triznut

MrAgent, nice write-up on your blog. Thanks.

Thanks Zeebee!

Well I did not attempt the exam my first session, but wondering if I had under estimated my successes and should of at least tried (of course I should have). I was a little burned out at that point and also was not feeling very confident. Mainly because I had not pwnd every system possible in the lab. But I have been wondering if…[Read more]

@zeebee wrote:

While as of now I am absolutely nowhere near “comfortable” with writing/porting exploits on my own and WILL need MSF for this training/cert but I think its a worthy goal (to do it without MSF) to work towards….on it 🙂

Also, I would highly recommend that at the very least you get comfortable porting other peoples code right…[Read more]

Hey Zeebee, I too am starting my 2nd attempt at preparing for the exam in the course labs on 02/21. It’s been about 3 years from my 1st attempt with course. I have kept all my old notes and try to keep up my skills in my own labs and at work. I’ll look for you in the IRC. It’s nice to have others tackling it to bounce ideas off of. I like your…[Read more]

They updated to PWK… I knew it had to becoming soon. I think it’s time for me to update, hit the labs, and get that OSCP cert!!

I think you need to pin-point where on your network this traffic is coming from? Specifically you need a MAC and what port on your switch the traffic is coming through. If you truly have that computer physically disconnected from the network, then it would not be coming from that computer. You said you’re seeing traffic from the computer about…[Read more]

Well keep us posted on what you find out is the true reason. Don’t forget to research the IP/Network your infected system was trying to connect with. It might be worth blacklisting the IP and possibly network depending on what you find out.

Good luck!

ccpik1,

You should also do some research on the IP address(es) the “rouge” host on your network is trying to connect with. There is plenty of resources online to determine if it’s connecting back to a malicious host/network.

I’m curious how you determined your host was infected with the zeroaccess trojan?

Well if you’re certain it’s unplugged from the network, then there is no way it’s coming from that system. Can you run a network sniffer (like Wireshark) on your network? Maybe you can capture a MAC address as well and then go to the switch to see where it may be connected on the network.

Also, make certain your time is synched properly between…[Read more]

Can you explain the firewall setup a little more? Are we talking about a dedicated firewall device or just the built-in firewall on Windows or some other software firewall? Also, you said you unplugged the cable (assuming network), but have you made sure there is no wireless or other network connection to the system in question? Depending on where…[Read more]

hayabusa – I wasn’t looking to start up a bloated conversation by any means. I was just looking to start a “good” conversation on the topic and though others might post up some interesting experiences. Plus, it was a good time to remind others to keep up on some infosec basics.

I also agree that attack campaigns from mentioned countries have been…[Read more]

Well that was a good conversation…

Guess I’ll just finish this up then with a friendly reminder to be keep up on some security best practices: better be aware of those low hanging fruits on your networks and locking those down (including those users who will click on anything), Web side…big big targets of course, and are you auditing your…[Read more]

Damn. I’m in the same rut on the 2008 sp1 box. Guess I’ve got to try harder!

I just recently took the CPTE exam. I would say it is on-par with the CEHv6 exam.

I started the CTPE videos as well. Maybe the manual and lab guides would’ve made it a better experience. But I’d look at other sources for training if I were going to pay out of my own pocket. Mile2 if you’re taking notes here: *Update course materials

You will not regret getting this book.

So when you say you’re using tools like dig or nslookup, are you just not coming up with any info on them from the dns server(s) you’re enum or nothing comes up that can pinpoint a particular service that the IP address maybe tied to (ex.. mx record= good chance for smtp to be running)? Depending on the ‘nature’ of the TOE, you could hit search…[Read more]

This is very cool and gracious along with everything these guys are doing!!

Same here… So far pretty good. I agree with SephStorm in that the curriculum is surpassing CEH. I will give a full review as well once I’ve completed. Who knows, maybe they’ll pick me and I can see more of what they have to offer  ;D

Yes I’m signed-up. Have been for about a week. Got access to the videos and exam immediately after signing-up on their web site. From what I’ve seen so far.. Not to bad. It’s a nice gesture from Miles2 for sure.