Archive for category Training
Review: eLearnSecurity’s Penetration Testing Pro
My original review appeared over at http://www.ethicalhacker.net/content/view/307/24/
eLearnSecurity’s Penetration Testing Pro - What CEH Should Have Been
Recently the web has been abuzz with pentest training options. The CEH received new life as it was added to DoD Directive 8570 as well as revamped its courseware in version 6.0, Offensive Security rolled out their version 3.0 of “Pentesting With BackTrack,” and it seems like new training options are coming out almost every day in the field. That being said, I have been lucky enough to receive an advanced copy of the flagship course by eLearnSecurity, Penetration Testing Pro (PTP).
PTP is a three section presentation and video course authored by Armando Romeo (admin of hackerscenter.com), Brett D. Arion, Nitin Kumar, and Vipin Kumar. It has an optional certification component called the Certified Professional Penetration Tester or eCPPT for short. The target audience for the course is security engineers or penetration testers in the 0-3 year experience range. The course divides penetration testing into three categories: System Security, Network Security, and Web Application Security. Let’s take a look at each.
More and More Webapp Labs!
So… Since the writing of our webapp lab article a lot of people have gotten together similar projects. We like ours but we wouldn’t be objective if we didn’t report on some other options.
The big news is the OWASP Broken Web Applications Project. This Project is a nice *tidy* little VM you can spin up to train yourself in web-app pentesting ninja-ry.
The owaspbwa project includes applications from various sources (listed in no particular order).
Intentionally Vulnerable Applications:
- OWASP WebGoat version 5.3-SNAPSHOT (Java)
- OWASP Vicnum version 1.3 (Perl)
- Mutillidae version 1.3 (PHP)
- Damn Vulnerable Web Application version 1.06 (PHP)
- OWASP CSRFGuard Test Application version 2.2 (Java)
- Mandiant Struts Forms (Java/Struts)
- Simple ASP.NET Forms (ASP.NET/C#)
- Simple Form with DOM Cross Site Scripting (HTML/JavaScript)
And old Versions of Real Applications:
- WordPress 2.0.0 (PHP, released December 31, 2005, downloaded from www.oldapps.com)
- phpBB 2.0.0 (PHP, released April 4, 2002, downloaded from www.oldapps.com)
- Yazd version 1.0 (Java, released February 20, 2002)
Web Security Dojo , the second project, is actually very similar. It features not only targets, but tools to test against the targets. All in a VM for easy deployment.
- OWASP’s WebGoat v5.2
- Damn Vulnerable Web App v1.0.6
- Hacme Casino v1.0
- OWASP InsecureWebApp v1.0
- simple training targets by Maven Security (including REST and JSON)
- Burp Suite (free version) v1.3
- w3af cvs version
- OWASP Skavengerv0.6.2a
- OWASP Dirbuster v1.0 RC1
- Paros v3.2.13
- Webscarab v20070504-1631
- Ratproxy v1.57-beta
- sqlmap v0.7
- helpful Firefox add-ons
Both further the goal of raising awareness of web app flaws and breeding well trained security ninjas… we approve =)
Security Updates via Twitter
Posted by Jhaddix in Training, Uncategorized on June 20th, 2009
The Twitterverse offers all kinds of gems for offensive security, so i whipped up a short guide on how to leverage twitter to stay current. Check that out.
Also some very cool stuff has come up:
First up: Bactrack 4 pre final was released by Muts and the offensive security team. Download from:
http://www.remote-exploit.org/backtrack_download.html
Secondly: Chris Eng has good video on Crypto for Pentesters for OWASP
Thirdly: A new attack environment based on the OWASP top 10 vulnerabilities was released and demoed by none other that Adrian Crenshaw (Irongeek) and its a nice alternative to Webgoat. Check out the Mutillidae presentation.
Fourth: You remember that Penetration Testing and Vulnerability Analysis class I was raving about by Dan Guido? Well he has released all the course materials online finally. GO check that out, there is awesome material there.
http://pentest.cryptocity.net/
Fifth (and definitely hot) is the slides from the SANS Pentest Summit, closing thoughts, and Ed Skoudis’ tweets about the conference. Thanks to Ed and SANS, you guys rock.
Lastly, Rsnake released a wicked DoS tool called Slowloris for apache (who runs apache anyways, right?) and Muts posted some breakdowns on exploiting itunes…
Good stuff!
SecurityCBT Award Assesments have begun!
Posted by Jhaddix in Training, cbt awards, certs on October 15th, 2008
So after a long paternity leave, I have sent out feelers for the CBT awards. The vendors as it stands are:
Mile2/Career Academy, SANS Institute, Offensive Security, Specialized Solutions/QuickCert,
Infosec Institute, VTC, Learnkey, Testout, Boson, Security Innovation, CBTnuggets.
if anyone has another CBT vendor that matches the awards leave a comment and I will add them =) Additionally if you have suggestions on the criteria or certs, I’m more than willing to revamp these.
Awards:
1st , 2nd, 3rd – Best in class for Begging Ethical Hacking/ Intro to Pentesting
1st, 2nd, 3rd -Best in class for Advanced Ethical Hacking and Pentesting
1 winner each – Best in class for specific Certs – Security+, CEH/ECSA/LTP/CNDA, CISSP, GIAC certs, SSCP, SCNS/SCNP/SCNA, CISA, CERT GSIH, OSPA/OPST
Wireless Shootout: CWSP vs OSWP
Honorable Mention
Security Aegis Kick Ass Award
Criteria:
1) Engaging
2) Who has the qualifications
3) Value
4) Who shows up on your resume the best
5) Who prepared you for the related Cert the best
6) Who has the best customer support
7) Best demo policy
Certified Ethical Hacker Version 6
Posted by Jhaddix in CEH, CEHV6, Certified Ethical Hacker, Training on October 1st, 2008
The CEH cert has been the one of the most controversial certs to real world pentesters. A few years ago, it was the only cert of its kind, and having it was an asset. Fast forward to today and many think it is just a glorified tool review taught by people with no real world pentest experience.
My opinion has teetered back and forth on this. For an entry level job in infosec I think the CEH does the same thing as the A+/N+/S+, presumably lets an employer know that you have the equivalent of 6 months of on the job experience as a security engineer.
Regardless, that is not what this post is about:
Recently at a EC-Counsel Summit the instructor slides leaked for the much revamped version 6 of the CEH. I don’t condone downloading pirated stuff but looking at the topics makes me a little more confident in the course.
In doing research for the CBT awards, I talked to a quickcert.com rep named Wade, who said only a handful of trainers are teaching the new version. Quickcert being one of them. I was also directed to an interview on ethicalhacker.net with Haja Mohideen who thought the first class on v6:
http://www.ethicalhacker.net/content/view/190/24/
The slides were first posted on www.arabhardware.net (http://tinyurl.com/4n4pzf) and ended up at http://tinyurl.com/45q5yg
v6 offers a substantial re-haul of the curriculum. Impressive in my opinion.
A good anti-CEH argument is made with retorts from someone who knows the program and layout well here, its a good read i recommend it.