October 29, 2008, 04:21:20 PM »
Alright guys, i have setup (through my college) a job shadow.  We have not hashed out the details, but it should be within the next month.  They are trying to find someone in the info sec field that is willing to allow me to shadow them for a day or three, but i might end up following around a network admin (admins often wear the security hat in a smaller business right?)  If i end up with someone not specificly in the security field, but is knowledgable about this topic what kind of questions should i be thinking about?  I guess a better way to ask this question would be, what do you wish you asked about before you got your job in the field?

Also, in trying to find someone suitable what should the advisors helping me with this (and me as well) be asking about the person involved?  If a info sec person is not someone i can find what would be the next best thing?
« Last Edit: October 29, 2008, 04:24:04 PM by Cheap5.0 » Logged
sgt_mjc
Sr. Member
****
Offline Offline

Posts: 294


View Profile
« Reply #25 on: November 03, 2008, 10:32:13 AM »
Definitely looki for an admin if there are no security guys around. But don't just focus on the network admins either. Look for a good SA to shadow. Ask them to show you any of the security built into whatever system they are an admin on. Unix type machines have several feature like a shadow file or a host.deny file. Ask them to show you wys to secure the box or if they know of any ways around the security in place. If a Windows SA, talk about the hashes, LM vs NTLM. Any competent SA should be able to help you out there. If you want any more info on what you could look for, do a Google search for DISA STIGS ro just DISA STIG. These are guidelines from the federal government for securing netowrk computers. There are also guides available from NIST.

Oh, just thoughtof this: Do you have a clearance? Without this, you shadow oportunities may be limited. Good luck.
Logged
Mike Conway
CISSP
CompTia Security +
C|EH
Pages: 1 [2]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.085 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Free Business and Tech Magazines and eBooks

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.