Well thanx, But I guess I wasn't clear on what I was asking. Not a phone to penetrate, but a phone AS the PLATFORM to run the test on. Things like nmap, nc, metasploit, etc... can all be ran from my iPhone, So I'm looking to  buy another phone in the upcoming months that can accomplish this. I can thinking about the HTC-1 (i think) the G1. ... But I have a lot more research to do. Anyways, I was just wondering. Any thought on this is helpful, thanx


-gliTch

oh well, I tried. lol.

Ok, now I know that this is going to sound (really) bad but I need some help. Is there anyone out there that is familiar with dual booting on a Mac? (Macbook Pro 15" 2.2) and with rEFIt?

Here's my problem: I recently looked at pureh@tes guide here:

http://forums.remote-exploit.org/showthread.php?t=20134

but it's for dual booting with vista. Now I think I should be switching the "hda's" for "sda's" and also when I started fdisk I get:

WARNING: GPT (GUID Partition Table) detected on '/dev/sda'! The util fdisk doesn't support GPT. Use GNU Parted.

starting to wonder if it's a Mac thing or what? And because I already have rEFIt installed I don't want to take any chances with lilo. ...Any help would be GREATLY APPRECIATED!!! even if it's just a mod of pureh@te's guide to install on mac. (I would have ask hate, but I just thought I find better input here).

Once again Thanx all in adv.

-gliTch

Hey everyone, if you haven't seen it yet BackTrack 4 (beta) is out!!!!

Just dropped today, :-) :-)

And I JUST happened to come across it as I was searching for something new :-)

Here's the new description as per the great people at off-sec:

"The Remote Exploit Development Team is happy to announce the release of BackTrack 4 Beta. We have taken huge conceptual leaps with BackTrack 4, and have some new and exciting features. The most significant of these changes is our expansion from the realm of a Pentesting LiveCD towards a full blown "Distribution".

Now based on Debian core packages and utilizing the Ubuntu software repositories, BackTrack 4 can be upgraded in case of update. When syncing with our BackTrack repositories, you will regularly get security tool updates soon after they are released."

You can find that and all the rest about what they have to say about it at:

http://www.remote-exploit.org/news.html

and of course you can get it as of now at:

http://www.remote-exploit.org/backtrack_download.html

I'm downloading right now... I feel like a kid! I can't contain myself!! :-) lol

Well, just thought someone else would like to know if they didn't already.

n/joy ;-)

-gliTch

ok, this may seem a little strange but.... I know that many phones come with linux embedded on them, but I'm wordering: What's the best "phone" for basic pentesting? (i.e. To take someone who thinks they're secure and demonstrate just how far someone could go with just a phone.) ...Something that can run nix or nix app's like netcat/nmap/metasploit/etc.... While I know the iPhone already does all of this, and I have one (....don't ask) I'm just wondering where should I start looking? I won't be planning to switch until this fall (damn contracts) and I'm still very far away from getting to the pentesting career of my dreams (or even an IT job for that matter) but I'm working on it. And with that in mind, I'd like to choose my next phone basic on such so this does not become an issue at that time. (also something that supports Devorak would be great!...but I know I'll never see that lol). Thanx for any input or just general discussion about this.

Also while I'm here, I'd like to thank everyone would responded to my last post (I know I'm over doing it a little) but I just can't thank everyone enough for their help. For many of years now I felt like I was all alone in my quest to my career. (It's hard to find other's who want to be a "hacker" but a good guy. ....usually if you mention the word you're out casted! ...while I'm sure some of you know what I'm talking about so I'm not going to ramble anymore then this....

Thnx again all

-gliTch

Hello J.,
Thanx for writing and noticing me. I would 1st off like to once again thank the community all of you have here. This is my 1st post and I've got some VERY insightful replies. Instead of some forums where people would just like to point out your weaknesses, all of you actually seem interested in helping. ... and for that I thank you from the bottom of my digital heart. ;-)

Ok, so today's case/point:

I would like to start off by saying thanks to all, but especially to blackazarro for 1st putting up the 101. The 1st thing I did when I saw that was fill up literally everyday of my iCal until 01Feb10 ...I took that writing VERY seriously because 7-10 years ago you couldn't find a good "step-by-step" starting point. ...Look we all know that NO ONE can just tell you, "Poof, Your're a hacker!...Now go forth and h@x0r the Planet!" ... But out of ALL of my years looking for something, this is it! This is the 101 that I needed to kick me in the back of the head to get started! ...These are all things that I'm familiar with but am an expert in none by no sense. So I took the time to actually come to a very clean decision based on the help i received here. I'm going to take this year and follow that 101 to a "T". Now I know that's not everything I need to know, and yes I do understand that it's ever changing, (that's half the fun if you ask me. How boring would pentesting be if it was like say like my job? I survey in the gulf of mexico... The same thing day in and day out. I always like a never challenge). So I'm going to be a pentester, but you're right, there's so much involved with it, and I know that I'll never be great at everything, but the one thing I do know is that my super-power happens to be my "gift of gab" (thanx don) I can talk my way into / out of ANY situation. So for me, my main focus of pentesting was networking and S.E. but now I see that it's kind of an "all-or-none" path, and if that's if, then so be it. ... J. would you mind if I kept your email and write you when I hit the wall and can't figure out something? Oh and btw, I also made a list of all the Cisco books and I plan on going through them as well. (thanx J.) I guess what I'm saying here is, don't expect some kid asking stupid $h!7 like "d00d, can you teach me how to h@x0r my friends email?" ...I've seen it a million times on forums and honestly I just think that's ignorant! I an willing to learn. I am willing to teach myself (as much as I can). I am willing to be self motivated. All I need is the person who understands that to point me in the write direction. ((Any other volunteers at this time are also welcome.))  ;-) Ok enough rambling for now. My case: I have my work cut out for me for the next 24 months (this year/study. next year/certs.) My point: Thank you everyone.

Feel free to email me anytime (if there is anything that I can do for any of you)
or if you just feel like there's something useful that someone can learn, if you think of me then please send it my way as well. IT WILL GET READ, and I will try to understand it to the best of my ability. ....Thanx all.

gli7cha@gmail.com

-gliTch     

I'm willing to go anywhere that's willing to take me, and anywhere that I can consider a learning experience, (which at this point would be anywhere lol.)

-gliTch

Well I must say that now after having 2 kids the likelihood that I'll ever go to a hot zone is slim to none (if I can help it). As far as the time thing. I've been through 3 six month deployments, and my wife's been through 2 of those. And now I'm at a job that's had me out here (on the boat) since Jan. 14th. and I'm begging stay out until Mar.-Apr. (I'm only going in to do taxes, otherwise I'd stay out here longer.) But that's another reason I'm fighting to into a land job (been on the water for almost 7 years now) I don't mind leaving my family to get done what I have to get done, but I'm getting to the point where I don't want to miss my kids growing up. The overseas thing I don't mind one bit, I'd go in the drop of a hat if the conditions were right, and one of those conditions are NO hot zones lol. But thanks for the idea. ;-)

-gliTch

Wow, well.... Thanks for the quick and positive responses everyone. I'm going to try to do this the best I can, so stick with me:   :-)

"Aside from that, I think your best bet would be to get a certification or two."

I've decided to get as many certs as I can. Right now I work offshore, (plenty of time to study while on boats) and I'm making enough money now to afford it. So My plan of action now is to get at least all the certs mentioned on EH (that are in the Ethical Hacking side). I'll study all year long, save money... Then when my 2 weeks of vacation start I spend the 1st week cramming and the 2nd week taking as many certs as I can. Being realistic, out of the 7 they mention on this site if i can land 3-4 of those I'd feel much better about going into '10 with that.

oh, and:

"You say you know all versions of Windows, so why not go get an MCSA/MCSE/MCITP certification?"
 
Because sadly i HATE Microsoft. Can't stand to be in a windows environment. Now, not to say I can't. The point I was trying to make is that I know my way around WINDOWS-X and that I can if i have to type of thing. ....And at this point I'll save someone reading some time from typing. YES I know that just about anywhere I go in IT i'll be working with windows :-(  I'm just a MAC/Linux guy. If it was up to me i'd wipe MS off the face of the planet myself if i could. ...But you get the point: I don't like it, that's all. Nothing more/nothing less.

Ok, who's next?

"Your clearance should stand you in good stead. Approach one of the security testing firms that get defence or government contracts, explain your interest and maybe accept a lower starting wage in return for training."

While this is truly a great concept it just wont work right now having a family to worry about. Also I'm about to have to file bankruptcy real soon, (got laid off last year). Which is going to (i think) put a real big dent in my clearance or I'll lose it completely. .... But still not a bad idea. I've already applied at all the major defense contractors: Lockheed,Northern G, Boeing, etc. And the F.B.I. ... still no word back. I figure, they're slow or I suck lol. ....But only time well tell in those cases... you never know.

"In the meantime, practice! Get a lab set up, get some pentesting framework documents to see what steps you'll need to take for pentesting and play"

Absolutely! Normally I use neighbors and friends and test their security and explain what I did/how I did it. And then walk them through tightening up their security. But I think that is a great point is to take my PC that my wife using and start figuring out a few new things. ... It's like it's such a simple idea that I can't believe I never thought of it before. Thanx.


Next up:

"Thanks for your service. I recently separated from the AF as well where I waas aircrew."

You're VERY welcome, and thank you as well for all your hard times and struggles you been through for this country.

"What really sealed the deal though, is that I was able to show that I really wanted into the field. To do this, I went and got my CEH certification with my own money."

Well as I mentioned earlier I plan on getting as many certs as I can with my own money and on my own. Hopefully if I can find a good enough company, I'll keep studying and maybe they can pay for the bigger ticket items like my MSCE and such.

"If you have the GI Bill, it will pay for most exams. And always be willing to learn. Oh, and a clearance helps whether it is just a secret or a ts."

Well, I'll use my GI Bill for as much as I can, (I didn't spend 5 years in, and get an honorable DD214 for it to go to waste). And of course I'm always willing to learn. It's like a light switch was flipped when I got out, and my brain got turned on. The problem is that I don't always know "what" to learn. I just made a nice book list on amazon (about 8-9 books) that all deal with CEH/other certs, Hacking/Pentesting, setting up network security and such. I plan on getting those when I get home from this job. As far as my clearance goes it's a secret, but now I'll have to see if my bankruptcy is going to affect it (and I'm sure it will) but time will tell.

Also I've snooping around this site and found some very useful ideas. I'm going to start working on a site (like an e-Resume) and update it as I get my certs and my goals for future knowledge and education I'll be seeking.

But really to all of you that posted, thank you. Normally I don't like doing the quoting  thing but in this case I didn't want anyone who had something helpful to say go unnoticed. Thank you all for your time and understanding to the situation. If there's ever anything I can help with, just name it.  ;-)


-gliTch

Hello all, I'm new here, and it looks like they have a lot of the same thing I'm about to ask here, BUT.... I feel as though my story is a little different:

Ok, so in '02 I got my A.S. for Computer Network Technology. Fresh out I looked for work, but couldn't get hired because of the "NO EXPERIENCE" clause. So I joined the military, got into the intel community, got a clearance (which I prefer not to talk about here). and got a honorable discharge. Now: I'm a civilian again and i still dream of a job in the INFOSEC field. But i haven't really done anything with my degree. It went to waste while in the military it seems. I still to this day consider myself to be far above the level of knowledge of an everyday IT. I've been looking to get in to pentesting for quite some time now. Past that A.S. that I earner almost 7 years ago i really haven't done anything to show continued education. So here comes the major questions:

I have  a family now, debt, (you know all that adult stuff). So there's no way I can afford to go back to college now to say earn my Master in Comp. Sci. ...I'm really not all that interested in having a IT/Helpdesk/"...Help! i forgot the password to my email" kind of job. Instead I want to hack. Plain and simple. Been that way for years. Now I just want to make it my career. I can run just about any OS, Win (all) 'Nix, (used UNIX in the military) and use BT3 as a personal favorite. Although I've never loaded and ran Free BSD (...maybe my next personal project). Point is, I'm NOT just some beginner. I've been in it for a while without ever really being IN the field. So, If I was looking to break into the pentesting/INFOSEC world, how would you recommend i do it? Where would I start? These things that may come common to some are not to me because I've never made it to that field. What Certs should I look at getting? What books might you recommend that could held catch me up? And honestly, does it even seem possible to still break into the field (no pun intended) with only a vast knowledge/extreme will/and only a few certs?

Any feedback would be appreciated.

Thanx in adv.

-gliTch