lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: dave at immunitysec.com (Dave Aitel)
Subject: Training & Certifications

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If you want to learn how to write exploits, Immunity is doing a
Windows Exploitation class Apr 29-30 in Manhattan. Feel free to email
me if you'd like more information...

Dave Aitel
Immunity, Inc.


Harlan Carvey wrote:

|> I'm not an authority on training as the only training I've had is
|> SANS, but I can vouch for the quality it.
|
|
| Any particular instructors?  I find it hard to believe that someone
| who is an instructor at SANS would endorse tools like inzider.  But
| I do know other instructors that are pretty darned good...Jennifer
| Kolde, for example.
|
|> ...when I see certain letters, I do pay closer attention.
|
|
| Which ones?
|
|> I'll break the ice by starting with something facetious like
|> "What is the first thing you do with a Windows box and the last
|> thing you do with a *NIX box when you have trouble?" Answer:
|> reboot.
|
|
| I agree that would be a good way to break the ice, but from a
| professional standpoint, I don't think it's a great idea.  In the
| real world, rebooting a Windows box isn't the first thing you
| should be doing.  I might be concerned that with such a question,
| that might give the candidate an improper impression of how the
| company conducts itself.
|
| The rest of your questions are good ones to ask, but again, for
| Robert, I really think it depends on what sorts of services the
| company plans to offer.
|
|> For sysadmins, I ask easier, more system specific questions, but
|> for security I ask broad, tough questions because of the
|> requirements of the field. I have only had one person so far,
|> answer all correctly.
|
|
| Keep in mind, though, that depending upon the questions, what's
| 'right' may be subjective.
|
| _______________________________________________ Full-Disclosure -
| We believe in it. Charter:
| http://lists.netsys.com/full-disclosure-charter.html


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAb087zOrqAtg8JS8RAq6hAKClY2XtVLOhIP43GxKH3M8XhZxNWQCgjbaz
mAG0+ZIP/GoxgghfhkaDC1Y=
=cXa+
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists