• @ sil & Ketchup,

    To me, that’s the value of having professionals that help the client scope the review and can advise the client of risk before pressing a button. 

    Having all the latest and great tools is way down the list of requirements.
    A skilled professional explains how exploits can be chained to achieve to target in terms for non-it folk…[Read more]

  • jonas,

    From the number of penetration tests conducted on systems managed by me, the professional penetration testers have never used live exploits on ANY production systems.

    Should the penetration testers raise a potential exploit risk, then I may ask them to run it against a lab environment machine. I’d expect them to understand inside and out…[Read more]

  • @j0rDy

    Wow, evil hackers – day time TV soap style! I wonder if there’s a course I can take to develop that smug, I’m evvvvilllll – and all powerful look. I’d be set then with the ladies and everyone data!

    I can only imagine the back story to that episode was: (Fade to voice over)

    If only Ron, the evil haxor, discovered that he was actually the…[Read more]

  • @hitmonkey

    We did a similar thing to help a friend practice pentesting.
    He started getting a lot of hostile scans on those web services, which ending up being quite annoying and chewed up bandwidth.

    In the end we set up a VPN from where he could SSH into a local machine running BT4. From there he could attack the systems in peace and quiet.

  • These are the conversation I really enjoy as it makes me think about defenses and mindsets.

    In my mind the main reason you’ll never see stats on hacks comes down to businesses refusing to report them from the fear it will have on their share prices. However, having looked over a number of the major court cases in the stats where…[Read more]

  • All – most of the attacks/intrusions I’m able to detect fit into the 80% of using tools or techniques which have been written by smarter folk, not the current user. That’s what I’m basing my “normal” attacker profile on, the lower end of the scale.

    I was attempting to say these tools would mainly be used attackers looking to make a mess of…[Read more]

  • These tools are really for an insider threat or an attacker that has been on your system for a while and want to make life a real mess. I don’t see a normal attacker deploying these tools. Why would they bother?

    I’ve reported dozens of infected and attack jump points to the correct authorities and most times there’s no response. In the end, we…[Read more]

  • Nice work Ketchup!

    The challenge was fun, apart from load times.
    The lag is an absolute killer of us at the bottom of the world. Load time of over 10,000ms per object, so can’t complete stage one to get away from the loonies and get some peace to go for gold 🙁

  • Hello delusion,

    Chrisj offers a very sensible approach to your issue. I’ll add that talking to your boss is a good way to go, but go in with a thought out plan first.

    If you walk in without a plan or with a negative attitude, then you’ve leave the meeting unhappy and the boss will start to worry about you.

    I’ve had people walking in a tell me…[Read more]

  • What90 replied to the topic InfoSec Mentors in the forum Career Central 11 years, 7 months ago

    @Equix3n-  Always one to acknowledge when I’m wrong – well, most of the time 😉

    ChrisJohnRiley of http://www.eurotrashsecurity.eu has done a small podcast Marisa Fagan of InfoSecMentors.

    They discuss people that aren’t able to get to the events in the US and how they hope to grow the program.

    Well worth a listen to understand the program and what it…[Read more]

  • I’ve heard a few well known security people asking for copies to review, so I hope to have some indication of the material one way or another very soon.

    If someone in the forums get a copy and reviews it, I’d be interested in their thoughts.

    Happy to be proved wrong about my feelings on what this is going to be like 🙂

  • I’d like to know if I had a massive hole in my external network before it becomes “managed” by someone esle 😉

    You may want to contact a trusted 3rd party like the SANS Internet Storm Center and ask them to inform the company. If they can’t help they may be able to point you in the right direction on whom to report this…[Read more]

  • Hello Artholm3,

    I’d have to say it depends 🙂

    These (OSCP, eLearning, GPEN) courses are targeted at teaching specific skills, thus specific, specialised roles in a company. Having these skills/certs is great but they have to fit in with an employer’s need for them to be required, thus having HR identify what they  are in the first place.

    If yo…[Read more]

  • What90 replied to the topic InfoSec Mentors in the forum Career Central 11 years, 7 months ago

    My take from that and a bunch of tweets bouncing around is to get a really solid match, being there is what will seal the deal. Knowing who you are and what are after will making the pairing up work. Picking names from a hat, is never quite as good for either party.

    I think this is a brilliant idea, but still those who are physically at the…[Read more]

  • Honestly, $25 spending to “become the world’s no.1 hacker” seems some what outlandish to boast. The fact there’s no reviews on Amazon or blogs post about it says volumes to me.

    I’d spend the money on a book rated by decent security professionals who are well known for the teaching abilities.  Or save it up to later sign up for the any number of…[Read more]

  • What90 replied to the topic InfoSec Mentors in the forum Career Central 11 years, 7 months ago

    Looks like an amazing opertunity. Shame you have to be in the USA and at those events to be part of it.


  • Avoid the book and just buy the tee-shirts! 😀

    Google the author and then make up your own mind whether to buy the book or any of their services.

    I’ll avoid this one and get something a bit more realistic.

  • Excellent demo and explanation for how they did it and the mindset they used to work into the environment. Some great work and clever thinking.

    What I take from it, from the defense side, is that some simple, good practices would have stopped the attack in its tracks.

    As an example, if the servers weren’t allow outbound access to any locations,…[Read more]

  • Hello Armando,

    I really enjoyed reviewing the course demo on SQL injection, it is nicely put together, very clear and flows well. I think I learnt a couple of words in Italian too!

    I can believe your course is different to both SANS and Offensive Security’s offering, my trouble is pitching those differences to management so they can understand…[Read more]

  • Hello Alwin,

    Great work on passing the GCIH!
    It’s amazing how that exam deadline sneaks up so fast 🙂

    It’s a fantastic course and the skills from it really do help with situations in the real world. They’ve saved my backside a number of times!

    Have you got plans to take any more courses or exams this year or are you going to take a well deserved rest?

  • Load More

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?