Forum Replies Created
December 2, 2019 at 8:06 pm #174497
Very sorry it took me this long to read and respond to your comment (embarrassed). As Don knows, I’ve actually had two job changes since writing this article and have been kept extremely busy.
It’s funny how many doors opened when I added the ‘paper’ to my resume. In fact, one of the places that reached out to me had openly told me (very ‘matter of factly’) that they wouldn’t have even taken a second glance at me without a degree, even with my background, certifications, inside connections, etc.
Today, I’m a CISO, with a lot more responsibility on my plate, but enjoying the challenges it brings.
As for your experience, it sounds like it was definitely a great fit for you and met the need you had at the time. I’d bet WGU would’ve worked for you as well, but glad the end result was the same. (And, oh yeah, having an insider at a job definitely helps get you in a door, as well. No argument from me there.)
July 19, 2016 at 5:10 pm #54288
Let’s work on things one step at a time.
It might be helpful if you provide the contents of the dhcpd.conf file you’re testing, as I’m betting it doesn’t like one of the interface names used within the file.
June 28, 2016 at 12:50 pm #54286
Professional Penetration Testing, Second Edition: Creating and Learning in a Hacking Lab – https://www.amazon.com/Professional-Penetration-Testing-Second-Creating/dp/1597499935
Coding for Penetration Testers: Building Better Tools – https://www.amazon.com/Coding-Penetration-Testers-Building-Better/dp/1597497290
Penetration Testing: A Hands-On Introduction to Hacking – https://www.nostarch.com/pentesting
June 21, 2016 at 8:59 pm #54283
Thanks for the tip. I went and checked it out, and recalled I’d won a free mile2 course and exam from ethicalhacker.net, a while back. While I’d gone through the C)SWAE course back then, I’d never circled back for the exam. (Now taken and passed. 😀 )
May 6, 2016 at 1:15 pm #54275
There are numerous software packages and services out there to block ‘unwanted’ sites.
Perhaps the easiest (free one) to START with would be to use something like OpenDNS’s FamilyShield.
Basically, you’d change your DNS settings for the PC to use their addresses from that page, and it would automatically block most known ‘bad’ sites.
Setup instructions, from that link above, can be found here:
April 6, 2016 at 9:33 pm #54234
I got bumped into a more ‘all-inclusive’ management role this year, myself. But it’s good in that it’s allowing me to play all sides of the fence for a bit, and drive some initiatives home that have been needed for some time. 🙂
April 4, 2016 at 6:12 pm #54232
Good to see you’re still at it (saw your post in the other thread, as well.) Good luck!
January 6, 2016 at 9:11 pm #54243
Did see that earlier, but thanks for the reminder. 🙁
I’d made a mental note, but the business of the day quickly wiped that from memory.
On to writing something for him, now.
January 6, 2016 at 3:27 pm #54242
And that’s the nail in the coffin for me, on C|EH. While the knowledge gained, early on, was beneficial and C|EH IS recognized, it hasn’t provided me with enough value to continue to maintain it, going forward. I had a great instructor the first time around, and chose to update it / recertify a while later, when he update course was offered to me as a ‘beta’, free of charge.
As many (myself included) see C|EH more as one of the entry-level, informational certifications (no practical examination to show real-world utilization of the information covered), I’ll choose to invest my time and funds into other courses / areas of study (Offensive Security, for one, who promptly acknowledged the trend these cert bodies like EC-Council have been following for fees, shortly after EC-Council posted that news, and explained that OffSec WILL NOT follow that path).
I used to be one of EC-Council’s testimonial people, but this move, IMHO, just doesn’t bode well for their future existence. Examination and training fees are one thing, but if those have slowed due to lack of folks paying to update the certification and there’s less excitement out in the industry to attain it, I don’t think forcefully requiring ‘maintenance fees’ to maintain the certification is a wise choice. Additionally, when I ‘first’ achieved CEH (very early on in their program), the official stance was that the certification would NEVER lapse, and as such, when the Continued Education requirements were added to maintain it, I was already skeptical. Sure, ‘knowledge-based’ certifications do need refreshing now and then, as the infosec arena is always growing / changing. But growth should be based on choice, not forced. An employer could just as easily look at a certification VERSION, and make a determination as to whether a candidate or current employee has chosen to update / maintain their skill set, rather than the certification body force it upon them, even to maintain their EXISTING certification.
And, IMHO, C|EH isn’t like CISSP, as far as industry recognition. I also disdain maintenance fees for that cert (CISSP), as well (which I don’t currently hold), but due to it’s much higher popularity in the industry, I’ll ‘likely’ be ‘willing’ (I guess) to ‘maintain’ that one, at least, if / when I pursue it.
December 16, 2015 at 5:32 pm #54204
So for those who are wondering…
I failed the certification exam for this course. :-[
I will say that the exam is excellent, and well worth studying for, but my time to take it was limited, due to other things going on, so I couldn’t give it the effort and commitment that they required. (Didn’t help that the voucher for the exam was only good for a limited time, and as such, it was rough for me to schedule it, before it expired.)
Once you schedule the exam, you have a week to take it (7 days of VPN access), and a second week to write up and submit for grading. If you fail, you get one more free attempt (an additional week) to correct / try again – according to their instructions beginning the moment the first attempt was scored. That scoring occurs ‘within 30 days’ of your original attempt, so planning to accommodate it, when I wasn’t sure when to expect my original grade / scoring, wasn’t in the cards, and I simply couldn’t put a full second week (I only had a day or so to commit to attempt #2) into passing.
I got / acquired the only ‘required’ item to pass, however that, in and of itself, was insufficient to pass. And while I found a handful of other vulnerabilities per the course / study, exploited them and reported on them, evidently my efforts weren’t sufficient to pass, entirely.
While I’d love to say I hold their certification, and again, I can say it was worthwhile / valuable information I learned in this course, I’m unsure at this time whether or not I’ll kick out the $200 fee for a new certification voucher, to try again.
Time will tell. But I’d still recommend this course to anyone wanting to expand their boundaries and experience more, into Web App Pentesting.
December 8, 2015 at 8:00 pm #51858
The only suggestion I can give you is to look at ALL the resources Offsec provides to students (not just the specific course pdf’s and videos). They have a wealth of information at your disposal.
December 3, 2015 at 3:10 pm #51855
For the exam, itself? Not much we can help with / share. The exam is YOUR test of knowledge. Not really something that others should be doing with / for you.
What, exactly, are you asking about / looking for?
November 30, 2015 at 8:30 pm #45389
Not yet, but as per my response above this one (and my reply in the goals thread), it’s on MY radar for the year.
November 30, 2015 at 8:28 pm #54225
Looking to finish up the eLearn WAPTX exam, then likely Offensive’s Web App course, then up in the air, as I’m getting some priorities shifted at work, and the ‘winds of change’ are blowing. Got a lot going on right now.
September 4, 2015 at 9:14 pm #45387
muts acknowledged that to me, on Twitter, so fingers crossed.