I recently posted a blog post to Exotic Liability’s website with the same title, and I realized that it would make a great thing to post to here, and update regularly, or just put it on the wiki I keep saying that I get going here. Enough rambling, here is how you can get your fill of security: Podcasting: GetMon - http://www.getmon.com/ - This is a great site because you can download or listen to any of the security podcasts right from their site if you want to.
First of all, here is my slide deck from DojoSec with a couple added slides, words, and slight modifications: From Couch To Career In 80 Hours from Rob Fuller I have put this article off quite a few times due to some very cool and interesting things happening in our field as it applies to getting a job. That, and Matt Johansen beat me to it with his blog post titled: “A lot of Information Security Career Advice”, which I highly recommend you check out and add to your RSS reader.
Dark0perator and I will be giving a workshop at ToorCamp coming up July 2nd-5th: You can find us on the ToorCamp site: http://www.toorcamp.org/content/W13 Here is the description of our talk, save the bio(s): The Art of Pivot and Persistence: Shell is only the beginning. This workshop is based on the assumption that you have some level of access on a target system. From that it is demonstrated how to go from that level of access to taking over the whole company and how to keep that access, surviving reboots, AV scans, and even reimaging.
I highly recommend both of these courses, and the chance to get in front of the instructors and ask questions live is worth it IMHO. So bang on those manager doors and work it out, because seats fill quickly and they are limited. **Check out the [Offensive Security - Instructor Lead Training](http://www.offensive-security.com/ilt.php) page for updated information.** We are excited to announce our next Offsec Live Classes. Since you asked to be notified of our next dates you will be happy to be among the first to have your teams invited to one of our next classes.
Stolen from: http://www.flickr.com/photos/31513605@N05/
DojoSec Monthly Briefings - April 2009 - Rob Fuller (mubix) from Marcus J. Carey on Vimeo.
Now, before you get all huffy about the title, it’s not what you think. Keep reading: It’s been 20 days since I received my Kindle 2 (word of warning, NEVER use USPS. Spend the money; it’s not worth the stress). But enough of lullygaging, let me get straight to it: Advertised Features: Email DOC, HTML/HTM, JPEG/JPG, GIF, PNG, BMP (Also, everything can be put in a ZIP for one time sending).
Last Friday (March 6th, 2009) I posed the question above. What I got in return was nothing short of amazing, and to tell you the truth, it amazed me how the tally rounded out. I categorized the answers and counted them up (MANAGERS, listen up!): (12 votes) - Security Fundamentals: This category involves the application of A/V, IDS/IPS, basic safe surfing techniques, least privilege use, and an understanding of phishing.
First I wanted to say, sorry for this and the last installment of Room362 being non-technical. They are topics that I feel strongly about and so felt impelled to share.One of the biggest problems in the world, IMHO, are people who have unfounded hate. This is compounded by the anonymity of the Internet. Allowing that hate to have no reprocussion or identity. Let me also say I have a deep respect for Free Speech, the depths of which I fear, few truly know.
My recent post “OzymanDNS - Tunneling SSH over DNS” caused a good friend, and someone I highly respect in the information security field, Dave Hull from Trusted Signal, to call me out on the ethics of the post. Instead of lying to you, Dave, and to myself, I did not put any thought into the ethics of the post until Dave brought it up. Well, except for that auto subconscious RIGHT/WRONG check.