lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed Nov 23 15:04:40 2005
From: wilder_jeff at msn.com (wilder_jeff Wilder)
Subject: Hacking Boot camps!

I went to a " Hacking Class".. it was put on by the infosec institute... The 
class was written and delivered by a Jack Koziol, one of the authors of The 
Shellcoder's Handbook: Discovering and Exploiting Security Holes. The class 
I took was Advanced Ethical Hacking... it was AWESOME!

It was a great class... but by no means did I get edumacated to bill myself 
as a hacker. I went at it from the perspective of .. what are tje script 
kiddies using, so I can secure my network.

ANyway... my story is this...

the night before I flew out to Washington for the week class... I bought a 
black ball cap, I thought I kinda knew what I was doing.. and thought :D its 
my own little joke. I showed up in class wearing my " Black Hat"... and at 
the 10:00 break I went back to my room and never brought it back. I came to 
realize... I was really not that good.. and really knew very little. Be 
skared... be very skared!



-Jeff Wilder
CISSP,CCE,C/EH



-----BEGIN GEEK CODE BLOCK-----
  Version: 3.1
	GIT/CM/CS/O d- s:+ a C+++ UH++ P L++ E- w-- N+++ o-- K- w O- M--
	V-- PS+ PE- Y++ PGP++ t+ 5- X-- R* tv b++ DI++ D++
	G e* h--- r- y+++*
------END GEEK CODE BLOCK------





>From: Barrie Dempster <barrie@...oot-robot.net>
>To: Valdis.Kletnieks@...edu
>CC: full-disclosure@...ts.grok.org.uk
>Subject: Re: [Full-disclosure] Hacking Boot camps!
>Date: Wed, 23 Nov 2005 09:19:23 +0000
>MIME-Version: 1.0
>Received: from lists.grok.org.uk ([195.184.125.51]) by mc9-f2.hotmail.com 
>with Microsoft SMTPSVC(6.0.3790.211); Wed, 23 Nov 2005 02:02:44 -0800
>Received: from lists.grok.org.uk (localhost [127.0.0.1])by 
>lists.grok.org.uk (Postfix) with ESMTP id CC760BAD;Wed, 23 Nov 2005 
>10:02:14 +0000 (GMT)
>Received: from reboot-robot.net (unknown [80.68.92.188])by 
>lists.grok.org.uk (Postfix) with ESMTP id D4690B60for 
><full-disclosure@...ts.grok.org.uk>;Wed, 23 Nov 2005 10:02:04 +0000 (GMT)
>Received: from reboot-robot.net ([80.68.89.187] 
>helo=localhost.localdomain)by reboot-robot.net with esmtp (Exim 4.50)id 
>1EetBc-0007aJ-G0; Wed, 23 Nov 2005 11:53:16 +0000
>X-Message-Info: JGTYoYF78jGaN2BY8SXhJWMEN2U+YSgHaU7eR/nE9vs=
>X-Original-To: full-disclosure@...ts.grok.org.uk
>Delivered-To: full-disclosure@...ts.grok.org.uk
>References: 
><42ae3eb60511221329r7ecdde64hb21a87b25c42f242@...l.gmail.com><2be58a30511222036o6a7dcef0gec82a49936ffbedf@...l.gmail.com><200511230457.jAN4vQcf017606@...ing-police.cc.vt.edu>
>X-Mailer: Evolution 2.4.1 X-BeenThere: full-disclosure@...ts.grok.org.uk
>X-Mailman-Version: 2.1.5
>Precedence: list
>List-Id: An unmoderated mailing list for the discussion of security 
>issues<full-disclosure.lists.grok.org.uk>
>List-Unsubscribe: 
><https://lists.grok.org.uk/mailman/listinfo/full-disclosure>, 
><mailto:full-disclosure-request@...ts.grok.org.uk?subject=unsubscribe>
>List-Archive: <http://lists.grok.org.uk/pipermail/full-disclosure>
>List-Post: <mailto:full-disclosure@...ts.grok.org.uk>
>List-Help: <mailto:full-disclosure-request@...ts.grok.org.uk?subject=help>
>List-Subscribe: 
><https://lists.grok.org.uk/mailman/listinfo/full-disclosure>, 
><mailto:full-disclosure-request@...ts.grok.org.uk?subject=subscribe>
>Errors-To: full-disclosure-bounces@...ts.grok.org.uk
>Return-Path: full-disclosure-bounces@...ts.grok.org.uk
>X-OriginalArrivalTime: 23 Nov 2005 10:02:45.0026 (UTC) 
>FILETIME=[0CD60820:01C5F015]
>
>On Tue, 2005-11-22 at 23:57 -0500, Valdis.Kletnieks@...edu wrote:
> > Keep in mind that 98% of systems are nailed by either automated worms or
> > people running canned stuff.  Just because it's not "real hacking" 
>doesn't
> > mean it doesn't actually work in practice.
>
>
>Quite right, the majority of security incidents dealt with by
>administrators (the guys that have a use for these courses) are the
>automated/canned/known attacks, so for people in that position an
>understanding of these attacks is extremely important for their own
>network defense. These courses usually market themselves to the guy
>looking to understand how systems are compromised. They are most useful
>for pen-testers that rely on vulnerability scanners and the sysadmin
>looking after his network.
>
>For the guys writing the exploit code and figuring out to work around
>things like ProPolice and DEP these courses won't help - no matter how
>in depth they are, because figuring these sort of details out doesn't
>require any knowledge you can be taught in a classroom, it requires
>dedication and in most cases addiction to the task.
>
>There definitely is a market and a value in these courses as they raise
>the general security awareness of network administrators. A common
>question among guys working in these sort of roles is "How do I get to
>do that cool security stuff", the sad thing is the fact that they don't
>already know the answer means they probably will never be any good, as
>the most important part of it is ingenuity and initiative as well as the
>dedication/addiction mentioned above.
>
>The common mantra used within this sort of training is "think like an
>attacker". My opinion is if you have to be taught that, you can never
>think like an attacker, because the attacker doesn't have to focus his
>thoughts he is always, automatically, looking for a way
>around/over/under/through. The guy trying to think like an attacker is
>focusing on his adversary when the real focus should be his systems,
>because that's where the attackers focus is.
>
>
>--
>With Regards..
>Barrie Dempster (zeedo) - Fortiter et Strenue
>
>"He who hingeth aboot, geteth hee-haw" Victor - Still Game
>
>blog:  http://reboot-robot.net
>sites: http://www.bsrf.org.uk - http://www.security-forums.com
>ca:    https://www.cacert.org/index.php?id=3


><< smime.p7s >>




>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ