salil

Hi,

Check the blog from Anton. http://chuvakin.blogspot.com/

He has many posts on log management and seim.

I have found that if you start logging things that you know and understand you are able to build up on it. If you start with log everything and start getting rid of the noise you end up with a mess.

Cheers,
Salil

Hi,

I can understand your frustration. I have been through that phase as well. The way I approached the situation was to break all your work into phases. Start with the simplest thing that you know they cannot say no to. Get it working, document it well enough so that they get the confidence that there is now a process where the tool fits in and…[Read more]

Hi,

Not sure if its been discussed here but securitytube.com has a new series of videos on Metasploit. Its called the Metasploit Megaprimer and it goes into some good detail.

Cheers

site:sans.org cheat sheets

Hi,

You can use the triggers in the AMAP tool that can be found in the file appdefs.trig (I cant remember exactly but I think thats the one). Are you using netcat manually to rule out false positives?

cheers

@Marcos: The practice exams included with the registration or if you buy a separate one can only be used once. Both types of exams can only be accessed once you login to the SANS portal. You do not have to install any software on your PC. You have to use your browser to use the exams.

The three exams will give you a good understanding of the…[Read more]

If anyone listens to the Exotic Liability Podcast episode 64’s starting song is a beauty. Please note the discussions in the podcast may offend some people.

Congrats Hayabusa! Way to go.

@dynamik – There was some overlap in the test questions. However I found hardly any overlap between the test and the actual exam questions. I wont say that I found the exam very easy but it was not as hard as I expected. Which lab are you talking about? I did not have any lab at the end of the exam.

@H1t M0nk3y – I did not take the 6 day course.…[Read more]

People…I passed my GPEN exam.  🙂

Things that came handy for me are

1) various cheatsheets on the SANS website
2) Counter Hack Reloaded

Other resources that I referred to and had got my notes from
1) Penetration Tester’s Open source toolkit
2) Metasploit toolkit & Offensive-security
3) Webcasts from Ed – CoreSecurity and Pauldotcom…[Read more]

Thanks Guys…I bought one earlier just to get a feel of what its like. I registered for the exam and got the 2 practice exam. I was about to purchase just another practice exam…good I asked.

cheers

Hi,

Paros has some limited scanning capabilities. I have only only used it in labs against Webgoat and OwaspBWA though.

Cheers.

Hi Guys,

I am in the same boat. The biggest problem I face is that with so much stuff to learn its easy to drift from one subject to another…one website to another and before you know it you have spent 3 hours on something totally unrelated to what you started with.

I still have not found a solution but I have kept 2-3 primary goals and a…[Read more]

Thanks…that makes me feel better about the exam. I have read Counter hack reloaded. I will do a quick review and mark relevant parts before taking it with me for the exam. Can I carry the SANS cheat sheets with me for the exam? I have some nice ones covering netcat, wmic etc.

Hi,

I dont exactly have a dashboard but if I could I would put all my monthly reports in it. Right now I provide a monthly report which has graphs and charts (Top 10) covering the following

1. Virus – detected, cleaned, PC name and Username (identify repeat offenders)
2. Patching update
3. Graph on number of attacks by type
4. Graph on most…[Read more]

Hi,

You can allow staff to use VPN but create different groups and control what each group can access.

Home Users – Use their own laptop but get least access. Restrict access to specific IP address and ports that you know wont allow worms or virus to spread to your network.

Remote office users – Use the office provided laptop have all your end…[Read more]

Hey Bala,

Search for mindmaps. You can use Freemind to creating your own mindmap. The other option is creating your own cheatsheets for tools and they command options.

cheers.

As others have pointed out keeping outbound access to well known IP addresses is the way to go. Here is a nice link showing use of openssh for tunneling.

http://packetheader.blogspot.com/2009/01/installing-openssh-on-windows-via.html

One thing to keep in mind is this applies to all ports and not just SSH since you could change the SSH port from…[Read more]