May 19, 2014 at 4:53 pm #8700DragonGorgeParticipant
I recently took a SANs course at SANs West. Overall, I was really happy with the course content and delivery. Yeah, it’s expensive, probably prohibitively for a lot of people, but there is a lot of great material in there. SANs seems to make an active effort to keep their stuff current, e.g. the VM we got was Windows 8. I remember being somewhat dismayed at the number of XP machines in the OSCP lab, but at that time XP still had a significant share of the computing market despite being a 12+ year old OS. Add to that, OSCP is/was technically a 101 course.
However, when my SANs instructor showed a demo of an exploit on an XP, I felt a little disappointed. Yes, I know it (XP) was just a vehicle to demonstrate the exploit but in the back of my mind I thought, “XP pssfth, ANYTHING can crack an XP machine.” IMHO, using XP implies a) you haven’t updated your slides in a while or b) you’re demonstrating something that is only vulnerable on XP. More to the point, XP makes any slide or demo appear dated and in my mind, for any non-101 course to make the claim “current”, they need to eliminate XP from their material. Even for a 101 course – show how vulnerable XP is and move on (Win 7, 8, etc). The rest of the world is moving off XP, it’s time security courses do too.
November 1, 2014 at 10:32 am #53823SephStormParticipant
I know this is an old post, but I agree. Its often used because it’s repeatable, but the problem is that it does not indicate advanced techniques. They aren’t demonstrating how to bypass ASLR, UAC, Windows Firewall, ect. These are things a pentester needs to understand, and isn’t being taught. I find myself turning off firewalls and UAC in my labs because I don’t know how to get past them except with SET.
November 1, 2014 at 7:31 pm #53824GrendelParticipant
So here’s the deal, and I think you’re missing the point –
There are multiple attack vectors we (as instructors) want to provide our students. One attack vector is the process we use as pentesters to exploit known vulnerabilities with exploitable code, which can seem simplistic – find a vulnerable system, run metasploit, own the box. This is true for older systems and new OSes with zero-days. So when we teach students this technique it’s easier to demonstrate against a box with multiple exploits on it.
Let me say this another way. Would you rather learn about a single known exploit against a new OS, or learn about 20 different exploits that behave differently (language packs, injection techniques, etc.) on an older system? By learning multiple exploits on older systems, you learn some of the specifics surrounding each type of exploit and why some work better than others. Showing you a new system with a few number of exploits is actually a worse instructional tool than one with a lot of exploits – not only do you learn different types of attacks (against different services), you learn the history of attacks and which services tend to be more exploitable as time progresses.
Using Windows XP as an target is definitely a good way to teach people how to exploit systems. It shouldn’t be the final step in teaching pentesting techniques, but there is a lot to learn from older, exploitable systems during your journey.
November 5, 2014 at 2:54 pm #53825SephStormParticipant
I don’t disagree Grendel, my issue is that there appears to be little that connects the training we get with how it can be applied to the modern world. For instance, in the MSFE course, we see the instructor using a few exploits to own an WXP system, his point is to demonstrate the principles of exploitation and showcase use of metasploit. IIRC, he continues to utilize the same exploit through the rest of the course when possible. What would be more useful would be to show the WXP exploit, then showcase a different exploit on a different OS, say W7 to show the student that indeed the same principles apply. Often times services are exploited, which is fine, but there aren’t many workable remote service exploits available for workstation OS’s. So a person can complete a course having utilized one or two exploits and having no idea what to do when they encounter a system with no service vulnerabilities.
I speak from my experience. Most of my recent time has been spent learning to push beyond what I was taught learning how to use SET to attack software vulnerabilities, but I still have gaps in my knowledge. We really need training that covers a good baseline that a person can build upon.
July 15, 2016 at 6:31 am #53826Henry864Participant
This is the bundle program composed of two must take info-sec courses. Using this bundle program you can strengthen your python & hacking skills. You will learn to automate most of the hacking tasks using the scripts and you will also learn to introduce your own scripts to solve the run-time issues and challenges.
Embrace yourself for Python, enroll now!
Hack Like a PRO using Python
They give us the great discount offer and it is for all of you if you have any interested and want to learn about this course then visit now,
34% off original price
17 days 23 hrs 21 min and 50 sec
You must be logged in to reply to this topic.