One of the most unfortunate things I see in the ever expanding field of security is penetration testers who solely rely on exploits in the Metasploit trunk or exploitdb and have no knowledge of fuzzing or exploitation past the high level concepts. This is myself included, I am far from a professional exploit dev. The [...]
My original review appeared over at http://www.ethicalhacker.net/content/view/307/24/ eLearnSecurity’s Penetration Testing Pro - What CEH Should Have Been Recently the web has been abuzz with pentest training options. The CEH received new life as it was added to DoD Directive 8570 as well as revamped its courseware in version 6.0, Offensive Security rolled out [...]
So… Since the writing of our webapp lab article a lot of people have gotten together similar projects. We like ours but we wouldn’t be objective if we didn’t report on some other options. The big news is the OWASP Broken Web Applications Project. This Project is a nice *tidy* little VM you can spin [...]
The Twitterverse offers all kinds of gems for offensive security, so i whipped up a short guide on how to leverage twitter to stay current. Check that out. Also some very cool stuff has come up: First up: Bactrack 4 pre final was released by Muts and the offensive security team. Download from: http://www.remote-exploit.org/backtrack_download.html Secondly: [...]
So after a long paternity leave, I have sent out feelers for the CBT awards. The vendors as it stands are: Mile2/Career Academy, SANS Institute, Offensive Security, Specialized Solutions/QuickCert,Infosec Institute, VTC, Learnkey, Testout, Boson, Security Innovation, CBTnuggets. if anyone has another CBT vendor that matches the awards leave a comment and I will add them [...]
The CEH cert has been the one of the most controversial certs to real world pentesters. A few years ago, it was the only cert of its kind, and having it was an asset. Fast forward to today and many think it is just a glorified tool review taught by people with no real world [...]