ambient

Hakin9 is a hacking magazine. It is for you to update your knowledge, brush up your old experience and get more ideas and techniques from the industry.

If you would like to learn from the beginning, find good textbooks or good courses. After you are familiar with the topics, you could go further by subscribing Hakin9.

Hello H1t M0nk3y,
from my experience, I used SoapUI to test web services. With the flexibility of input options the web service could use, I have never used an automated tool to test it. I think the result won’t be good enough.

You could implement it by CSRF redirector technique.
I have posted here but the source code is unavailable.

CSRF Redirector

<?php
/*   Call
*   http://hackerhost.net/csrf_redirect.php?csrf=http://vulnerable.net?username=john|passwd=12345
*/
$csrf   = $_GET;
$tokens = pr…[Read more]

……have you had issues doing authenticated scans with w3af?

What does it mean? If you meant the problem, my w3af often crashed during the scan.

For me, I am working with
1. BurpSuite for web application crawling and mapping.
2. DirBuster for directory or file name enumeration.
3. HTTrack for saving some web contents in order to extract interesting metadata.
4. nikto for checking web server configuration
5. w3af for quick web application scanning

These activities pave a way to the next step.

@MaXe wrote:

In the Asian region of the world, you will often need to be CEH certified. In the UK (England), you will need to be CREST and/or CHECK certified (sometimes both), and in Australia, you will need CREST in the near future if the current situation here evolves.

In the Asian region, the qualification which is often referred to is C|EH,…[Read more]

I agree with you. However, I did some search, I saw some tutorials that show metasploit on iOS.  lavender, did you see one of those?

As an aside note, BillV, that’s cool.  ;D

Well, I am not certain whether this can help you.
Basically, SET contains configuration file in set_config. You could point the reference to metasploit path in this file.

A good brief tutorial on XSS protection in PHP.
http://shiflett.org/articles/cross-site-scripting

l think implementing an anti-CSRF mechanism in our application is not difficult. You can turn on/off your mechanism at arbitrary points. Moreover, with java platform, if you use some frameworks like struts, you can use its built-in anti CSRF mechanism.

For CSRF guard, I have never used  ???

Hi Jamie, congratulations!!
Network certification is good for pentesting career.

@cd1zz wrote:

I would start with Counter Hack Reloaded, it will open your eyes.

I agree with cd1zz. Counter Hack Reloaded is great. If I could go back to the time I started in infosec, I would choose this one. Ed Skoudis is a great instructor.

1. Does SET-Social Engineering Toolkits work well on BT5r2? I have problem with its handler listening my meterpreter payload.
2. I noticed that in /pentest/exploits/, there was no framework3 directory.

Above all, I have installed BT5r2.  ;D

In UK,
Portcullis Security
NCC Group

I took GPEN test at the end of February, and felt that the test exam is a bit more difficult than the practice test. If you are going to prepare yourself with the practice test, you could do it once. I did it twice, and found that the questions were reused as ajohnson said.

Make sure that you prepare with the contents of the materials. You will be fine.

??? How could one apply for a researcher position there?

Good article from infosec institute!!
Is there any requirement to submit the article to infosec institute? Do you need to be a researcher there before writing an article?

A nice video tutorial set from securitytube.net,
http://www.securitytube.net/groups?operation=view&groupId=4

I’m quite sure you might like it  8).

@MaXe wrote:

http://www.hacking-lab.com/events/swiss-cyber-storm-3-cargame-challenge.html

Well, it left blank wile I took a visit.