Recent Posts

I recently completed the practical portion of the CPT exam. I emailed my report a few days ago but have not heard anything saying they got it. I was just curious if others received confirmation the exam board got their report? Or is it normal to not know?

MTux - I'm great at using other people's code and editing it for my environment. In my work I've 'written' dozens of scripts in many languages that just take examples from many places and mash them together to fit my needs.

Would you consider being able to dissect any given language for simple programs enough to go forward without worry?

Yes should be enough, you do not need to know every language in detail  ... Then, try to focus on the linux part, which is more important.

Regards.

Hey guys, ive been reading some ebooks and some tutorials on securitytube and else. Ive have some experience in the networks field, SE, im starting with python and ive been messing around with metasploit and bt5.
 I want to start my way into the pen testing field but, im kinda lost in the dark with all the certs going on, i dont know from which to start, i know this may be asked 200 times a day but well, have to ask, sorry about it!.

Another thing to consider, im lookin for e-learning, as i live in south america, and if possible, not 2 expensive certs, the USD its so expensive here! haha, thanks in advance.

i can't watch that movie IDK why anyway:

is network established between you and the target? can you ping it?
Can you scan the target with nmap?

Is your target on internet? if it is:
Are you behind any firewall? If you are, try this scan:

Code:

nmap --scanflags SYNFIN <Target IP address>

This may bypass the firewall.
Always scan the server using IP address because they may implemented network load balancing so you may scan different servers each and every time.

Is your target in a virtual lab? if it is:
Make sure that you attack system and server are using a same network adapter otherwise they can't connect to each other.
check your IP addresses for both systems

i hope this info can be helpful if not tell me i will watch the vidoe.

?

takes time to learn Linux, keep going, eventually you will see some applications in Linux and all your knowledge will show up in your mind, you will feel you are flying....

it takes sometime to learn pentest, it is constant process until became familiar.

Use tools, build your own lab, practice attacking a server in your lab/or other lab, etc, etc.

Remember learn to walk before running, so keep learning the base, CEH is a good knowledge, but the other training mention here are good to really acquire skills.

An additional language like Python (and/or basic C knowledge) is quite useful, but I think your time frame (until beginning of your labtime) is probably too small.

MTux - I'm great at using other people's code and editing it for my environment. In my work I've 'written' dozens of scripts in many languages that just take examples from many places and mash them together to fit my needs.

Would you consider being able to dissect any given language for simple programs enough to go forward without worry?

I spent about 5 hours today at work going through Linux basics. At the end of the day I had this conversation:

Me: "This is damn boring. I've spent all day learning about basic tools. Here's a screwdriver - It drives screws. This is a hammer - You hold it like this." Etc...

Boss: "Yeah, I hear you. I gave up trying to learn about Linux a few years ago."

Me: "Yeah. But at least when I get done learning how to use the tools I get the chance to make bombs with them"

Boss: "Okay. That's Cool."

not yet, if I get another alert, i'll see if I can nab a copy.

Looks unlikely i'll be able to do so. I set MSE to alert and restored the file, but its not there when i look. This is absolutely crazy, i'm considering wiping the box.

Nothing I am aware of, at most it would be a distraction to confuse IR folks.  Do you have a sample of the file?  Maybe a some file just happens to have the string in it that makes AV recognize EICAR.

You can get a job in the pentesting field with no pentesting experience, but harder to do without IT or networking - not impossible.
Be aware that the CEH will get you past the HR filters when applying for a job, but means almost nothing to a hiring manager who is more interested in your ability to use a methodology, your knowledge of protocols and how to exploit them, and your fu with the different tools. That said, get your CEH but spend most of your time learning how to pentest, not just how to use the tools.