unsupported

Forum Replies Created

Viewing 14 reply threads
  • Author
    Posts
    • #31423
      unsupported
      Participant

      Thank you for the good recommendations!  Initially, my use for EnCase will be to look for the existence of specific files, programs in memory, and may expand from there.

    • #31333
      unsupported
      Participant

      For your scenario, you can shovel a shell/reverse shell using NetCat.  How do you get NetCat on the machine from the outside?  It is so small it can fit inside a buffer overflow or you can combine it with another executable which is run on the inside.

    • #31375
      unsupported
      Participant

      Narcissistic Vulnerability Pimp: One who – solely for the purpose of self-glorification and self-gratification – harms business and society by irresponsibly disclosing information that makes things less secure.

      Sounds like Verizon is using their head to find that stick that is up their ass.  Not all vulnerability researchers are classified this way.  I have read numerous personal accounts and methods for being an ethical security researcher and there comes a point where the needs of the many out weight the needs of a few businesses.

      Regardless of that fact, security needs these “pimps”.  The more we know about the vulnerabilities the more we can mitigation.

    • #31281
      unsupported
      Participant

      As stated, your router is blocking the traffic.  If you want to test the security of each of the different distributions you may want to invest a few bucks on a cheap 10/100 hub.  A router will only send traffic out to specific ports, unless you flood it and make it fail back to be a hub, or you use ARP spoofing, or any number of other tricks.  But if you are just doing it for testing, then get a hub which sends traffic to all ports, regardless of which computer it is destined for.

    • #31316
      unsupported
      Participant

      Welcome to the site.  I took a similar approach to information security by coming up through grunt work at the helldesk.  It was strange, I never had much interest in getting my MCSE or whatnot, but once I got into security I’ve taken off in regards to my certifications.  Security Plus was my first step and it was a good one.

      Again, welcome.  If you have any questions, let us know.

    • #31189
      unsupported
      Participant
    • #31065
      unsupported
      Participant

      GPEN is not for the faint of heart.  It is super technical.  My co-worker and brother have taken the course and they both were both dumb founded by the amount of technical information.  They are both well experienced and certified individuals, and are not stupid in any way.

      As a holder of two GIAC certs and one on the way, with one self study and two courses, I can safely state without any previous experience it may be near impossible to pass without having the SANS course ware.

      With that being said, there are a lot of options when going for a SANS course.  You can do OnDemand, Self Study, life training, and even work study at live training (where you work at the conference, get the training, materials, and certification attempt for around $800).  I think if you are starting off with no experience, then it would take all of your being to do self-study to bring you up to a level where you would be lucky if you drowned in the level of technical details the course offers.

      I do not know your experience or commitment level, but you could probably do well to self-study and do the GPEN course.  If you are looking for a more long term and lower budget option, you may want to go the self-study route for Security+ to lay the security foundation > CEH to lay the pen testing foundation with methodology and tools > GPEN.

      I would also recommend Counter Hack, because it is a good read, and it not only gives you a lot of the hacker tools and methodology, but it also gives you insight on how to defend these tools.  You would also do well to start learning some of the tools like NMAP, Wireshark, Metasploit, and Cain and Able.  Heck, just start playing with anything on http://sectools.org/. 🙂

      Good luck!

    • #30886
      unsupported
      Participant

      I fully support this website.  I used it when I was still a contractor and paying for my own certifications.  It really helped save me a few pennies.  They are really easy to deal with.

    • #30506
      unsupported
      Participant

      Man, I fit into most of the categories on the original post, and some in the second…. this is funny.

    • #30355
      unsupported
      Participant

      Sorry, my co-workers won out.  I’ll have more practice tests in the future!  One for GCWN and GSEC. 🙂

    • #30353
      unsupported
      Participant

      Ok, I passed my GCIA yesterday with an hour to go.  My final score was 85%.  I was less about my score than with my GCIH (94%).  I just wanted to pass, then I was able to take it easy.  The test got a lot easier once I passed. 🙂  This was much harder than the GCIH.  A lot of packet reading.  I made easy mistakes when counting the hex and converting.  I made the mistake of not taking a break, I was more concerned about just finishing the test and getting out of there because of personal issues.

      It was a good experience.  Now I can move onto my GCWN.  I will am going to offer the practice test to my group, if I do not get an immediate response my next stop will be here. itg33k has first dibs, but I think I may have a simple little quiz to answer to make it fair. 🙂

    • #30349
      unsupported
      Participant

      Thank you for all your well wishes.  I am going to be doing a dry run of my index with a practice test this weekend.  Then I may have my second GCIA practice test up for grabs if nobody in my department wants it.

    • #30331
      unsupported
      Participant

      I know there are a few published authors, maybe it would also help to personally contact some of the other published security authors in the industry.  I can think of a number of them off the top of my head like Richard Bejtlich (Addison-Wesley Professional), Ed Skoudis (Prentice Hall), Dr. Eric Cole (Sams and Wiley), Anton Chuvakin (Wiley and Syngress).  I wouldn’t imagine anyone of them wouldn’t mind sharing their experience in publishing (if they haven’t all ready blogged about it).

    • #30329
      unsupported
      Participant

      I would assume the choice of publisher revolves around what publisher is willing to publish your book.

      I think the process is not unlike a movie deal in Hollywood, you need to have a synopsis or a script and then you shop it around to different studios to see which one will bite.

    • #30338
      unsupported
      Participant

      Welcome to EH-Net!  We look forward to your contributions.

Viewing 14 reply threads

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?