I would think this has been tried before, but I just stumbled onto it when playing with Google. If you need to do a search on sites with a domain you of course enter site:domain.com, but you can change that to site:*.tld to return only results from the TLD you specified. New to me, and could be very useful when you need to search a gov or edu site.
I started the training videos for the Offensive Security 101 course. I am so pleased with the quality of the courseware. The instructor does a great job of presenting information and recommends reading material throughout the videos so that you don’t go into the next course completely blind. I have watched other training on some of these topics and the presentation just didn’t come close to what I am seeing in these sessions.
The training was $400, which includes access to a VPN, a lab environment to test what I am learning, and the certification exam. On September 1st, the prices are going up so if you are interested you might want to jump on it. If you currently have your CISSP this course will give you 40 CPE credits.
I will blog about the course more as I work through the exercises and view the remaining videos. By the way, Offensive Security is the training spin off from remote exploit, which is the company that created BackTrack.
Yesterday I made my payment for the Offensive Security 101 training. If I pass the exam I will be a Offensive Security Certified Professional. This exam has received very good reviews from a lot of experienced security professionals, one major reason being that you have to prove knowledge of the ethical hacker practices. So instead of just memorizing the nmap man page you have to actually apply the knowledge of fingerprinting, scanning, and other tasks required during a pen test. After I receive this certification I will study for my CEH (Certified Ethical Hacker) certification and work on picking up some contracts that will let me apply that knowledge. Ultimately I would like to get my CISSP and work as a penetration tester, but I do realize that after taking this training I may not like the whole world of security, so my plans could change.
The first big of news I heard was about a blind man who was arrested for driving a car. What makes it absolutely hilarious is that he was drunk and he had 3 friends in the car who were also drunk giving him directions. Picturing that scene I almost drove off the road laughing.
The second story is about a woman who bought a crack rock and after smoking part of it she realized it was fake. Outraged she calls the cops to help her get a refund. How can any crack that makes you call the cops be fake? haha
I have been posting various questions on the Security Focus Penetration Testing mailing list to get some assistance in working towards doing penetration testing. I have been quite impressed with the social skills of the members. What I mean by that is that a lot of times if you go on IRC or another chat channel people are more worried about keeping a old image of “I’m l33t, no time for you” that they are very rude if you ask a stupid question or about something you just didn’t think about or didn’t know about.
An example of this is a blog post I just realized I never published about my experience in a Solaris channel on IRC. I had never installed Solaris before and one dialog asked about DNS, NIS, NIS+ and a few more things. Well I was not familiar with NIS and I thought they might be asking about services so I simply asked if they were asking about setting up services or using someone elses services. In other words if I select DNS will I be setting up the name servers I will be accessing or configuring services on that machine. Well someone jumped in and questioned if I even knew what DNS was and then asked me if I setup DNS servers when I install Windows. Looking at the question after I asked it, maybe it was a little dumb considering everything, but I was new to Solaris and asked a simple question, I didn’t need to be treated like an idiot. I will probably touch on that in another post.
When I used to frequent IRC back in the day that was a common way of treating people, RTFM here and RTFM there. I get annoyed with helping people sometimes, but I wouldn’t know what I know today if some people hadn’t helped me along the way with understanding one thing or another. Sometimes it can be one small thing keeping someone from great things. I remember when I first used any dynamic web language, it was early in 2002 and I just didn’t understand how the backend worked. It was a temporary block, my supervisor spent 10 minutes explaining a couple things to me and 2 weeks later I wrote a functional shopping cart. Of course it wasn’t Amazon.com, but I just needed to be shown that one little thing in person, a hands on example and I shot out of the gate.
If you are hanging out in a channel on IRC or a chat room somewhere you may see a lot of people asking the same question so you might get annoyed more often than someone else, but you should separate yourself from the channel for a little bit if that is happening not take it out on the person needing help. I occasionally get mad at people asking for my help, but the difference is that in a lot of cases the question can easily be found, they are asking a question that is way over their head and want the answer anyway making me explain the birds and the bees of the technology, or I have explained it 5 times and they don’t listen.
There are other communities I belong to on the internet such as Hard Forums, but I don’t frequent any of them very often because the response to questions is limited or non-existent. Most of my questions get answered on [H], which is why I go there. The people on Security Focus are polite and give you real responses, not some two word answer that should be a couple paragraphs. I go by my real name on SF and most replies say hello and give good responses to my questions.
Even instant messaging has gone to shit. Someone told me they think of ICQ, AIM, etc as more of a message leaving than anything else. Well that’s what email is for, instant messaging is just that instant messaging. I am also noticing a lack of politeness more and more in online chat. People I talk with will send me a message asking me a question, which they should know is going to require a question from me to answer their question, but instead of sticking around they disappear for 3 hours. During that 3 hours, they aren’t idle either. That wouldn’t fly in real life, if someone did that to me in person I would leave. BRB is something else abused, one of my good friends got bad about it but he say brb and come back 5 hours later. Different abbreviations and phrases were created for a reason and should be used accordingly. I have said brb before and not known I would really be gone for a few hours, but it was very rare that would happen. Too many people are just plain rude.
