Kev

Thats why its better to learn Linux and develop your own “attack OS”, rather than having to wait around (sometimes for years) for someone to fix something.  Developing a chosen distro with all your favorite tools is not difficult to do and the reward will be significant.

Thought I would throw my sorry 2 cents in on this topic as someone that has been pen testing for longer than I care to admit.  Having a degree is good but not absolutely critical. However, it will definitely open doors faster for you, that is if you don’t having any contacts or rep. Having a good reputation because you know your stuff and a few fr…[Read more]

There are a lot of good sites that guide you on tweeking 7 for speed and I have had some good results following their suggestions.  I actually found it very fast and much improved. Its a good OS for general home entertainment use.

I have used Core a lot to test vulnerabilties if I am attacking the network internally. It does a great job and is an asset to a pentester’s tool box. However, if I am attacking from the “outside” I find its way too noisy. I hate getting shut down or alerting anyone of my attack early on, although sometimes I am amazed how asleep at the wheel some…[Read more]

Sorry but you are not going to be able to accomplish what you are trying to do unless you can exploit the target system. If its not vulnerable to an exploit you are sol. Its ironic that home systems with fewer services running on them connected with a basic wireless router can “sometimes” be harder targets to exploit than over worked large…[Read more]

If this is a legitimate pentest, then its all about the rules of engagement that you should have clearly defined and agreed upon in advance. This kind of technical consideration has nothing to do about ethics. Its not “cheating” and if the IDS is vulnerable then its vulnerable and needs to be exposed as such by either you being allowed to attack…[Read more]

Welcome aboard. If you have a Secret Security clearance you are in great shape!

As far as the onboard wireless available on laptops, I wouldn’t be too concerned.  If you are going to just hack your home router then that’s fine and those laptops that use the atheros chip are usually fine for injecting.  Later when you do professional work you will more than likely find you need a good external antenna. The reason being is ha…[Read more]

I have been using an Acer 5610z for some time now and it dual boots Windows and Linux perfectly.  Its 15” screen is great for my bad eyes and it’s what I use when I have access to AC. If I am cracking wireless, I use a smaller version with just a 10” screen and a slower 5200 rpm hard drive. When I am auditing wireless I tend to be very mobile…[Read more]

All the best !  ;D

Sorry Termight but he promised to be my mentor first!  I like that name termight or termite.  A termite has an amazing way to tunnel in and own a house or wood.  Wood being a vulnerable place, block being a little more secure.  Very good.

In my experience, the most you can hope is for a major corporation to view security as a necessary evil. No matter how you sell it, they see it as an expense against their bottom line.

Not sure why someone following you from one forum to another would bother you. If that person is harassing you with posts, explain the situation to the site admin and he should be happy to ban them.

Nice hack!  Yeah, if I run into you at the next Defcon I will buy you a beer,lol.

As Ketchup mentioned, you really need to get your hands on the browser and preferably the source code, though having the source code isn’t always critical. Depending on the size of the program, we can sometimes produce some exploits just by fuzzing.  Going to an exploit site and just blindly blasting them at a program that was privately written…[Read more]

I thought one of the fundamental rules in all warfare is to “know your enemy”. Seems like we sometimes underestimate the cunning of people living in 3rd or 4th world countries. Thats a big mistake not only for the military but anyone involved in security.

Simple nmap scans are not illegal.  However, if you caused a server to crash you might be held responsible for damages.  Most ISPs look down on it and if you are caught scanning, will freeze your service until you give them a good explanation.  My ISP has a 3 times caught and you’re out policy. They have the right to refuse service to whom…[Read more]

Thanks Don  😉

First class effort and with the exam process included, makes this one of the most complete reviews concerning a training program like this.

Hope everybody had a TG day and didnt eat too much!