Tag Archives: hacking

May 22, 2012

Free Mobile Hacking Webinar – A Must Have!

By vmtrain

We just came across this webinar coming up by our good friends at Advanced Security by TrainACE. They are offering a free webinar on must-know fundamentals to mobile hacking (Register Here). Advanced Security’s lead instructor, Joe McCray (http://strategicsec.com) will be the presenter. Joe is a top expert and is known internationally as not only being a pen testing ninja, but he’s a well known funny guy too. This should be a great webinar.

Mobile hacking is something we have discussed on this blog before, but it is as important as any other emerging area for security professionals / hackers. If you have not yet spent time sharpening your mobile penetration testing skills, do so now. Mobile apps are still relatively easy to hack and in this webinar Joe will show you several skill sets that you can employ right away.

The webinar will be held from 1pm-2pm this Thursday (5/24). Register Here.

Comments Off   |  tags: , , , | posted in Uncategorized

April 25, 2012

What Training Comes Next After The Certified Ethical Hacker – How to Advanced Your Career as a Penetration Tester

By vmtrain

Ethical hackers attempt to compromise computer systems or networks at the request of the system or network owner. By using the same methodology and resources available to criminal hackers, ethical hackers help to identify security vulnerabilities that could be exploited. These weaknesses can then be addressed by programmers or others that are assigned to work on that particular vulnerable hardware or software.

An attempt to circumvent system security and compromise a computer system is commonly known as a penetration test. It is a realistic simulation of a malicious computer attack and can be launched from external sources or from a compromised internal source. Ideally, networks and computer systems should be equally secure from both sources. In reality, they often are not.

The International Council of E-Commerce Consultants, which is known in the IT industry as the EC-Council, offers training and professional certification in ethical hacking. Certified Ethical Hackers must attend an accredited training center or combine at least two years of information security work with an approved self-study program. The CEHv8 test consists of 150 multiple-choice questions that must be completed within a 4-hour period with a minimum score of 70 percent. The test costs approximately $500, and a $100 eligibility fee is also required.

After CEH certification, IT security professions seek more advanced Certified Security Analyst/Licensed Penetration Tester credentials. The ECSA/LPT certification (http://www.trainace.com/courses/lpt/) covers advanced information security techniques and is also provided by the EC-Council. ECSA/LPTs focus on the analysis of penetration test outcomes and create risk mitigation measures to protect IT infrastructure. The course emphasizes best practices from experts in many areas of IT security.

The third tier of certification in the ethical hacking credentialing hierarchy is the Cyber War / Advanced Penetration Testing training. This certification, which is offered through Advanced Security by Academy of Computer Education, instructs IT security professionals in advanced, persistent threat tactics for penetration testing of high-security systems and networks. Advanced Security by Academy of Computer Education is a preferred training provider for the U.S. military, DHS, the FBI and other government agencies for this reason.

The course lasts for five days and focuses on the penetration of highly secured data environments. Patched and hardened versions of Vista, Windows 7, Windows Server 2008, and up-to-date Linux servers are used as course targets. The course covers both host-based and network intrusion detection systems and intrusion prevention systems.

In this industry leading advanced hacking training class, students first learn to deal with load balancing, network IDS/IPS, and deep packet inspection while attempting penetration from outside a network. The course then progresses to penetration of web-based applications with typical security measures in place.

The third step in the class is the study of LAN-based attacks, the penetration of locked down workstations, and a study of methods of dealing with host-based IDS/IPS as opposed to networked systems. The final phase of the advanced pen testing class deals with controlling active directories.

Criminal hackers are constantly sharing new ideas and penetration techniques. Many of their approaches can be quite sophisticated. IT security professionals often hear about these approaches only after it is too late to prevent intrusion. CEH, ESCA/LPT, and Cyber War are designed to ensure exposure to cutting-edge penetration and exploitation methodologies, and the courses cover hands-on hacking techniques that simply aren’t taught in routine educational settings. By teaching security professionals to think like hackers, these classes enable IT personnel to anticipate advances that hackers have not yet made.

Comments Off   |  tags: , , , , , , , , , , , | posted in Uncategorized

October 13, 2011

The CHFI at Hacker Halted is Soon!

By vmtrain

We have been receiving a lot of feedback from readers who have signed up for the CHFI training class at Hacker Halted and the majority of people set to go are extremely happy that they are set to do so.

Similar to the way the Certified Ethical Hacker certification has blown up to be arguably the most highly sought after certification in the IT industry, the CHFI is next in line to do so. Much of the reason the CHFI cert is going to blow up in popularity is because the people that took the CEH, now need the forensic skill set to greater protect their company or organization by being able to prosecute attackers in the appropriate manner.

The other main reason is that the industry is buzzing with the belief that the CHFI certification will be added to the DoD8570 directive. Which makes sense, because the CHFI has become the premier forensics certification in the business, so why wouldn’t it be added.

Anyways, apparently there are still a few spots left for the CHFI training class at Hacker Halted. Register by using the coupon code: HHACE

HHACE:

Register for CHFI at Hacker Halted Online Here

Comments Off   |  tags: , , , , | posted in Uncategorized

September 22, 2011

Computer Forensics Training in Miami, FL

By vmtrain

Computer forensics is a topic that hackers are paying a lot of attention to lately. Ethical hackers are signing up for computer forensics training in large numbers because the work is now dictating that it is no longer good enough to be able to exploit vulnerabilities on our website, now you must be able to accumulate the evidence in an actionable manner for a court of law.  People aren’t just relying on protecting their own network, now they want to be able to prosecute violators and attackers. If you haven’t noticed, the industry is maturing quickly.

And with that maturity is the spread of computer forensics training. The leading certification in this vertical is the CHFI by the EC-Council. In fact, the EC-Council is holding its annual Hacker Halted security conference in Miami, Florida from 10/21 – 10/27. The first four days are dedicated to training class and then then last three are the security conference, which includes an amazing list of speakers. Hacker Halted has become the leading conference to get away to and learn some new tricks. The venue is exceptional, the speakers list is top tier, the presenters / instructors are industry leading and the party that they hold is world renowned!!

To join the CHFI or any other class at Hacker Halted, use this coupon code: HHACE

and then go here: http://www.hackerhalted.com/2011/

Comments Off   |  tags: , , , , , | posted in Uncategorized

July 14, 2011

Booz Allen Hamilton Hacked – Advanced Persistent Threat Leads the Way

By vmtrain

For those readers of the Certified Ethical Hacker blog here that don’t yet know what Advanced Persistent Threat is, you are officially introduced via the recent Booz Allen Hamilton hacking. Advanced Persistent Threat is the emerging buzz-word in the hacking industry and Booz Allen Hamilton was one of the early adopters of combating and protecting clients against this concept. Ironically, it appears as though Advanced Persistent Threat was the cause for BAH’s hacking breach the other day.

Advanced Persistent Threat essentially means that an agency, typically with an espionage mission structure and in most cases a Government or mafia-like entity, targets a business or other Government unit and attempts to penetrate that unit using all hacking approaches necessary. So in other words, that stuff we learned in the CEH training class about the different security sources of compromise, application layer, network layer, social engineering etc. are all attacked with advanced methods for a consistent period of time.

Booz Allen Hamilton employee training consists of Advanced Persistent Threat techniques so that employees know where to find vulnerabilities.  The main problem is, there are hackers that are better and that are consistently progressing. If employees are trained in baseline penetration testing and then expected to harden a complex network, the malicious entity, in this case likely a (very large) country’s Government, has people with higher level training, perhaps in things like advanced exploit development or advanced wireless network hacking, and so they eventually get to their data.

High level hacking training is hard to find, only a few (ie Advanced Security) do it very well. Why? Because not many companies have the experienced minds behind their classes. The old saying, if you want to beat the hackers then you have to think like an attacker is true in this case, but the hackers may have been better trained.

Comments Off   |  tags: , , , , , | posted in Uncategorized

May 18, 2010

DoD 8570 Directive and the Certified Ethical Hacker

By vmtrain

A further testament to two main trends arose recently when the DoD 8570 directive had Certified Ethical Hacker added to its list of certifications that prove worthiness to work in a certain capacity that serves the DoD community. Those statements were:

1) The Certified Ethical Hacker is, without argument, the hottest certification out right now.
and
2) Hacking / Pentesting is the future of IT security / information assurance workers.

Delving more into item #1, the CEH is the most highly sought after cert in the business. The searches per month on google (use the keyword tool) will prove that to you if you need subjective information about that. The certification has been done the right way entirely, from top to bottom, by the EC-Council management. Marketing, content etc.

As for the second topic, hacking and pentesting has become the main training priority of information assurance workers. Not only are people going in large numbers to learn the concepts or the Certified Ethical Hacker, but now, more than ever before, employees are being trained on advanced defense tactics (ie from the ECSA / LPT) and advanced hacking concepts like the Advanced Penetration Tester (APT) certification. Sorry CISSP, but your days of being at the top are so limited its not even funny. Theoretical / conceptual information assurance practitioners are taking a back seat to people who can break into a network from a major corporation that has a huge annual security budget and spends millions on their firewall and security software. Because I would trust my network to that guy (again see APT).

Certified Ethical Hacker Training Information

Get more information on this course!

Comments Off   |  tags: , , , , , | posted in Uncategorized

Follow

Get every new post delivered to your Inbox.