Ethical Hacking and Penetration Testing

Discussion on ethical hacking and penetration testing subjects.

InfoSec Institute's most popular information security and hacking training goes in-depth into the techniques used by malicious, black hat hackers with attention getting lectures and hands-on lab exercises . While these hacking skills can be used for malicious purposes, this class teaches you how to use the same hacking techniques to perform a white-hat, ethical hack, on your organization. You leave with the ability to quantitatively assess and measure threats to information assets; and discover where your organization is most vulnerable to hacking in this network security training course.

Some of the instructor-led hands-on hacking lab exercises in this security training experience:

* Capture the Flag hacking exercises every night
* Abusing DNS for host identification
* Leaking system information from Unix and Windows
* Stealthy Recon
* Unix, Windows and Cisco password cracking
* Remote buffer overflow exploit lab I - Smashing the Stack
* Remote buffer overflow exploit lab II - Integer Overflows
* Remote heap overflow exploit lab III - Beyond the Stack
* Desktop exploitation
* Remote keylogging
* Data mining authentication information from clear-text protocols
* Remote sniffing
* Breaking wireless security
* Malicious event log editing
* Transferring files through firewalls
* Hacking into Cisco routers
* Harvesting web application data
* Data retrieval with SQL Injection Hacking
* Calculating the Return on Investment (ROI) for an ethical hack

Click here to learn more about the most hands-on Ethical Hacking course ever!

Tuesday, March 14, 2006

Do you Xfocus?

I try to make it a habit to run by a number of security-related sites everyday. One thing you have to realize as an English-speaking person, is that although there is a huge amount of material out there on the internet in English (or broken English), there is an equal number of good security articles, tutorials and research in non-western languages.

One website I regularly check out is They are a pretty famous group of Chinese hackers. If you have been in security for a while, you may have seen some of their exploits posted to bugtraq over the last few years.

Take example some good posts from 2006:

Reversing Kaspersky Antivirus (english)(chinese)
A really creative way to play with saved frame pointers in stack overflows exploits (english)(chinese):
A hacklog for a when some guy rooted (english)

Here is a good one for all you web app pen-testers:

Netcat implemented in perl (perl):

Lots of other good stuff in there. Highly recommended!



Post a Comment

<< Home