What90

SANS 660 is being run for the first time at SANS London 2010, so I can’t comment on the entire course, but I know some of the content has come from 709.

My take on the two courses are:
709 is intended for folks that want to find, created and develop their own exploits, or at least have a stellar understanding of how the bad guys and security…[Read more]

Hello crossover,

I really like the SANS IH course as it’s a great introduction to the incident handler process and from what you’re saying, I’d think this is a good starting point.

More advanced or very focus IH courses are from US CERT http://www.cert.org/ or one I’d love to take is Richard Bejtlich’s course http://…[Read more]

Hello delusion,

Having experience in a major company, working with a diverse range of people, systems and requirements is a dream run. You’ll get to make plenty of contacts and have actual experience of critical financial systems – both the good and the bad.

Unless you see yourself a back office guy that never interacts with clients, cus…[Read more]

Hello H1t M0nk3y,

I hope that over the next few years there will be a ever-growing number of EH-ers with the GSE to their names.

Thanks ziggy_567, if I can help out with the ascent to the GSE, let me know 🙂

Hello H1t M0nk3y,

A resounding YES to your question: Is the GSE worth the time/money/effort?

I didn’t do it for the glory, fame or to get a pay rise. I did it to learn and wow, did I learn.

I’m one of ziggy_567’s generalists, pretty much focused on the defensive side, but there are some super smart offensive guys that are GSE’s, so it is up to…[Read more]

It’s a great course, and very different from GWAPT.

I’d offer the advice to read up on hex and packets before hand. This will help  avoid the head crushing pain of attempting to read packets in Hex on day two 🙂

Laura Chappell’s excellent Wireshark box would be a great pre-course read too.

That’s interesting and sad at the same time, I guess there has to be rogues out to cash-in in any community by re-hashing others work. It seems his time has come Armando,well at least in the security community, to show he’s not someone to trust or believe.

The twitter feeds are pretty busy calling him out to prove he’s THE number 1 after he made…[Read more]

Many thanks Armando!

Really looking forward to taking your course.

It’s been received terrible reviews on Amazon too.

http://www.amazon.com/How-Become-Worlds-No-Hacker/dp/0982609108

I find it sad people will buy this book only to find out it’s a poor rehash of other material.

There’s been a lot of chatter on twitter about the author @ligatt and #ligatt most of which hasn’t been very pleasant. Out of that a few…[Read more]

I’m very excited to have been picked as a winner and can’t wait to start eLS’s training. I’m truely fasinated to see how it differs from SANS and Offsec’s offerings!

I’ll make a humble attempt to add to Jason’s and Equix3n- reviews.

Thanks Don and Armando Romeo!

Read the SANS link and break up your response in to steps in order to deal with the problem in a calm and rational way.

One possible way of dealing with a Conficker outbreak in a Windows active directory (AD) domain follow the SANS steps.

Step Two—Identification
You (as the security person) have been alerted of that there’s a problem.
In C…[Read more]

Hello Crossover,

That’s a bit of a generic question to answer fully, do you have a specific incident in mind?

A great overview of the steps I’ve used to deal with a number of issues is from SANS
http://www.giac.org/resources/whitepaper/network/17.php
This covers dealing with incidents from start to finish.

They’ve also go some excellent…[Read more]

Mine was created from sheer annoyance.

I was attempting to open a hotmail account, way back when hotmail was new and shiny,  using my name. Hotmail merrily informed me the name was taken but I could have ChrisMohan90.

My response went something like “WHAT? 90! – bugger.” and so a simple angry outburst became my new email address and eventually,…[Read more]

My link to download the videos and PDF turned up two days after they confirmed my order.

You should get the follow up email with the download link very soon.

Hello MsRefusenik,

Once a machine is compromise by an attacker, spending time attempting to recover it is a futile approach.

Take your computer down to a local, well known, Mac store and have them take a backup of your data, then format and reinstall the latest Mac OS operating system.

Have them complete a full update of all the software on the…[Read more]

The policy we apply is only company owned and managed systems are allowed to connect to the network. Anything else is a breaks of company policy and is dealt with by official channels.

For VPN software, the VPN client is only installed on the company laptops. We don’t allow the software to be installed on personal machines.
Yes, they could get a…[Read more]

My core test environment is two machines with 8GB of RAM, one running Windows 2008/Hyper-V and the other running Windows 7 with vmware workstation. Hyper V hosts a variety of Windows servers and domains and Win7 box runs all the client machines.  The two boxes were built from parts purchased, as cheaply as possible, on line. I do have lots of…[Read more]

You bring up some great points but I’ll respond with the one reason why full exploitation tests doesn’t happen, in my opinion, in most companies: money.

Despite massive media coverage about online threats, breaches and real world monetary loses, for the majority, security isn’t going to be high on the list of priorities. Human nature or just…[Read more]

Fair enough sil,I’d imagine the people that hire you in a vested interest in proving if their security is working as expected. I’d be interested to know how many companies take the extra step and purchase the full package.

Fear factory of exploiting systems
The problem with live exploits on live system is that you may break something, even with…[Read more]

You’ll need to work out on your router how to do port forwarding for inbound tcp 80 to your computer with netcat on it.

This does place a certain risk by opening up port 80 to your machine, so make sure your machine is fully patched before trying this.

I think you may want to go with sil’s advice and set this up at home first and practice it on…[Read more]