New Cutting Edge Module: ProxyChains – the Ultimate Proxifier!
March 29, 2011
Jeremy Conway’s put up a new Cutting Edge module for the end of March, here. In this new module, Jeremy covers using chained proxies to make attacks harder to trace.
Jeremy explains:
“The art of proxy chaining is merely connecting through more than one proxy and then to your intended destination or target. In general this technique can aid us in becoming tougher to trace and/or aid us in becoming more anonymous. ProxyChains is an easy to use program that forces any TCP connection made by any given TCP client to follow through a proxy or proxy chain. ProxyChains can be summed up as literally a “Proxifier” for non-proxy aware applications. ProxyChains currently supports the following proxies: SOCKS4, SOCKS5 and HTTP(s) making it an extremely versatile tool for any pen tester.”
Jeremy loves proxies so much – he even makes up his own words for them (proxifier 
).
Remember, if you’re interested in becoming a member, hop by our membership page for more info.
Cheers,
The Hacker Academy Team
The Key Skill-Set of Great Penetration Testers
March 24, 2011
I was reading an article entitled “Ideal Skill Set For the Penetration Testing” that I found fascinating. And while the author had some good points about the some of the more easily forgotten background skills that are required to be a great pen tester (e.g. OS and programming language skills), I think Keatron missed the majority of the real key skills that are required to become a great penetration tester.
Because, while it’s important to have all of the skills that he mentioned, one could have all of those skills and still be missing a lot. In fact, I know a lot of people (even those who have penetration testing jobs) that have all of those skills in spades and yet have trouble executing on penetration tests.
For me, the difference between Keatron’s list and a great penetration tester comes down to one thing: intelligence types. Specifically, the difference between convergent intelligence and divergent intelligence. Convergent intelligence is the ability to derive a solution from the evidence available to us, while divergent intelligence is the act of taking a single thought or concept and finding multiple applications for it.
In the Western world, we have traditionally emphasized the importance of convergent intelligence – all of our schooling focuses on developing this type of intelligence. Yet, it is the ability to develop divergent intelligence that actually leads us to be great penetration testers.
Free THA Webinar – Penetration Testing Reporting (is finally here!)
March 10, 2011
Another Free THA live webinar is around the corner – next week, to be exact! This time around, Mike will be discussing Penetration Testing Reporting. Let us just say – we’ve had OVERWHELMING requests for us to cover this topic – and as always, THA is more than happy to oblige. Mike will cover the importance of reporting, and how it fits in to the work flow for an information security professional.
We also want to let you know that we’ve changed our webinar system, as well. Our new platform is easier and more “intuitive” to use, and offers better service and features. You will now have the option of prepping us with some questions upon registering to attend – which will allow us to cater our webinar content for you better, ahead of time. For those of you who have never attended one of our webinars – well, you get to start off with our awesome new system – bonus! We hope you enjoy the new system as much as we do!
Time/Date details:
THA Free Webinar – Penetration Testing Reports
Date: 2011-03-16 (Wed. March 16th, 2011)
Time: 02:00 PM – 03:45 PM
Time zone: (UTC-05) Eastern Time (US + Canada)
Cost: Free
To join us for this 1 hour free webinar, Click Here to sign up to receive registration information.
Note: if you’ve previously signed up for our webinars, there is no need to sign up again – you will have already received an invite to register via email.
New Cutting Edge Module: Discombobulating an SOC sneaks in before March!
March 1, 2011
There’s a new Cutting Edge module by Jeremy Conway up for our members to usher in March. In this new module, Jeremy covers the strategies involved in Discombobulating a Security Operations Center (SOC).
Jeremy explains:
“Syslog is the most common method for transmitting system and device logs to central log management solutions and security information and event management solutions. Syslog was designed to be fast, lightweight, and simple to implement. It is these characteristics that make Syslog the go to protocol, but these same characteristics is what makes Syslog such an insecure protocol ripe for abuse by a crafty penetration tester and/or attacker. Security Operation Centers (SOC) and their staffed personnel tend to trust the Syslog protocol way to much by relying on these log messages to dictate their actions and/or reactions without questioning the trustworthiness and/or authenticity of these log messages. A few spoofed Syslog messages and a new style of social engineering attack can be carried out completely discombobulating a SOC into a process driven panic.”
This one got even Mike excited – “I can’t wait to watch this one”.
Remember, if you’re interested in becoming a member, hop by our membership page for more info.
Cheers,
The Hacker Academy Team
