lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: dave at (Dave Aitel)
Subject: Training & Certifications

Hash: SHA1

If you want to learn how to write exploits, Immunity is doing a
Windows Exploitation class Apr 29-30 in Manhattan. Feel free to email
me if you'd like more information...

Dave Aitel
Immunity, Inc.

Harlan Carvey wrote:

|> I'm not an authority on training as the only training I've had is
|> SANS, but I can vouch for the quality it.
| Any particular instructors?  I find it hard to believe that someone
| who is an instructor at SANS would endorse tools like inzider.  But
| I do know other instructors that are pretty darned good...Jennifer
| Kolde, for example.
|> ...when I see certain letters, I do pay closer attention.
| Which ones?
|> I'll break the ice by starting with something facetious like
|> "What is the first thing you do with a Windows box and the last
|> thing you do with a *NIX box when you have trouble?" Answer:
|> reboot.
| I agree that would be a good way to break the ice, but from a
| professional standpoint, I don't think it's a great idea.  In the
| real world, rebooting a Windows box isn't the first thing you
| should be doing.  I might be concerned that with such a question,
| that might give the candidate an improper impression of how the
| company conducts itself.
| The rest of your questions are good ones to ask, but again, for
| Robert, I really think it depends on what sorts of services the
| company plans to offer.
|> For sysadmins, I ask easier, more system specific questions, but
|> for security I ask broad, tough questions because of the
|> requirements of the field. I have only had one person so far,
|> answer all correctly.
| Keep in mind, though, that depending upon the questions, what's
| 'right' may be subjective.
| _______________________________________________ Full-Disclosure -
| We believe in it. Charter:

Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


Powered by blists - more mailing lists