By Chris Gates, CISSP, GCIH, C|EH, CPTS

According to their web site, "Paterva invents and sells unique data manipulation software. Paterva is headed by Roelof Temmingh who is leading a light and lethal team of talented software developers." On May 6 2008, they released a new version of a very kewl tool named Maltego.

"Maltego, is an open source intelligence and forensics application. It allows for the mining and gathering of information as well as the representation of this information in a meaningful way. Coupled with its graphing libraries, Maltego, allows you to identify key relationships between information and identify previously unknown relationships between them. It is a must-have tool in the forensics.security and intelligence fields!"

Chris Gates' talk at ChicagoCon 2008s entitled "New School Information Gathering" touched on many tools and techniques. One of the tools he introduced to the audience is Maltego v2. This first in a two part series expands on this new tool with a basic introduction to Maltego followed by step-by-step personal recon tutorials. Part II will focus on infrastructure enumeration with Maltego.

del.icio.us

Discuss in Forums (3)

We Have A Winner!!

EH-Net member g00d_4sh has been chosen to attend Black Hat on us. Black Hat USA, August 2-7 in Las Vegas, is the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting including industry leaders Microsoft, Cisco, Google and new startups. Briefings tracks include many updated topics plus the always popular ones including Zero Day Attacks/Defenses, Bots, Application Security, Deep Knowledge and Turbo Talks. g00d_4sh wins a Passport Admission Ticket worth $1695. Congrats!

PS - EH-Net will again have a tweener party between BH and DefCon. Stay tuned!

del.icio.us

Discuss in Forums (17)

We'd also like to thank Black Hat for continuing to support our own security event, ChicagoCon. They are a rare organization indeed and deserve our full support.

Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie... quality is more important than quantity.

Only members are eligible!
Registration Is FREE!

The sub-title to my recent presentation at the SANS WhatWorks in Pen Testing Summit is Remodeling your career for little to no money down. Inside you'll find practical exercises in finding out who you are and what gets your blood flowing. And, although I do offer some advice on pushing your career in this growing field of ethical hacking with some inexpensive (and sometimes free) actions one can take, none of that seemed to be what struck a chord with the crowd.

One of the bullet points paraphrases a quote from the movie, Risky Business, when Joel's father says in a more PC kind of way that, "Every now and then you just have to say what the heck. Make your move." And that is what I did. At the risk of being laughed off the stage, I gave a non-technical talk at a technical conference and talked about life choices, family priorities and the dirty laundry of the male dominated IT world.

I've always been honest and willing to share with the community, and so I will continue to do so. The talk did not inspire everyone, but to the many that came up to me afterwards and the following day with their own career stories and to offer compliments go my deepest gratitude. As promised, I agreed to record this speech and share the MP3 file as well as the slide deck with all of you. Forgive me in advance, but much of the presentation is very personal, but I truly feel that it drives the point home (pun intended).

del.icio.us

Discuss in Forums (22)

Review by Chris Gates, CISSP, GCIH, C|EH, CPTS

In addition to his regular column, Chris Gates does some great work on EH-Net including participating in our growing forums as well as doing various book reviews. He is back with a quick look at a recently released security title by Cisco Press that Chris describes as, "Should be required reading for Pentesters.” So let's begin his review...

LAN Switch Security: What Hackers Know About Your Switches provides enough information to leverage the most common layer 2 attacks a pentester would be interested in; MAC Flooding, VLAN Hopping, DTP attacks, and CDP Snarfing along with plenty of switching protocol details for the Cisco ninja wannabe.

Free Sample Chapter Available Below - "Attacking the Spanning Tree Protocol"

del.icio.us

Discuss in Forums (4)

The SANS WhatWorks in Penetration Testing & Ethical Hacking Summit with Ed Skoudis brings together a number of authors, researchers, and actual practitioners of pen testing, the summit will not only give a view as to where we stand as a community right now but also where we are headed in the future. Joining Ed will be a number of celebrated hackers (the positive connotation of the term) including Google Hacking Expert, Johnny Long, and the man behind the Metasploit Project, HD Moore.

I once had a conversation of Ed Skoudis regarding career choices and advice. He indicated that he often gets asked how others can have a career like his. Barring the inevitable warnings of "careful what you wish for," he graciously shared a story with me. In short, he and a number of other friends in the industry sat down for dinner to answer the same question that others now put to Ed. "Hey. I want to do what that guy does. How do we do it?" This special set of interviews will give you a brief glimpse into what will be explored at the summit itself as well as a look into the how these gentlemen "Did it." Each of these three superstars agreed to answer a few questions to help you with your career. Here we go!

Part 1 - Ed Skoudis | Part 2 - Johnny Long | Part 3 - HD Moore

del.icio.us

Discuss in Forums (3)

“Inside this [class]room, all of my dreams become realities; and some of my realities become dreams.”

Student: Ed Skoudis's opening his factory. He's gonna let people in!
Teacher: You sure?
Student: It's all over the net, and he's giving truckloads of ethical hacking secrets away.
Teacher: Class dismissed.
Student: No, no. The first one's only for 25 people.
Teacher: Class undismissed.
Student: He's making available 25 golden tickets, and the people who buy them will win the big prize.
Teacher: Where's he hidden the tickets?
Student: They’re not really hidden. They’re inside SANS Events. You have to buy SANS courses to get them.
Teacher: Class re-dismissed.

The terms “Ethical Hacking” and “Ethical Hacker” have now become accepted industry terms. But many companies and government agencies were hesitant to support a credential with the word “hacker” in it. There have been many factors leading to the acceptance of ethical hacking such as:

* Regulations such as HIPAA, SOX, GLBA and numerous others.
* PCI DSS Section 11 and its clarification differentiating penetration testing from vulnerability assessment.
* Many courses and certifications using the term in their titles and official descriptions.
* Cisco Press, the Dummies Series and a plethora of book titles are beginning to use the positive connotation of the word hacking. Even Webster’s New World Dictionary has an edition specifically dedicated to hacking.
* A groundswell of professionals using the phrase and showing great interest in this new and maturing field.

Now add to this grass roots movement, a push by one of the most respected names in security training, SANS. The SANS Institute has long been known as a big player in the government sector. And one of its heavy hitters, who has even testified in front of Congress, Ed Skoudis, is the author of a new course with the exact phrase in its title. All of this validates what many of us had hoped for years. Hacking for a living is now a respected profession.

del.icio.us

Discuss in Forums (6)

We Have A Winner!!

SANS WhatWorks in Penetration Testing & Ethical Hacking Summit with Ed Skoudis features wonderful presentations by the top practitioners in ethical hacking including not only Ed Skoudis but also HD Moore, Johnny Long and many other top penetration testing experts in the United States and Europe who are coming together at the Paris Hotel on June 2 - 3 in Las Vegas to share their latest and most sophisticated techniques. "With presentations and workshops from industry thought leaders, this summit will help penetration testers, security assessment personnel, and managers responsible for vulnerability assessments operate more efficiently and effectively," says Skoudis. "You will leave the Summit with an arsenal of solutions that you can put to use immediately." For more detailed information, be sure to read the Summit Brochure. The lucky EH-Net member who will be given a complimentary summit pass worth $1745 has been chosen and it is vijay2. Congrats and keep up the good work.

del.icio.us

Discuss in Forums (7)

Participation on EH-Net is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie... quality is more important than quantity.

Only EH-Net members are eligible!
Registration Is FREE!

The SANS WhatWorks in Penetration Testing & Ethical Hacking Summit with Ed Skoudis brings together a number of authors, researchers, and actual practitioners of pen testing, the summit will not only give a view as to where we stand as a community right now but also where we are headed in the future. Joining Ed will be a number of celebrated hackers (the positive connotation of the term) including Google Hacking Expert, Johnny Long, and the man behind the Metasploit Project, HD Moore.

I once had a conversation of Ed Skoudis regarding career choices and advice. He indicated that he often gets asked how others can have a career like his. Barring the inevitable warnings of "careful what you wish for," he graciously shared a story with me. In short, he and a number of other friends in the industry sat down for dinner to answer the same question that others now put to Ed. "Hey. I want to do what that guy does. How do we do it?" This special set of interviews will give you a brief glimpse into what will be explored at the summit itself as well as a look into the how these gentlemen "Did it." Each of these three superstars will be asked the same three questions followed by additional questions specifically focused for that individual. Here we go!

Part 1 - Ed Skoudis | Part 2 - Johnny Long | Part 3 - HD Moore

del.icio.us

Discuss in Forums (5)