Most Recent Additions to The Ethical Hacker Network, the best, single source of educational content for forensics, pen testing and incident response. Hacker Challenges with prizes, free monthly giveaways, tutorials, articles, forums, certification info and more. http://www.ethicalhacker.net Sun, 05 Sep 2010 23:47:09 +0100 FeedCreator 1.7.2 http://www.ethicalhacker.net/images/M_images/ehnet_banner1.jpg http://www.ethicalhacker.net Most Recent Additions to The Ethical Hacker Network, the best, single source of educational content for forensics, pen testing and incident response. Hacker Challenges with prizes, free monthly giveaways, tutorials, articles, forums, certification info and more. http://www.ethicalhacker.net/content/view/326/8/ Win Advanced Pen Testing Course = $2000!!Advanced Penetration Testing (APT): Pentesting High Security Environments (http://www.learnsecurityonline.com/offerings/courses/225-eh-apt) is a five-day intensive course that focuses attacking and defending highly secured environments such as 3-letter agencies, DoD, financial organizations, federal organizations, and large companies. This is NOT your normal Ethical Hacking course. You won't be attacking unpatched Windows 2000 Servers, and you won't be learning a bunch of outdated tools. In APT, you will be learning how to attack new OSs such as Windows Vista, Windows 7, Windows Server 2008, and the latest Linux servers. All of these servers will be patched and hardened.... Vitals - EH-Net News Sat, 04 Sep 2010 09:00:00 +0100 http://www.ethicalhacker.net/content/view/325/8/ We Have Winners!!CareerAcademy.com (http://www.careeracademy.com/). Of course be sure to check out their security video training titles as well including CEH, CISSP, Security+ et al. To the 2 deserving members this month goes CareerAcademy.com's latest Cisco Authorized Video Training Library. EH-Net members H1t M0nk3y and Dark_Knight each get 3 months of unlimited online access to all of the following Cisco® training programs (list below). Congratulations to you both. Registration Is FREE! (index.php?option=com_smf Itemid=35 action=register) Vitals - EH-Net News Sat, 04 Sep 2010 02:00:00 +0100 http://www.ethicalhacker.net/content/view/324/2/ Maltego 3 (http://www.paterva.com/web5/) is available for Windows and Linux. There is also an upcoming version for Apple users that has yet to be released. Information gathering is a vital part of any penetration test or security audit, and it’s a process that demands patience, concentration and the right tool to be done correctly. In our case Maltego 3 is the tool for the job. In this article we explore Maltego 3 and examine its fundamental features and a little hands-on with the newly designed version. If you haven’t already had a chance to upgrade to or pick up Maltego 3... Features - /root Wed, 01 Sep 2010 02:00:00 +0100 http://www.ethicalhacker.net/content/view/321/8/ We Have a Winner!!SANS vLive! (http://www.sans.org/info/61178) leverages webcast flexibility and the latest online technology to enhance students' learning experience. SANS vLive! live Webcasts are scheduled once or twice a week for 3 hours, depending on course requirements, and feature Elluminate Live!™, a collaboration of realtime, interactive online tools to bring quality security education direct to your desktop. So what does that mean? There's not just a flashy online version of PPT decks... you get real interaction with the instructors live on your own desktop from the comfort of your own home. Up for grabs this month to one top... Vitals - EH-Net News Tue, 03 Aug 2010 17:43:00 +0100 http://www.ethicalhacker.net/content/view/320/2/ Lenny Zeltser’s SANS Forensics 610: Reverse Engineering Malware (http://www.sans.org/info/63128) course comes in handy. It is now a 5-day, in-depth course covering a multitude of topics involving malware analysis. del.icio.us Discuss in Forums Features - /root Tue, 03 Aug 2010 14:15:00 +0100 http://www.ethicalhacker.net/content/view/319/2/ Review by Michael Heinzl AKA EH-Net Member Awesec People often ask if they should learn Assembly language - if it's worth the efforts, and if it's a necessity in order to become a good penetration tester. Short and personally answered, I'd say certainly yes. If you are interested in areas like Reverse Engineering and Exploit Development, Assembly knowledge is a must-have. The second question which often comes directly after “Should I learn Assembly?” is “How and where to start?” One of the few given recommendations often points towards Randall Hyde's “The Art of Assembly Language” (AoA) for which the... Features - Book Reviews Tue, 03 Aug 2010 12:00:00 +0100 http://www.ethicalhacker.net/content/view/314/8/ We Have a Winner... and a Hero!! Black Hat 2010 Briefings (http://www.blackhat.com) worth almost $2K!! And now for an extra special shoutout for someone who exemplifies the exact type of member we cherish here on EH-Net. When building a community, one can only hope for active members to possess a positive attitude, willingness to help others and give back to the community that gave so much to all of us. EH-Net member, rvs, in simply trying to spread the word, retweeted an offer for SensePost training at BH (http://www.sensepost.com/services/training/blackhat). He won and was offered to attend any of their courses at... Vitals - EH-Net News Mon, 26 Jul 2010 15:00:00 +0100 http://www.ethicalhacker.net/content/view/317/2/ By Jamy Klein, MSIA, CISSP According to Panda Labs over 25 million new pieces of malware were released into the wild in 2009. 2010 is expected to be even worse. In addition to sheer volume, malware is becoming more sophisticated and targeted as a result of the influx of organized crime and state sponsors into the realm of malware authoring. Due to this unsavory trend, the SANS Institute has developed a course, Reverse-Engineering Malware: Malware Analysis Tools and Techniques AKA FORENSICS 610 (http://www.sans.org/info/61123), to help white hats that need essential malware analysis skills and also to prepare security professionals for... Features - /root Fri, 02 Jul 2010 15:00:00 +0100 http://www.ethicalhacker.net/content/view/316/24/ As a social engineer, you spend all of your time manipulating people’s brains. Yet most of the social engineers I meet don’t know the difference between the amygdala and the cerebral cortex. And you need to. So this article is going to give you a quick trip through the human brain. The brain isn’t just a single organism – it’s truly a three-part entity known as the triune brain. The idea of the triune brain was first proposed by Paul MacLean (http://en.wikipedia.org/wiki/Paul_D._MacLean). He proposed that the brain that you and your caveman ancestors shared is not a... Columns - Murray Thu, 01 Jul 2010 19:30:00 +0100 http://www.ethicalhacker.net/content/view/311/8/ We Have Winners! early look in our forums (component/option,com_smf/Itemid,54/topic,5222.0/), to an great review (content/view/307/24/) by our newest columnists, Jason Haddix, it just seemed obvious to ask them for a few seats to give away to EH-Net readers. As I often say, Just ask. I did and they said yes!! Then it was your turn, and you responded. So... 1. EH-Net Members Equix3n-, What90 and xXxKrisxXx have won the 3 seats in PTP with a value of €449 / $599 each. 2. Don't forget that the 5% Discount is back on. This EXCLUSIVE Offer for EH-Netters has been extended indefinitely!! So... Vitals - EH-Net News Mon, 07 Jun 2010 10:00:00 +0100 http://www.ethicalhacker.net/content/view/310/8/ CBT Nuggets (http://www.cbtnuggets.com/CSPCOM) fit the bill perfectly. For those of you who don't know, CBT stands for computer based training. CBT Nuggets are series of 30 - 60 minute chunks... or nuggets... of videos each covering a given topic on the certification of your choosing. It makes it easy and engaging to study for your certs without the need to travel or complete your studies on someone else's time frame. CBT Nuggets are also very cost effective without flashy productions. They simply concentrate on providing the info you need at prices anyone can afford, and they succeed. Topics include CISSP,... Vitals - EH-Net News Mon, 07 Jun 2010 02:00:00 +0100 http://www.ethicalhacker.net/content/view/309/2/ Tutorial by Mark Nicholls AKA n1p The intent of this exploit tutorial is to educate the reader on the use and understanding of vulnerabilities and exploit development. This will hopefully enable readers to gain a better understanding of the use of exploitation tools and what goes on underneath to more accurately assess the risk of discovered vulnerabilities in a computer environment. It is important for security consultants and ethical hackers to understand how buffer overflows actually work, as having such knowledge will improve penetration testing capabilities. It will also give you the tools to more accurately assess the risk of... Features - /root Tue, 04 May 2010 02:00:00 +0100 http://www.ethicalhacker.net/content/view/307/24/ eLearnSecurity’s Penetration Testing Pro - What CEH Should Have Been eLearnSecurity, Penetration Testing Pro (PTP) (http://www.elearnsecurity.com/eh.php). PTP is a three section presentation and video course authored by Armando Romeo (admin of hackerscenter.com), Brett D. Arion, Nitin Kumar, and Vipin Kumar. It has an optional certification component called the Certified Professional Penetration Tester or eCPPT for short. The target audience for the course is security engineers or penetration testers in the 0-3 year experience range. The course divides penetration testing into three categories: System Security, Network Security, and Web Application Security. Let’s take a look at each. del.icio.us Discuss in... Columns - Haddix Thu, 29 Apr 2010 02:00:00 +0100 http://www.ethicalhacker.net/content/view/306/8/ We Have 5 Winners of OffSec Online Training! Offensive Security has carved out a place in the pen testing field that is quite rare. They offer not only high quality training but also at some of the lowest price points in the industry. For an insider's look at Pentesting With BackTrack (PWB), check out Ryan Linn's review of PWB and the associated exam, OSCP (content/view/299/24/). But as well know as PWB is becoming, let's not forget they also have 3 other courses. For you wireless pen testers, there's OffSec Wireless Attacks AKA WiFu (http://www.offensive-security.com/backtrack-wifu-online-training.php), for Windows environments there's Advanced Windows Exploitationand... Vitals - EH-Net News Wed, 28 Apr 2010 02:00:00 +0100 http://www.ethicalhacker.net/content/view/305/2/ Greetings, challenge fans! It’s time (at long last) to announce the WINNERS for our holiday-themed challenge, Miracle on Thirty-Hack Street (content/view/285/2/). I’ve gotta say, we received a huge number of high-quality responses. KJ0 (one of my nicknames for my challenge co-author, Kevin “Frickin’” Johnson) and I felt kinda like we were in the scene from the movie where they dump all the mail on the judge. I apologize for not getting these answers done sooner, but a family medical emergency in January and February consumed much of my attention those months. But, we’re back... Features - Skillz Tue, 06 Apr 2010 02:00:00 +0100 http://www.ethicalhacker.net/content/view/302/2/ EC-Council's own training named iClass (http://iclass.eccouncil.org/iclassaffiliate/idevaffiliate.php?id=643). As they describe it: iClass is EC Council’s live, online, instructor-led training platform. iClass makes our entire catalog of vendor neutral certifications available to you in multiple schedule formats, dates, and times. Let's jump right in and take a look. del.icio.us Discuss in Forums Features - /root Thu, 01 Apr 2010 02:30:00 +0100 http://www.ethicalhacker.net/content/view/301/2/ Review by Chris Jenks Hacking for Dummies (http://www.amazon.com/gp/product/0470550937?ie=UTF8 tag=thedigitalcon-20 linkCode=as2 camp=1789 creative=9325 creativeASIN=0470550937), an introduction to Ethical Hacking, is shallow enough for anyone first stepping into the field, but with tricks, tips and real-world experiences even the veteran penetration tester will find enlightening. The book is considered to be a good introduction to the world of Ethical Hacking. Like all “for Dummies” books, the subject matter is explained in plain English instead of being filled with jargon and buzz words. That doesn't mean a reader can walk in cold and learn to be an Ethical Hacker (a hacker who is... Features - Book Reviews Thu, 01 Apr 2010 02:00:00 +0100 http://www.ethicalhacker.net/content/view/297/8/ We Have Our Winners! Registration Is FREE! (index.php?option=com_smf Itemid=35 action=register) Vitals - EH-Net News Thu, 04 Mar 2010 12:00:00 +0100 http://www.ethicalhacker.net/content/view/299/24/ Ryan Linn's Column Page (content/category/7/40/24/) for Parts 1 - 4 as well as several other contributions to The Ethical Hacker Network and our community of security professionals. del.icio.us Discuss in Forums Columns - Linn Mon, 01 Mar 2010 10:00:00 +0100 http://www.ethicalhacker.net/content/view/289/2/ Review by Jason Haddix Have you ever seen Man on Fire? If you haven’t and you like watching kick-ass, kick-you-in-the-teeth, relentless, Denzel-Washington-type of-action-flicks… you might want to Netflix that one. Our interview this week is kind of like Denzel in Man on Fire but with less guns and more SQLi strings meticulously crafted to pwn your databases. Enter Joe (j0e) McCray of LearnSecurityOnline… Joe is a long standing friend of both Security Aegis and The Ethical Hacker Network, and, after wanting to keep the limelight off of himself and his teaching projects, we have finally pestered him enough to agree... Features - /root Mon, 01 Mar 2010 08:00:00 +0100 http://www.ethicalhacker.net/content/view/296/2/ Hello challenge fans. Sorry for the long delay, but better late than never, right? Actually this one caused a little debate, because we did not have anyone that gave a completely accurate answer on either the technical or creative sides. But in considering that these challenges are not just contests but also great ways to learn, we decided to release the answers without any winners. So although there are no signed copies of Ed Skoudis' book, Counter Hack Reloaded (http://www.amazon.com/exec/obidos/ASIN/0131481045/thedigitalcon-20?creative=327641 camp=14573 adid=0W0TMYWJ6BXR5RPTG9N8 link_code=as1), a couple of you still get your name in lights as we mention some of your good... Features - Skillz Mon, 01 Mar 2010 06:00:00 +0100 http://www.ethicalhacker.net/content/view/293/8/ We Have a Winner!! Black Hat DC (http://www.blackhat.com) on us. The Washington, DC version of the world's premier technical event for security experts is being held January 31 - February 3, 2010. One Passport Admission Ticket worth $1995 allows our winner entry into the 2-Day Briefings portion of the event. The event is described as, Understanding the increasingly complex threats posed to an enterprise can be a daunting task for today’s security professional. Knowing how to secure an enterprise against those threats can be overwhelming. Black Hat is the premier information security event for senior-level professionals to learn the latest... Vitals - EH-Net News Mon, 01 Feb 2010 14:00:00 +0100 http://www.ethicalhacker.net/content/view/292/8/ As a courtesy to our members, we try to keep you informed of some of the more interesting items that have been published in our online magazine by sending out an electronic newsletter by email. But not everyone interested in our content is a member. For that reason, we have decided to also publish the newsletter in article format for all to see. Each EH-Net newsletter features the major articles of the past month such as our Free Monthly Giveaways, reviews of books, courses and products as well as other newsworthy items. The newsletters also includes updates on our Hacking... Vitals - EH-Net News Mon, 01 Feb 2010 02:00:00 +0100 http://www.ethicalhacker.net/content/view/290/2/ Review by Jason Haddix Today we showcase a new web application scanner called Netsparker (http://www.mavitunasecurity.com/), and believe us when we say that we put this app through the ringer. There's a big distinction between testing a tool against dummy apps in a lab and using it first hand against a large environment. Luckily for us we got to do both. Over the course of a month we ran several engagements and specifically watched Netsparker’s performance compared to other tools we normally use in the assessment process (w3af (http://w3af.sourceforge.net/), Grendel Scan (http://www.grendel-scan.com/), Nikto (http://cirt.net/nikto2), Wikto (http://www.sensepost.com/research/wikto/), Websecurify (http://www.websecurify.com/), Paros (http://www.parosproxy.org/index.shtml), Burp... Features - /root Thu, 07 Jan 2010 02:00:00 +0100 http://www.ethicalhacker.net/content/view/286/2/ Review by Joel Dubin, CISSP The Payment Card Industry Data Security Standard (PCI DSS) has taken it on the chin recently. With several high profile breaches of credit card numbers, some critics of the industry standard have said it either isn’t strong enough, or should be abolished altogether. But as Dr. Anton Chuvakin and Branden Williams correctly point out in the second edition of their book, PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance (http://www.amazon.com/dp/1597494992?tag=thedigitalcon-20 camp=14573 creative=327641 linkCode=as1 creativeASIN=1597494992 adid=1SBDGWTPQJD15XH1E75W ), PCI is here to stay. This is no ordinary field manual to the PCI... Features - Book Reviews Mon, 04 Jan 2010 02:00:00 +0100 http://www.ethicalhacker.net/content/view/284/2/ SANS Security 550 - Information Reconnaissance: Competitive Intelligence and Online Privacy (http://www.sans.org/info/51609) A pessimistic view of the Internet: A network that enables every human to be within a few milliseconds from every psychopath and criminal on earth. Bryce Galbraith of Layered Security (http://blog.layeredsec.com/), a SANS certified instructor, has authored a new one-day course titled “Information Reconnaissance: Competitive Intelligence and Online Privacy.” The course is designed to educate IT professionals on the risks associated with information disclosure. It also teaches the students tools, tips, and techniques that assist in discovering information. The amount of our personal information... Features - /root Fri, 04 Dec 2009 02:00:00 +0100 http://www.ethicalhacker.net/content/view/283/2/ PCI DSS (Payment Card Industry Data Security Standard) (https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml). The conversation ranges from practical advice on “how to get compliant” all the way to branding PCI as a devilish invention (Google for “PCI is the devil”). Fiery debates aside, PCI DSS guidance helped countless organizations to see the light of security where there was none before. It goes without saying that it didn’t magically make them “become secure” – no external document can. One of the frequent criticisms of PCI focuses on the misguided view that “PCI is all about passing an ‘audit’.” Many people would be surprised to find... Features - /root Fri, 27 Nov 2009 15:00:00 +0100 http://www.ethicalhacker.net/content/view/282/24/ 'Pentesting with BackTrack.' (http://www.offensive-security.com/penetration-testing-backtrack-online-training.php) As a reminder, PWB is described by Offensive Security as, An online course designed for network administrators and security professionals who need to get acquainted with the world of offensive security. This penetration testing course introduces the latest hacking tools and techniques, and includes remote live labs for exercising the material presented to the students. This course gives a solid understanding of the penetration testing process, and is equally important for those wanting to either defend or attack their network. The course can be taken from your home, as long as you have a modern... Columns - Linn Fri, 27 Nov 2009 02:00:00 +0100 http://www.ethicalhacker.net/content/view/281/24/ 'Pentesting with BackTrack.' (http://www.offensive-security.com/penetration-testing-backtrack-online-training.php) As a reminder, PWB is described by Offensive Security as, An online course designed for network administrators and security professionals who need to get acquainted with the world of offensive security. This penetration testing course introduces the latest hacking tools and techniques, and includes remote live labs for exercising the material presented to the students. This course gives a solid understanding of the penetration testing process, and is equally important for those wanting to either defend or attack their network. The course can be taken from your home, as long as you have a modern... Columns - Linn Mon, 19 Oct 2009 02:00:00 +0100 http://www.ethicalhacker.net/content/view/279/2/ Salutations, challenge fans! Ed Skoudis here, ready to introduce our newest challenge. Jim Shewmaker, SANS Instructor and creator of the Netwars Capture the Flag Competition (http://www.sans.org/netwars/), has taken the keyboard this time, creating an awesome challenge for you based on the TV show, Sliders. It's got some fun twists and turns, and includes jumps to parallel universes! What's not to like? Have fun unwrapping this mystery. As always, we'll choose three winners: the best technical one, a creative entry that is also technically correct, and a random draw. Even if you don't know all the answers or can only guess,... Features - Skillz Sun, 18 Oct 2009 02:00:00 +0100