-
What90 replied to the topic which sans course i should take first? sans660 or sans706! in the forum Network Pen Testing 10 years, 4 months ago
SANS 660 is being run for the first time at SANS London 2010, so I can’t comment on the entire course, but I know some of the content has come from 709.
My take on the two courses are:
709 is intended for folks that want to find, created and develop their own exploits, or at least have a stellar understanding of how the bad guys and security…[Read more] -
What90 replied to the topic Sans GCIH – To do or Not in the forum GCIH – GIAC Certified Incident Handler 10 years, 4 months ago
Hello crossover,
I really like the SANS IH course as it’s a great introduction to the incident handler process and from what you’re saying, I’d think this is a good starting point.
More advanced or very focus IH courses are from US CERT http://www.cert.org/ or one I’d love to take is Richard Bejtlich’s course http://…[Read more]
-
What90 replied to the topic Diverse, IT Manager, to pen tester in the forum Career Central 10 years, 4 months ago
Hello delusion,
Having experience in a major company, working with a diverse range of people, systems and requirements is a dream run. You’ll get to make plenty of contacts and have actual experience of critical financial systems – both the good and the bad.
Unless you see yourself a back office guy that never interacts with clients, cus…[Read more]
-
What90 replied to the topic The value of GSE in the forum Security 10 years, 4 months ago
Hello H1t M0nk3y,
I hope that over the next few years there will be a ever-growing number of EH-ers with the GSE to their names.
Thanks ziggy_567, if I can help out with the ascent to the GSE, let me know 🙂
-
What90 replied to the topic The value of GSE in the forum Security 10 years, 4 months ago
Hello H1t M0nk3y,
A resounding YES to your question: Is the GSE worth the time/money/effort?
I didn’t do it for the glory, fame or to get a pay rise. I did it to learn and wow, did I learn.
I’m one of ziggy_567’s generalists, pretty much focused on the defensive side, but there are some super smart offensive guys that are GSE’s, so it is up to…[Read more]
-
What90 replied to the topic Sans GCIA in the forum Incident Response 10 years, 7 months ago
It’s a great course, and very different from GWAPT.
I’d offer the advice to read up on hex and packets before hand. This will help avoid the head crushing pain of attempting to read packets in Hex on day two 🙂
Laura Chappell’s excellent Wireshark box would be a great pre-course read too.
-
What90 replied to the topic How to become the world's no.1 hacker? in the forum Other 10 years, 8 months ago
That’s interesting and sad at the same time, I guess there has to be rogues out to cash-in in any community by re-hashing others work. It seems his time has come Armando,well at least in the security community, to show he’s not someone to trust or believe.
The twitter feeds are pretty busy calling him out to prove he’s THE number 1 after he made…[Read more]
-
What90 replied to the topic [Article]-May 2010 Free Giveaway Winners – eLearnSecurity in the forum News Items and General Discussion About EH-Net 10 years, 8 months ago
Many thanks Armando!
Really looking forward to taking your course.
-
What90 replied to the topic How to become the world's no.1 hacker? in the forum Other 10 years, 8 months ago
It’s been received terrible reviews on Amazon too.
http://www.amazon.com/How-Become-Worlds-No-Hacker/dp/0982609108
I find it sad people will buy this book only to find out it’s a poor rehash of other material.
There’s been a lot of chatter on twitter about the author @ligatt and #ligatt most of which hasn’t been very pleasant. Out of that a few…[Read more]
-
What90 replied to the topic [Article]-May 2010 Free Giveaway Winners – eLearnSecurity in the forum News Items and General Discussion About EH-Net 10 years, 8 months ago
I’m very excited to have been picked as a winner and can’t wait to start eLS’s training. I’m truely fasinated to see how it differs from SANS and Offsec’s offerings!
I’ll make a humble attempt to add to Jason’s and Equix3n- reviews.
Thanks Don and Armando Romeo!
-
What90 replied to the topic Steps to be taken during an outbreak in the forum Incident Response 10 years, 8 months ago
Read the SANS link and break up your response in to steps in order to deal with the problem in a calm and rational way.
One possible way of dealing with a Conficker outbreak in a Windows active directory (AD) domain follow the SANS steps.
Step Two—Identification
You (as the security person) have been alerted of that there’s a problem.
In C…[Read more] -
What90 replied to the topic Steps to be taken during an outbreak in the forum Incident Response 10 years, 8 months ago
Hello Crossover,
That’s a bit of a generic question to answer fully, do you have a specific incident in mind?
A great overview of the steps I’ve used to deal with a number of issues is from SANS
http://www.giac.org/resources/whitepaper/network/17.php
This covers dealing with incidents from start to finish.They’ve also go some excellent…[Read more]
-
What90 replied to the topic What's the story behind your nick name / handle? in the forum Other 10 years, 9 months ago
Mine was created from sheer annoyance.
I was attempting to open a hotmail account, way back when hotmail was new and shiny, using my name. Hotmail merrily informed me the name was taken but I could have ChrisMohan90.
My response went something like “WHAT? 90! – bugger.” and so a simple angry outburst became my new email address and eventually,…[Read more]
-
What90 replied to the topic WiFu – One Week To Get Materials? in the forum OSWP – Offensive Security Wireless Professional 10 years, 9 months ago
My link to download the videos and PDF turned up two days after they confirmed my order.
You should get the follow up email with the download link very soon.
-
What90 replied to the topic I have been dealing with my hacker on my own, now I need some help. in the forum OS 10 years, 9 months ago
Hello MsRefusenik,
Once a machine is compromise by an attacker, spending time attempting to recover it is a futile approach.
Take your computer down to a local, well known, Mac store and have them take a backup of your data, then format and reinstall the latest Mac OS operating system.
Have them complete a full update of all the software on the…[Read more]
-
What90 replied to the topic Policy for personal laptops at work in the forum Compliance, Regulations & Standards 10 years, 9 months ago
The policy we apply is only company owned and managed systems are allowed to connect to the network. Anything else is a breaks of company policy and is dealt with by official channels.
For VPN software, the VPN client is only installed on the company laptops. We don’t allow the software to be installed on personal machines.
Yes, they could get a…[Read more] -
What90 replied to the topic Your Setup or Lab in the forum Other 10 years, 9 months ago
My core test environment is two machines with 8GB of RAM, one running Windows 2008/Hyper-V and the other running Windows 7 with vmware workstation. Hyper V hosts a variety of Windows servers and domains and Win7 box runs all the client machines. The two boxes were built from parts purchased, as cheaply as possible, on line. I do have lots of…[Read more]
-
What90 replied to the topic Pentesting tools in the forum Network Pen Testing 10 years, 9 months ago
You bring up some great points but I’ll respond with the one reason why full exploitation tests doesn’t happen, in my opinion, in most companies: money.
Despite massive media coverage about online threats, breaches and real world monetary loses, for the majority, security isn’t going to be high on the list of priorities. Human nature or just…[Read more]
-
What90 replied to the topic Pentesting tools in the forum Network Pen Testing 10 years, 9 months ago
Fair enough sil,I’d imagine the people that hire you in a vested interest in proving if their security is working as expected. I’d be interested to know how many companies take the extra step and purchase the full package.
Fear factory of exploiting systems
The problem with live exploits on live system is that you may break something, even with…[Read more] -
What90 replied to the topic how to penetrate pc through NAT ?? in the forum CEH – Certified Ethical Hacker 10 years, 9 months ago
You’ll need to work out on your router how to do port forwarding for inbound tcp 80 to your computer with netcat on it.
This does place a certain risk by opening up port 80 to your machine, so make sure your machine is fully patched before trying this.
I think you may want to go with sil’s advice and set this up at home first and practice it on…[Read more]
- Load More