partek

Most of the problem with certification is that the tests primarily consist of multiple-choice tests that merely test your book knowledge or very basic reasoning skills. For example one could likely pass the CISSP or CEH with very little technical knowledge by simply reading the materials and perhaps participating in lab exercises. There of course…[Read more]

I’m having a problem just like this with a book I bought. I figured it was from the heat and humidity of reading it on the beach, but maybe Amazon is getting some bad books?

@H1t M0nk3y wrote:

BTW, the hardest thing for my as a contractor now is training. I used to have 1 week a year of paid training/conference. Now, I obviously pay everything myself. For example, a SANS course at roughly $4000 + travel $1200 + lost in revenue of $4000 = $9200 for a week long course!!! It used to be free…

Loss of revenue when…[Read more]

If anyone is interested I just received a discount code dropping this to $295:

BHUL443

I got an email about BlackHat USA 2010 Uplink where it appears they will be streaming parts of Blackhat live this year.

At $395 it sounds like a decent deal.

Does anyone have any thoughts about it?

OSCP is a tough course and really forces you to come up with some interesting and unorthodox solutions. I remember spending many a late night trying to break into the lab boxes.  It’s very frustrating, but is definitely the most rewarding course I’ve ever taken.

@yatz wrote:

I need to come up with some projects for the 2010-2011 year.  The projects should be something with a scope of a few months.  I will research/deploy/test/etc. some kind of technology or process that benefits the company.

Anyone got any ideas???  Maybe something fun you have done in the past?

;D ???

Unfortunately as fun as it ma…[Read more]

@Ketchup wrote:

I can’t stand this buzzword, “cloud computing.”

I totally agree. I have seen the term “cloud computing” mean so many different things. Honestly the “cloud” should really only reference real on-demand offerings like those of SaaS, PaaS, and IaaS.  All too often I’m seeing this term applied to generic virtualization in the…[Read more]

@chrisj wrote:

Even then I question if the recruiters do as much as they claim. I worked with a local one in December. After 2 weeks, they said the company wasn’t interested in me. A week later, the internal HR guy for said company called me asking if I was interested.

I would bet there was lack of feedback from HR to the recruiter and that’s…[Read more]

@MarcusW wrote:

If it’s any issue, I’ve been warned that Core Impact won’t be installed in the new Version 3 XP boxes, which implies it may have been dropped from the syllabus.

I don’t think it will really be missed if it is dropped from the course. The course really only gave an overview of it as a pentesting framework.

I earned my CEH about 2 years ago and I think it’s a great cert. It really does teach you to think like an attacker and gives a very good introduction to the process of penetration testing/ethical hacking.

If you do earn the cert, I would recommend following it up with the Pentesting with Backtrack and the OSCP certification. I feel like the CEH…[Read more]

The more I learn, the more paranoid I become I think. I just finished PWB and learning just how easy client side attacks are really kicked up the paranoia a bit..

I think what’s being missed here is that you’re not taking input from an external source such as a prompt, a file, or a socket.

The compiler appears to be fixing a logic error for you, which compilers are sometimes good at doing. What a compiler can’t do is protect the program from user input that it knows nothing about if the input isn’t being…[Read more]

You may not be able to overflow a buffer in code before it is compiled. There’s a good chance that the compiler will try and fix that for you.

Most buffer overflows are triggered by input that comes from an external source such as a prompt on a commandline or commands via a network socket.

When you’re taking input from an external source, if…[Read more]

I typically default to Perl when I need to do something that I can’t do in a simple shell script.

I’ve been been wanting to get a little more into Python and Ruby, but I’m usually in a situation where time is of the essence, so throwing in a new programming language isn’t an option.

I did do a project in Ruby recently and really enjoyed the…[Read more]

j0rDy,

Wow, this is a great list. Thanks! I think I’ll start slowly over time building these up.

My labs for PWB expire today(I did the 60 day plan), and really only had 1-3 hours a day at the most(probably skipping a good 15 days) to work on it. If you have at least that much time to devote to it, the 60 day should be fine.

I finished the…[Read more]

I definitely wouldn’t expect them to be free. I would totally be willing to spend a little money for the time and effort that someone is spending to maintain a lab.

I’ve seen the de-ice.net/heorot site, and have entertained setting the stuff on there up. I’d just rather spend my limited free time researching, hacking, etc rather than downloading…[Read more]

The reviews got me very intrigued with the course so I signed up. I’ve been with the course for 5 weeks now, squeezing in as much time between life and work as I can.

It’s a very interesting course, and has really forced me to think outside the box.

I’m eagerly awaiting the final part of the series so I can have a preview of what to expect from…[Read more]

We use the McAfee Total Protection Service. Frankly it’s a bit heavy on resources and we’re considering switching to Trend Micro or Panda’s SaaS offering when our McAfee contract is up.

You need to have the CCNA before you can take the CCNA Security. I’m studying for it right now and find that there is a fair amount of basic security knowledge associated with it. It’s mostly covering security architecture and the basics like CIA and risk assessment as well as configuring IOS firewall and using the SDM.