Tag: pentest

Get eLearnSecurity PTSv3 Training Free!

| March 12, 2015 | 6 Comments

eLearnSecurity PTSv3 eJPT Certification LogoeLearnSecurity has long been a trusted training provider with multiple courses on offer. They recently updated their Penetration Testing – Student (PTS) course. The eLearnSecurity PTSv3 course is tailored for beginners. In addition to a brand new version, they also made available a new pricing structure that includes an Elite Edition, a Standard Edition and a free Bare Bones Edition. The Bare Bones Edition includes lifetime access to the training materials as well as email tech support. For a full rundown of the difference between the editions, click here.

Unfortunately, this is available only to those with an invitation. Luckily, we scored 100 seats in the invite-only free version of the eLearnSecurity PTSv3 Course. And this time there are no gimmicks, no contests, no requirements. It is simply a first come, first served deal for EH-Netters. Read on for the code that gives you access as well as some more details on the new pentesting course. This is for a limited time, so HURRY!!

Continue Reading

Book Review: Hacking and Penetration Testing with Low Power Devices

| February 27, 2015

Hacking and Penetration Testing with Low Power Devices” by Philip Polstra is an excellent read.  The author bases this book on his experiences in both hardware, software and penetration testing and combines the various disciplines to both educate and enlighten the reader.  Ultimately, the subject matter revolves around using the BeagleBone Black and a customized ARM penetration testing Linux distro, which Polstra’s dubbed ‘The Deck,’ to perform various types of hacking activities. It’s described as, “A practical guide to performing penetration tests from a distance with low-cost, battery-powered devices.” Oh yeah… just what the doctor ordered.

Let me open by saying that this book struck my “techie geek” nerve.  Years and years ago, not too long after I became a computer guy, but far before becoming a professional penetration tester, I managed a Radio Shack store (sad to see they’re going away).  I guess you could say I was a maker before it was called that. This book, while discussing pentesting, code, automation and stealth, offers the reader a great experience as he brings them into a world of hardware manipulation, discussions of power consumption, radio communication, and other really cool topics.  It truly embraces the mindset of the hacker in a cross-disciplinary way and acts like a perfect bridge for those currently in the computer hacking arena into the exciting wider world of the maker movement. I’m excited to share this experience with you, so let’s get to it.

Continue Reading

Book Review: Penetration Testing: A Hands-On Introduction to Hacking

| December 31, 2014 | 0 Comments

“Georgia, Georgia…” The tune “Georgia on My Mind” was spinning through my head when I was given the chance to review “Penetration Testing: A Hands-On Introduction to Hacking,” a book by Georgia Weidman from No Starch Press. Having watched some of her conference presentations online and knowing the work she’s put into the Smartphone Pentest Framework (SPF), I’ve been looking forward to the opportunity to dive into the book for a while now, and her enthusiasm and efforts made it a worthwhile wait.   Amazon’s book description includes the following:

“In Penetration Testing, security expert, researcher, and trainer Georgia Weidman introduces you to the core skills and techniques that every pentester needs. Using a virtual machine-based lab that includes Kali Linux and vulnerable operating systems, you’ll run through a series of practical lessons with tools like Wireshark, Nmap, and Burp Suite. As you follow along with the labs and launch attacks, you’ll experience the key stages of an actual assessment – including information gathering, finding exploitable vulnerabilities, gaining access to systems, post exploitation, and more.”

So with the new year upon us, this gives everyone the opportunity to dive into a topic whether it be for advancing your current career, jumping into a new one or simply to amaze your friends and families. Hacking news both good and bad are everywhere these days. It’s time for you to get into the game. Find out how Ms. Weidman can help.

Continue Reading

Course Review: Dark Side Ops – Custom Penetration Testing

| December 22, 2014 | 4 Comments

Silent Break Security - LogoRecently, I took the Dark Side Ops: Custom Penetration Testing course taught by Brady Bloxham of Silent Break Security at Black Hat Trainings. In their words:

Dark Side Ops: Custom Penetration Testing enables participants to “break through” to the next level by removing their dependence on 3rd-party penetration testing tools, allowing for outside-the-box thinking and custom tool development designed specifically for the target environment.

Dark Side Ops (DSO) is a course on targeted attacks, evasion, and advanced post exploitation… with a twist. The thesis of DSO is this: if you want to credibly simulate a real world attacker, you need advanced capability. You can’t do this with unmodified open source tools. This course teaches students how to build and modify advanced capabilities. Let’s take a closer look.

Continue Reading

Book Review: Ethical Hacking and Penetration Testing Guide

| September 30, 2014


When asked by CRC Press to review a recently released book, Ethical Hacking and Penetration Testing Guide by Rafay Baloch, a closer look was in order before agreeing. The book description reads, “Requiring no prior hacking experience, Ethical Hacking and Penetration Testing Guide supplies a complete introduction to the steps required to complete a penetration test, or ethical hack, from beginning to end. You will learn how to properly utilize and interpret the results of modern-day hacking tools, which are required to complete a penetration test.” A brief review of the Table of Contents and Description from Amazon piqued my interest, so I accepted the request and got to reading.

The book was written to take people with some technical but little to no ‘hacking’ background, and introduce them to tools, techniques and methodology in order to familiarize them with pentesting. As there are quite a few books on the subject, I was a bit skeptical at first, as I’m always looking for something ‘groundbreakingly new’ or with some extra insights that other books may not have. I can say, with certainty, that while this wasn’t an overhaul of other books on the market, it was well organized and contained plenty of good information for a newcomer to get started into their learning.

Continue Reading

Course Review: SANS SEC573 Python for Penetration Testers

| July 29, 2013 | 1 Comment

Course Review: SANS SEC573 Python for Penetration Testers - Python LogoPython has rapidly become a popular language for security professionals. It’s human readable with an easy syntax, has a comprehensive standard library and easily importable external libraries, is multi-platform, and is suitable for both larger programs and smaller scripts alike. Python is easy to learn for novice programmers yet robust enough for seasoned developers. What makes it such an effective tool for security professionals is the support of extensive libraries specifically designed for penetration testing. For that reason, it makes perfect sense for the SANS Institute to add SEC573 Python for Penetration Testers to their vast list of InfoSec courses.

SANS SEC573 Python for Penetration Testers” is a five-day class that teaches the basics of the Python language then builds on that knowledge to show how to utilize its specialized libraries to perform network capture and analysis, SQL injection, Metasploit integration, password guessing and much more. You also learn how to use Python to create an encoded backdoor to evade IDS and antivirus controls. This article presents an extensive day-by-day review of the in-person course taught by Mark Baggett, the author of SANS Python for Penetration Testers course and the pyWars gaming environment.

Continue Reading

Book Review: Metasploit – The Penetration Tester’s Guide

| April 25, 2012

Metasploit – The Penetration Tester's Guide Front Cover“Metasploit – The Penetration Tester’s Guide” by David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni is perhaps the most enjoyable book I have come across regarding the uses and functionality of Metasploit. There were so many concepts it refreshed me on, many functions I didn’t know existed and other functions I did not correctly understand even with my years of using Metasploit. Let’s take an in-depth look into this stellar publication by No Starch Press.

Initially I skipped through the first chapter of the book, “The Absolute Basics of Penetration Testing.” However, I went back to the chapter as I had already been in and out of reading the methodologies laid out by the Penetration Testing Execution Standard (PTES). This chapter actually made sense after the fact, since my approach was that of the technical one: Show me the meat of this book. Not everyone who uses Metasploit (and other tools like it) has a concise understanding of penetration testing, and many will assume that aiming Metasploit at an address constitutes a penetration test. The chapter is clear, summarized and offers much food for thought outside of Metasploit and into the realm of penetration testing.

 

After the break, look for a link to a free download of Chapter 8: “Exploitation Using Client-Side Attacks”

Continue Reading