17 August 2007
I signed up for the Offensive Security 101 training back at the beginning of May, and I actually got around to going though the course material towards the middle of July. At a first glance, I really wasn't too sure what to make of it, as reading through the index of the training, I was thinking that I know most of the coursework, and maybe I had just wasted some of my bosses budget. To be honest I kind of felt this was even while I was going through the training, kinda that something was missing. Ok, so I have been in this industry for probably about 10 or so years now, and with that comes experience, but still, I enjoy learning something new. The one thing that I would say about this course though is that if you just go through the course slides and the PDF, and leave it at that, not only will you not be ready for the certification challenge if you want to try it, but there's a good chance that you won't make it. The course is a brilliant overview into the tools of penetration testing, and how to use them, but you've really got to do quite a bit of work outside of the course ware to get real benefit from it. Which really is understandable, this is a security course, not a learn Python, Perl, C++, Networking, Windows, Unix, Linux and security course. I think that the guys at Offensive Security have done an amazing job on this course and I can't wait to try their next offering! Now, onto the challenge, obviously I can't mention too much about it here, but I can say that out of all the certifications that I hold, this has got to be the one that I am the most proud to have obtained. I started the challenge at 15:00, by about 16:30 I had already gotten through the first of five hosts. I though things were going well, then I only managed to get through the second host at about 23:45. I had a couple of hours sleep between 05:30-07:30 and then carried on until 15::00. It's the most intense exam that I've ever done for a certification, and I would happily recommend it to anyone. Also having one of the Offensive Security team around to reboot the servers when needed was a godsend, so thank you for your patience ;-) I got news about 18:30 that I'd made it through, and am now OSCP (Offensive Security Certified Professional) certified! Anyone even thinking about doing this course, just take the plunge and do it, you won't regret it.
13 August 2007
Well, driving around in a sports car has been great for the last couple of years, but I decided that I wanted something that's, well a bit more me shall we say ;-)
This is my new baby, with all the mod-cons that I could ever ask for, it does need a bit of work doing to it, but hey, I'm really looking forward to it. Yeah I know, anyone who knows me probably will laugh at the thought of me working on a car, let alone getting all greasy and the like, but I'm actually really excited it.
It's got 3 monitors already built in, the only catch is that they're all hooked up to a DVD player at the moment, which would be great if we had kids, but as we don't, in time the DVD player will be getting replaced with a Mac Mini, and then I'll be adding an omi-directional antenna onto the roof as well. I'm sure that you can see where this is going, so I'll leave it at that.
05 August 2007
Okay, so I've had a Facebook account for a while now, maybe a month, but it's only this weekend that I've actually started making use of it, well the way that it's intended anyway. I know that I'm not the only person on the planet that can see the security issues with Facebook, Christ, there have even been posts online about how identity theft is getting a not so little helping hand from Facebook. I won't argue that I've been hooking up with people that I lost contact with about 10 or so years ago, and exchanging photp's with family members, but still, this really is a bomb waiting to go nuclear. I know that web developers in particular are getting smarter day by day to the ways of the the wiley hacker, but I still think that no matter how good your developers are, there is someone out there who is going to find a hole, and a major way to exploit it, and if they're lucky sell it on. So, even though I do have a bit of personal information on there, it's nothing anyone who actually knows how to use Google couldn't find, I say let the games begin!! Ozzy Osbourne - Diary Of A Madman