Your organization will get compromised! The convenience and ease-of-use that your employees and customers demand will expose your network to a plethora of compromises. As much as security paranoids, like myself, would like to completely lockdown our networks to prevent this, it is not practical. The next best thing is to do everything in one’s power to minimize the number of incidents and recognize that, despite your best efforts, compromises will most likely happen. A well thought out plan and response is essential for an organization to minimize, contain, eradicate and recover from the damage a malware incident can cause. Lenny Zeltser's SANS Security 569: Combating Malware in the Enterprise is an excellent course to help you devise a robust malware incident response plan. It is a 2-day, in-depth course that extensively covers malware. For Lenny's full course, please read the review for FOR610 right here on EH-Net.
I went into this class having what I thought was an intermediate knowledge of the subject. I was very familiar with some of the topics and knew virtually nothing on others. No matter your knowledge of the subject matter, you will pick up a great deal from this class and definitely won’t feel “out of your league.” The review that follows discusses the course content at a high level and how this content pertained to me and my organization.
Read on...I was recently at a conference with a friend of mine who was visiting Vegas for a hypnosis conference, and I was explaining to him the biggest problem with most social engineering "experts." And, of course, because I had been talking to him about amnesia, I promptly forgot about it.
I was reminded of it when I was reading something that another social engineering expert wrote that linked hypnotic phenomena to the act of social engineering. So, I'll share the same caveat with all of you: if someone tells you that hypnosis has anything to do with social engineering, they're a charlatan and you need to be VERY careful believing anything that they're saying.
This is said, of course, as someone who is formally trained in hypnosis and has spent a lot of years studying it as part of my training to become good at social engineering. But, in the same way that being a great coder doesn't make you a great penetration tester (and vice versa), being a great hypnotist doesn't make you a great social engineer (and vice versa).
Let me explain.
Read on...
Thanks to The Ethical Hacker Network (EH-Net) I received the November 2010 Giveaway of a free seat in InfoSec Institute’s Ethical Hacking Course. I had read and heard positive feedback about InfoSec Institute and their courses, so I was already interested to see if their reputation holds up. The course teaches the fundamentals of penetration testing and prepares students for both EC-Council’s Certified Ethical Hacker (CEH) and IACRB’s Certified Penetration Tester (CPT) certifications. Besides their basic ethical hacking course, InfoSec Institute also offers two more courses focused on penetration testing, targeting a more experienced audience, as well as two courses towards reverse code engineering (all with regards to their pentesting track).
InfoSec Institute describes their Ethical Hacking Course as follow: “Our most popular information security and hacking training goes in-depth into the techniques used by malicious, black hat hackers with attention getting lectures and hands-on lab exercises. While these hacking skills can be used for malicious purposes, this class teaches you how to use the same hacking techniques to perform a white-hat, ethical hack, on your organization. You leave with the ability to quantitatively assess and measure threats to information assets; and discover where your organization is most vulnerable to hacking in this network security training course.”
If you are in the same situation as me, and wouldn’t be able to sit for the live training in person, InfoSec Institute offer some of their courses in an online format, which is basically a recorded class from the live version, split into a couple of modules.
So let’s take a closer look at the online version of InfoSec Institute’s Ethical Hacking Course and IACRB’s Certified Penetration Tester certification.
Read on... Stay Tuned:
- Book Review by Jason Haddix: BackTrack 4: Assuring Security by Penetration Testing- Course Review: Hacking Dojo - Shodan
- Oracle Web Hacking Part II by Chris Gates
- Course Review: eLearnSecurity Student
- More Course & Book Reviews
Giveaway Corner
Win Ticket to Black Hat USA = $2095!!
Every year, we seem to have to rush to make arrangements for the winner of the annual Black Hat USA ticket. So why not get an extra jump on things this time around by starting in May? As we have for the past several years, we are once again giving away one Conference pass for the BlackHat Briefings (Aug 3 - 4) worth at least $2095. This year's event is described as, "TheBlack Hat Briefings have become the biggest and the most important security conference series in the world by remaining true to our core value: serving the information security community by delivering timely, actionable security information in a friendly, vendor-neutral environment." Or in plain words, it isTHE event of the year for security professionals. With smart attendees, numerous sponsored parties, networking events, top training, expert presentations and DefCon starting the very next day, you'll have an unforgettable experience.The event takes place in its normal location, Caesars Palace in Las Vegas, NV, with training from July 30 - August 2 followed by the Briefings on August 3 - August 4. Good luck to all EH-Net Members, and we'll see you all in Vegas Baby!!
April Winner!
OK... so you've seen the great videos by Ryan Linn, thewebcast by James "Egyp7" Lee and the numerous forum discussions. April was the time for someone to get their very own copy of Metasploit Express that includes the full license & support for 1 year. And for your viewing pleasure, be sure to check our Metasploit's newly redesigned website. For those not in the know or unfamiliar with the Express Edition:
OK... so you've seen the great videos by Ryan Linn, thewebcast by James "Egyp7" Lee and the numerous forum discussions. April was the time for someone to get their very own copy of Metasploit Express that includes the full license & support for 1 year. And for your viewing pleasure, be sure to check our Metasploit's newly redesigned website. For those not in the know or unfamiliar with the Express Edition:Metasploit Express builds on the power of the Metasploit Framework, the gold standard for penetration testing with more than one million unique downloads in the past year and the largest public database of quality assured exploits. Unlike the Metasploit Framework, which offers only a command-line interface, Metasploit Express provides an easy-to-use graphical user interface that guides the user through the steps of discovery, gaining access, taking control, and collecting evidence. In addition to the features available in the Metasploit Framework, Metasploit Express automates many common penetration testing tasks and provides the ability to launch advanced attacks without the need to develop custom scripts. Individuals whose role does not permit them to conduct penetration tests can still verify exploitability with a dry run that only shows the exploit information but does not execute the exploits.
All someone had to do was participate on EH-Net. And that deserving EH-Net member this time around is Jamie.R. Congrats and keep up the good work. Even if you didn't win this month, keep it up. Not only will there be more prizes each and every month, but also your participation is helping many people in the global security community. For that, all EH-Netters deserve a huge thanks.
Upcoming Events
NSA Extreme Cyber Conference June 1
AthCon 2011 June 2 - 3
BSidesDetroit 2011 June 3 - 4
Techno Security Conference 2011 June 5 - 8
OWASP AppSec Europe 2011 June 6 - 10
BSidesStJohns 2011 June 10
BSidesPittsburgh 2011 June 10
BSidesCT 2011 June 11
FIRST 2011 June 12 - 17
SC Congress Canada 2011 June 14 - 15
SOURCE Seattle 2011 June 15 - 16
Hack In Paris 2011 June 16 - 17
BSidesVienna 2011 June 18
* Add your event to EH-Net's Global Calendar: events(at)ethicalhacker(.)net
AthCon 2011 June 2 - 3
BSidesDetroit 2011 June 3 - 4
Techno Security Conference 2011 June 5 - 8
OWASP AppSec Europe 2011 June 6 - 10
BSidesStJohns 2011 June 10
BSidesPittsburgh 2011 June 10
BSidesCT 2011 June 11
FIRST 2011 June 12 - 17
SC Congress Canada 2011 June 14 - 15
SOURCE Seattle 2011 June 15 - 16
Hack In Paris 2011 June 16 - 17
BSidesVienna 2011 June 18
* Add your event to EH-Net's Global Calendar: events(at)ethicalhacker(.)net
No comments:
Post a Comment