Author Archives: vmtrain

April 5, 2012

Free Certified Ethical Hacker Class Giveaway

By vmtrain

Advanced Security by Academy of Computer Education is giving away one free enrollment into any one of our Award Winning Certified Ethical Hacker (CEH) training classes.

Advanced Security is the reigning, two-time EC-Council ATC of the Year of the year award winner. Their training is recognized worldwide as the leading hands-on CEH training available because of the amount of time we spend on labs and method they have to prepare students for the exam. Their instructors are internationally known and followed Subject Matter Experts who speak at conferences and are followed by many in the industry.

They are giving away a free enrollment (certification exam included) to any one of their open enrollment Certified Ethical Hacker (CEH) training classes. This free enrollment can be used during any one of their open enrollment courses for up to one year from the end of this drawing. Details are as follows:

You must either blog about, Tweet about, Facebook post about or Google+ post about this Certified Ethical Hacker course giveaway contest. In any of the mentioned forms of posting you must include a link to this page: http://www.trainace.com/courses/ceh/

If you already have the CEH or equivalent experience you may follow the same steps, but do so for the Cyber War, Advanced Penetration Testing class: http://www.trainace.com/courses/apt/

For each online activity above that you do, you will receive the following entries into the drawing:

Blog Post – 10 entries

Tweet –  3 entries

Facebook – 2 entries

Google+ – 2 entries

When complete, you must send an email with the Subject “Free CEH Class Contest”. In the email include a link where they can find each posting. Send the email to rcorey@trainace.com  They will tally all entries and randomly select a winner. The winner will be selected on 5/16/12.

Comments Off   |  tags: , , , , | posted in Uncategorized

March 9, 2012

Five Principles of Mobile Security

By vmtrain

Mobile devices offer exceptional opportunities to stay in touch with friends, access needed information and remain connected to the things that matter anywhere in the world. However, this unparalleled degree of connectivity comes with certain risks. Mobile phones and devices can be vulnerable to theft, unauthorized intrusion, viral infections and other security risks due to:

• Physical characteristics of the devices themselves
• Applications stored and used on these advanced systems
• Vulnerabilities that exist in the operating systems

The data stored and accessed by mobile devices must be properly secured and protected against these risks. Here are five basic principles mobile security. ie for securing cell phones and other mobile devices.

Maintain physical security
It may seem obvious, but one of the most important elements of keeping the data on mobile devices safe is to maintain physical possession of smartphones, iPads and other tablet computing devices at all times. Valuable data including passwords, financial information and browsing activity can be retrieved even from deactivated phones, so it is vital to keep these devices safe even after they are no longer in use.

Opt for secure mobile hardware
A number of companies are currently offering secure mobile processors. These powerful components add layers of security to the data and processing power of the mobile device and make applications like e-ticketing, e-wallets and other financial transactions practical and secure.

Update the operating system
Mobile operating systems are not always configured to update automatically to the most advanced version or to apply security patches. Manual upgrades may be the only way to ensure that the operating system is up to date and capable of providing the latest, best protection against new threats from mobile viruses and other malware.

Download selectively
Mobile applications can constitute a serious risk to the security of the device. While apps from well-known manufacturers and available through established e-commerce sites are usually safe and reliable, other apps may install malware, track activities or even steal data directly upon download and installation. Download with care to avoid these risks to mobile security.

Antivirus protection
Mobile versions of major antivirus programs can protect valuable data on tablet computers and smartphones. These software solutions can sometimes slow performance on less powerful mobile devices, however, making them less practical for older and less technically advanced tablets and mobile phones.

By incorporating these five security tactics into an overall security strategy, mobile device users can more effectively protect their valuable data against unauthorized access, theft and loss.

Comments Off   |  tags: | posted in Uncategorized

February 8, 2012

CHFI v8 Launch

By vmtrain

In case you have not heard, the CHFI v8 launch has been set for the week of 2/27/12. The launch is being limited to make the event exclusive and the companies that can offer the launch training will be providing the attendees with a bunch of extra perks (listed below).  The CHFI v8 launch is only being offered in a few places around the world and only three here in the USA.

The CHFI v4 (old version) has been somewhat outdated for some time now and this was reflected on the exam. The EC-Council invested a lot of time and money in to the new CHFI Version 8. The material has been updated, new tools have been added and the courseware (books) have been improved so that are not as bulky and they are easier to read.

CHFI v8 Launch Special Inclusions with Registration

  1. A complimentary 4 day iLab Access Pass worth 100 USD
  2. Twenty percent (20%) discount on the Mobile Forensics CAST class (valid until December 31, 2012)
  3. A complimentary “Secondpass Voucher” for those who fail their exam (valid until the end of June 2012) worth 500 USD
  4. A limited edition commemorative metal plated certificate of attendance
  5. Your name and testimonial posted on EC-Council’s CHFIv8 Website

Get information on the CHFI v8 launch.

Comments Off   |  tags: , , | posted in Uncategorized

December 23, 2011

The Current Status of the CEH and How Online Training Makes Sense

By vmtrain

In the age of the Stuxnet worm, high-level information security is of ever increasing importance. Being able to add “certified ethical hacker” to a resume has become an increasingly large selling point in the IT industry. Major IT corporations are paying large salaries to those professionals who have gone through the certified ethical hacker certification process. The reason is simple. Certified ethical hackers are able to identify weaknesses in a variety of hardware and software applications before they are unveiled for use by the public. This increased security means that IT companies can sell incredibly secure products to a market that is increasingly focused on buying products that are hacker-proof.

The idea that “hacking” could serve a legitimate purpose is a notion that confuses many who are not familiar with the intensive infrastructure of information security. However, the need for these professionals is only growing in a world that is increasingly relying on virtual forms of information storage to power ordinary life. Banks, universities, even typical workplaces increasingly rely on some form of computerized information storage. The introduction of “cloud computing” has added to the need for trained professionals who are able to keep information secure over vast, widely accessible networks. The proliferation of hand held devices such as cell phones and tablet computers has only increased the number of access points that malicious hackers can exploit in order to garner unauthorized access to private information. However, simply eliminating these additional access points is not a valid solution. Business and commerce increasingly relies on flexibility and increased access in order to thrive in a globally competitive environment. The burden for security falls upon the professionals who intimately understand how to think like a hacker without causing any real harm.

Certified ethical hackers train by learning how to “penetrate” and test different systems while they are still in their developmental stages. These ethical hackers purposefully test computer systems and networks for vulnerabilities and then report their findings to the developer team. Through this process, systems are gradually refined and strengthened to a degree that can make them anticipate and easily withstand an attack by malicious hackers.

The certified ethical hacker certification is primarily administered by the International Council of E-Commerce Consultants, commonly known as the EC-Council. Classes that enable people attain the certificate are often held in local classrooms or other accessible teaching facilities by a network of 450 affiliated training partners worldwide. In some cases, an individual can complete the required coursework through “self-study” involving work in the information security field. The individual must then submit an application to the EC-Council, although each application must be considered by the EC-Council on its own merits and does not automatically guarantee certification. However, many believe that the best way to train for the certification is to take online training. These courses provide busy professionals with the flexibility and level of detail they need to quickly attain the degree. Once a person has attained the certification, he can expect to earn a considerable amount of money and be hotly courted by headhunters and major IT security firms.

CEH online training (http://www.trainace.com/courses/ceh/) usually incorporates a live streaming component that allows those taking the courses to engage with an instructor. All of the computer forensics training can easily be accomplished online. These courses usually allow the individual to access the classes for up to a year, even though the training itself can be completed in a few short, intensive days. The online classes also have the benefit of being compatible with a variety of hand held devices. A person can opt to take the class from a smart phone or a tablet computer. The comprehensive nature of the classes ensures that the trainee will be ready to penetrate test the most advanced systems once he has completed the required coursework. By taking online classes, professionals can become a certified ethical hacker in a few short days.

Comments Off   |  tags: , , , | posted in Uncategorized

October 13, 2011

The CHFI at Hacker Halted is Soon!

By vmtrain

We have been receiving a lot of feedback from readers who have signed up for the CHFI training class at Hacker Halted and the majority of people set to go are extremely happy that they are set to do so.

Similar to the way the Certified Ethical Hacker certification has blown up to be arguably the most highly sought after certification in the IT industry, the CHFI is next in line to do so. Much of the reason the CHFI cert is going to blow up in popularity is because the people that took the CEH, now need the forensic skill set to greater protect their company or organization by being able to prosecute attackers in the appropriate manner.

The other main reason is that the industry is buzzing with the belief that the CHFI certification will be added to the DoD8570 directive. Which makes sense, because the CHFI has become the premier forensics certification in the business, so why wouldn’t it be added.

Anyways, apparently there are still a few spots left for the CHFI training class at Hacker Halted. Register by using the coupon code: HHACE

HHACE:

Register for CHFI at Hacker Halted Online Here

Comments Off   |  tags: , , , , | posted in Uncategorized

September 22, 2011

Computer Forensics Training in Miami, FL

By vmtrain

Computer forensics is a topic that hackers are paying a lot of attention to lately. Ethical hackers are signing up for computer forensics training in large numbers because the work is now dictating that it is no longer good enough to be able to exploit vulnerabilities on our website, now you must be able to accumulate the evidence in an actionable manner for a court of law.  People aren’t just relying on protecting their own network, now they want to be able to prosecute violators and attackers. If you haven’t noticed, the industry is maturing quickly.

And with that maturity is the spread of computer forensics training. The leading certification in this vertical is the CHFI by the EC-Council. In fact, the EC-Council is holding its annual Hacker Halted security conference in Miami, Florida from 10/21 – 10/27. The first four days are dedicated to training class and then then last three are the security conference, which includes an amazing list of speakers. Hacker Halted has become the leading conference to get away to and learn some new tricks. The venue is exceptional, the speakers list is top tier, the presenters / instructors are industry leading and the party that they hold is world renowned!!

To join the CHFI or any other class at Hacker Halted, use this coupon code: HHACE

and then go here: http://www.hackerhalted.com/2011/

Comments Off   |  tags: , , , , , | posted in Uncategorized

July 14, 2011

Booz Allen Hamilton Hacked – Advanced Persistent Threat Leads the Way

By vmtrain

For those readers of the Certified Ethical Hacker blog here that don’t yet know what Advanced Persistent Threat is, you are officially introduced via the recent Booz Allen Hamilton hacking. Advanced Persistent Threat is the emerging buzz-word in the hacking industry and Booz Allen Hamilton was one of the early adopters of combating and protecting clients against this concept. Ironically, it appears as though Advanced Persistent Threat was the cause for BAH’s hacking breach the other day.

Advanced Persistent Threat essentially means that an agency, typically with an espionage mission structure and in most cases a Government or mafia-like entity, targets a business or other Government unit and attempts to penetrate that unit using all hacking approaches necessary. So in other words, that stuff we learned in the CEH training class about the different security sources of compromise, application layer, network layer, social engineering etc. are all attacked with advanced methods for a consistent period of time.

Booz Allen Hamilton employee training consists of Advanced Persistent Threat techniques so that employees know where to find vulnerabilities.  The main problem is, there are hackers that are better and that are consistently progressing. If employees are trained in baseline penetration testing and then expected to harden a complex network, the malicious entity, in this case likely a (very large) country’s Government, has people with higher level training, perhaps in things like advanced exploit development or advanced wireless network hacking, and so they eventually get to their data.

High level hacking training is hard to find, only a few (ie Advanced Security) do it very well. Why? Because not many companies have the experienced minds behind their classes. The old saying, if you want to beat the hackers then you have to think like an attacker is true in this case, but the hackers may have been better trained.

Comments Off   |  tags: , , , , , | posted in Uncategorized

June 14, 2011

EC-Council Holds a Conference in the Washington DC Area

By vmtrain

The DC and Baltimore metro-area is arguably the largest concentrated region in the country for IT security professionals, hackers, penetration testers, application security specialists etc. The fact that a highly advanced and technical conference by the EC-Council is coming to the area, should have the DC cyber security scene pumped up.

EC-Council has made a commitment recently to bring highly technical and advanced training seminars and conferences to the market. The recent launch of TakeDown Con and then the existence of their Hacker Halted conference has them emerging as a leader in this space. The reviews from TakeDown Con were excellent. They are clearly doing what it takes to get some of the top experts in the field to present and teach shorter version classes at these conferences.

Many of the security conferences that are out there these days leave a true seasoned IT security professional wanting more. The lack of deeper, advanced technique training is always what keeps the pros away and seems to attract more and more newbies to them. The recent launch of the EC-Council conferences is a sigh of relief for many in the field. Being able to visit great locations for a conference and walk away with advanced skill sets, on the company dollar, is what many in our field are hoping for. Now with the CAST Summit Washington DC, many in the MD, VA and DC area should be able to easily justify this with the training budget managers. Here is the series of classes being held:

You can register through the featured reseller, Advanced Security by ACE:

CAST Summit Washington DC Registration

Comments Off   |  tags: , , , | posted in Uncategorized

June 6, 2011

EC-Council’s Take Down Con is Huge Success

By vmtrain

The reviews are in from the EC-Council’s Take Down Con in Dallas a few weeks ago. We had the chance to speak to some presenters, instructors and attendees and the feedback is unanimous. The conference was a success. The conference was created to be a technical skill set leader in the field of pentesting and hacking, and it achieved that goal.

Other conferences in the security space often carry too little high level tech presentations and instruction. They often offer blanket presentations that are more geared for beginners. The few conferences out there now that are geared for the higher level security professional are very expensive and have recently received some mixed reviews, but Take Down Con blew them all away!

The feedback was that the conference was intimate and had a level of attendees that is much higher level in skills than the norm. The EC-Council did a great job in bringing in some exceptional names and respected true professionals to offer high level classes, speeches and presentations. The high level of content at this conference lead to high level discussions and idea sharing among the attendees at night and in between events.

Overall people really seemed to benefit from and enjoy this conference a great deal. It looks like EC-Council is really beginning to emerge as a leader in the technical conference space. The next Take Down Con is listed for Las Vegas in December, 2011.

For more information, visit the Take Down Con website.

Comments Off   |  tags: , , | posted in Uncategorized

May 20, 2011

The Ethical Hacker Club – MeetUp Group

By vmtrain

Meetup.com has been serving as an excellent resource for bringing professionals together to talk shop for years. Now that the ethical hacking / penetration testing industry is as cool and popular as it is, ethical hackers are forming meetup groups to talk about ideas, exploits, techniques and the general trade.

The Ethical Hacker Club, which serves the Baltimore-Washington area is an excellent group for people looking to know more and share more about the pentesting industry. If you get a chance, join them:

Ethical Hackers Meetup Group

Comments Off | posted in Uncategorized

Follow

Get every new post delivered to your Inbox.