I'm a few days into the course now and have been enjoying the material immensely. It's been challenging to carve out time each day to devote to the course material between work and life but so far I've managed to spend a bit of time each evening.
I've also had a chance to explore more of the maltego transforms and it's really amazing to see how much functionality has been integrated into a single tool. There are many tranforms included within maltego that can be replicated through other means but having access to these transforms within a single tool along with the ability to find connections between the information that you can gather is pretty amazing.
Within the course material I have finished the review of basic windows buffer overflow techniques and was impressed with the layout of the material. I have previous covered this topic before but the combination of the lab guide along with the course video really helped me better understand the topic.
Looking forward to putting some of this knowledge to use within the offsec training lab in a little while.
Thursday, June 24, 2010
Tuesday, June 22, 2010
Dell Latitude
I've been having a lot of trouble with unplugging my laptop and then completely losing the network interface. This resulted in having to uninstall/reinstall the driver as a fix but after tracking down the comments in the following blogpost found here it looks like it's a quickset application that is the culprit.
Sunday, June 20, 2010
Pentesting with Backtrack
This is day one of my online Pentesting with Backtrack course put on by offensive-security. I must admit that I was a little skeptical of an online course that covers how to use a pentesting distro that comes with a well laid out GUI environment as I was fearful that it would end up being a point and click type of course but nothing could be further from the truth.
Today I have been going through the introduction and working through some basic recon type work and have learned a few tricks that will definitely come in handy later in the course.
I will attempt to keep track of my progress here so I can review it from time to time and it should also help motivate me to keep “trying harder“
Today I have been going through the introduction and working through some basic recon type work and have learned a few tricks that will definitely come in handy later in the course.
I will attempt to keep track of my progress here so I can review it from time to time and it should also help motivate me to keep “trying harder“
Infosec Mentors and Security bsides
I heard an interview with Marisa Fagan during one of the Eurotrash podcast and was interested in learning more about the Infosec Mentor program. I'm not claiming to be an expert in any field but I do remember what it was like many years ago being thrust into the IT Security field straight out of school and think there's tremendous value in programs such as this.
I gave it a bit of thought and offered to act as a mentor and after filling in a quick survey am waiting to hear back. I have heard that there are currently more mentees than mentors so if you are interested in volunteering please consider offering a bit of your time. From past experience, I find that I also benefit from these experiences as there is nothing like fielding questions to really keep you on your toes.
There's a planned meet up coming up in conjunction with the Security bsidesLV which is another awesome event. As I cannot offer much in the way of a technical talk at this point, I figured I could help out by offering to take a few security shifts during the event.
I gave it a bit of thought and offered to act as a mentor and after filling in a quick survey am waiting to hear back. I have heard that there are currently more mentees than mentors so if you are interested in volunteering please consider offering a bit of your time. From past experience, I find that I also benefit from these experiences as there is nothing like fielding questions to really keep you on your toes.
There's a planned meet up coming up in conjunction with the Security bsidesLV which is another awesome event. As I cannot offer much in the way of a technical talk at this point, I figured I could help out by offering to take a few security shifts during the event.
Information Sources
Everyone's journey will be different but I think a lot of us end up with the same primary sources of information in the end. I recently moved out of the city and into a small town that has resulted in a commuting time of about an hour each way. In an effort to fill in this time with an activity slightly more productive than listening to a radio morning show I set off to find podcasts on IT Security related topics.
I quickly found a few podcasts, Risky Business was first, and learned of others as a result of cross promotion. After a few podcasts mentioned iTunes, I jumped into the iTunes store and discovered a tremendous number of related podcasts. Depending on your field and interest there are a number of podcasts that are worth checking out. The podcasts I've been listening to so far include, Risky Business, Exotic Liability, Network Security Podcast, Eurotrash Security Podcast, Southern Fried Security. A word of warning, not all of these should be considered safe for work but personally I find them all informative and entertaining. My suggestion would be to grab iTunes and listen to a few of each and decide for yourself. I have several others sitting in my iTunes library that I will eventually get to as well.
I've also caved and joined Twitter as @ejreid_ it seems like Twitter has emerged in the security industry as an important tool to keep track of recent events and happenings. My approach to Twitter has been to start following a few people and gradually grow the chain of people that I follow based upon the retweeted names that keep popping up.
I am also planning track a few security blogs and will do similar for them.
I quickly found a few podcasts, Risky Business was first, and learned of others as a result of cross promotion. After a few podcasts mentioned iTunes, I jumped into the iTunes store and discovered a tremendous number of related podcasts. Depending on your field and interest there are a number of podcasts that are worth checking out. The podcasts I've been listening to so far include, Risky Business, Exotic Liability, Network Security Podcast, Eurotrash Security Podcast, Southern Fried Security. A word of warning, not all of these should be considered safe for work but personally I find them all informative and entertaining. My suggestion would be to grab iTunes and listen to a few of each and decide for yourself. I have several others sitting in my iTunes library that I will eventually get to as well.
I've also caved and joined Twitter as @ejreid_ it seems like Twitter has emerged in the security industry as an important tool to keep track of recent events and happenings. My approach to Twitter has been to start following a few people and gradually grow the chain of people that I follow based upon the retweeted names that keep popping up.
I am also planning track a few security blogs and will do similar for them.
Technical Revival
I'm starting this blog as a place to keep notes on things that I find interesting. I've spent the last few years of my career performing risk assessments, reviewing and writing various pieces of documentation and generally watching my technical skills stagnate.
I'm making an attempt to get back up to speed in a few areas that I'll blog about later. As I conduct research I've found myself jotting down notes on paper or in a notepad document that I will probably lose so moving to the an online forum will help consolidate the tiny bits of knowledge that I do manage to acquire.
Sympathies to anyone else that ends up reading this...
I'm making an attempt to get back up to speed in a few areas that I'll blog about later. As I conduct research I've found myself jotting down notes on paper or in a notepad document that I will probably lose so moving to the an online forum will help consolidate the tiny bits of knowledge that I do manage to acquire.
Sympathies to anyone else that ends up reading this...
Subscribe to:
Posts (Atom)