pharaoh fortune slot
ExamNotes.net
Welcome, Guest. Please login or register.
November 23, 2017, 04:17:18 PM

Login with username, password and session length
* Home Help Search Login Register
  Show Posts
Pages: [1] 2 3 4
1  Other IT certifications / CISSP / Been a while... on: September 22, 2007, 02:48:05 AM
To think, I, comblues, was referred to go to Defcon, and have my XXX handed to me...

Hmmm...

Interesting thought.

However, I live on the net and as such, I do what I please.  I may be a long-time script kiddie to some but I know how to use my tools to great advantage - some or most of the time at least.

It's been a while back, but it is still kind of funny - I guess the dude who said it really never heard of me at all...

Hmmm...

Still amusing.
2  Cisco / CCNP / CCNP - how long? on: October 25, 2006, 04:20:39 PM
I took and passed the whole battery of 4 exams in 1 week...

But then I studied Routing alone quite a bit before I started taking the exams - maybe 2-3 months along with CCDA.

I had my CCNA and CCDA at the time.

I took the CCNP (kinda let it slip while working towards the CCIE RS) and it took me about 1-2 weeks then - about 2 years ago.

So... and I had taken the Composite then and it took me two shots - imagine that - Ouch!  I had to wait for the second attempt.

Killed my CCNP in a Week study plan...

But then I eat cert exams for breakfast.

I did the CCEA in a week too...

Had to do one re-take if memeory serves me correctly.
3  Cisco / CCNP / Follow-Up - 4 Years Later... on: October 25, 2006, 04:13:18 PM
Hey,

Someone mentioned this old, old post to me today and so I read it and what I had said then and how things have happened now, some 4+ years later...

I got a job on July 15th - so I spent about 6 weeks on the bench.

I had a choice a 70K position or a $25.00 hour contract.

I took the contract.  It was more interesting and promised a more involved role.

I also took a $30.00/hour role at night as an instructor for 20 hours per week.

=======================================

It worked well - I taught the class for one quarter.  Then I started teaching for $33.00 per hour on contract where I worked after the initial 3 month contract and I was asked to go perm.

I did it for a whopping $38K which got to $47K by the time I left.

But hey, I ran a 50,000 user network for 2.5 years or so...

Great resume filler...

I left for $60K and got a 15% raise after 10 months or so...

I'm getting ready to depart a 14,000 user network for about $95k + bonus as we speak.

So...

Things are not that bleak...

At least not for me...

I failed the CCIE Lab and landed about a $40k increase in salary...

Go figure...

But then, I have a few experiences that are far and wide and not very skinny in the middle.

Good Luck everyone...
4  Other IT certifications / CISSP / Defcon? - Sorry I don't hold this one in the highest regard... on: November 13, 2005, 12:34:20 AM
I like Blackhats better. Smiley

It's usually not far away and it seems to draw a more distinguished crowd...

Defcon, when wants to check out the latest Hacker Fashions and Art Decor...

As far as hacking for hackers in concerned, the very best offense has always been a strong defense.

If you play hacking games for very long this becomes the rule.

Defend what you have, take what you can, and live to be free another day.

This is what "Hacking is about".

As far as the famous 3-Gig trove - I still have it.

Most of the tools would seem much too common and outdated...

That is until you start to realize what they really are...

You see, they are not the garden variety tools that an AV would detect, nope!

They have been modified and they are much more stealthier.

On days when I have time I try to dissect them with my Sniffer and see which ones my IDS can pick up or not...

Smiley

So, which convention would you like to go to, hmmm...  This would be up to your preference and budget.

Defcon is cheaper in more ways than one.

But select your choices wisely, I don't thing it would benefit someone if all they were doing was going just to be seen...

That is not what the "scene" is about...

Sorry I don't have time to wrangle words with you...

I do have qualifications to amass and Enterprise Networks to run...

Smiley

Gotta make the bucks you know...

Good luck!

And no real disrespect to Defcon, everyone starts somewhere...

And I guess if you like to mix your hacking with partying it would be the place...

Did I ever tell you about the guy with the green tipped pony-tail?

Well, he helped me pass my CEH, sort of...

Nice of him, a recognized security guru and Defcon attendee/speaker/"expert" to come into my domain...

Ha! Ha!

I guess we can all play games a bit can we not?
5  General discussions / General Discussion / OSSTMM or CEH??? on: November 15, 2003, 05:28:44 PM
Hmmm...

Guys

The OSSTMM is simply a methodology that uses no particular tool.

The training for the OSSTMM is a mindset.

If I can open a door 10 different ways.

That may be lesson 1...

Lesson 2 would be something like

How many ways can a mecahnic fix a tire...

Etc.

Basically, the OSSTMM by itself has little to even to with a computer much less hacking.

It is about how to think.

And that is what Hacking is about.

If you simply jump in and start typing - You are either not a hacker or a poor one.

Ever watch Idiana Jones or MacGuiver?

There you have a pair of "Hackers"  Why because they look before they leap.

If you do that on my network, you simply will never do it twice.

If any of you out there have ever worked with me - You know I am serious here.

Now the CEH, the CEH takes one into an exploration of the practical usage of tools and their many applications.

Combine the 2 and you have a potent combination.

A guy who knows which tool to use and knows enough to consider how to use it both methodically and thoughtfully.

Now my friends you have the quintessential "UBER-HACKER"

As far as the CISSP and the 10 domains go - I personally have far less respect for this title.

Seems to be more for someone who needs a broad idea of what is to be done - not how or why to do it.

Hmmm...

I do find a sense of respect in what SANS has to offer.  At least from the vantage point of content.

The idea that the paper is submitted and the tests are taken on an honor system somewhat bothers me a bit.

That is I can have an associate write my paper and perhaps even "take" my exams...

This scares me a bit.

I like the CEH because you simply have to know how to read output from commands, you have to know what parameters to input, if not you simply will not pass.

Now combine this with a strong lab and we've got the hottest cert in a decade.

Oh well, I digress...

Good luck folks...
6  Other IT certifications / CISSP / CEH is what you want on: September 04, 2003, 02:19:47 PM
The reason is simple...

Learn to use the tools and techniques a hacker uses...

Simple as that!


Takena  step further - it is simply more technical!

The social engineering is great as well.

Combined with a methodology such as the OSSTMM, it is a downright scary thought.


I just finished the course and I'm here to tell you the material included in the course is nothing less than expansive.

Can you read packets?  You better try.

Can you tell the difference between a code red worm and nimda...?

Well, I'm sure every CISSP can tell you in depth how to perform an SQL-injection attack or a Main-IN-THE-MIDDLE attack!

Well a Certfied Ethical Hacker can!

And more!

How many people know how or where to start an actual PENTEST - Ask a CEH, he or she knows!!!

Hummm...  Need to crack a Novell Box, simple as pie for a CEH...

Unix or Linux again...  Ask the CEH to explain in detail, they simply can!

Now as for the others maybe or maybe not...

I do hold respect for the SANS GSEC Certs since it is generally understood that one must be intimate with technology in order to write a detailed analysis on a topic...

Will I pursue CISSP, TICSA, SECURITY+, CIW Security Analyst etc. ....

Yep, but I hate to be negligent onmy vocabulary...

When I want to stop a Hacker, I want a Certified Ethical Hacker, simple as that!

No comparison.

You simply must be able to perform to pass the exams...

The tests are screenshots of some type of scripts or packet-level analysis and you must be able to read/decode them in order to pass...

Just like in real life...

You do the math!
7  Other IT certifications / CISSP / Class Update on: September 04, 2003, 02:06:10 PM
OK guys,

Here's the tally of the subjects taught so far:

Windows 2000 Installation (Fully Explained)

Followed by several off-hour builds, and completely documented per student.

DNS, WINS, and DHCP Services.  Each fully explained with in-class hands-on labs and several hours out-of-class hands on performed at the training facility.

USERS, GROUPS, and SHARE/NTFS Permissions.  Fully Explained and performed with lots of hands-on exercises.

Directory Traversal, Auditing, and Local Security Policies were covered in depth.

Next Lesson:

IIS/FTP/NNTP/SMTP/Certificate Services

Remember:  The goal is that each student is fully hands-on experienced.  The student understands the how's, where's and why's.

Finally the student is shown how to troubleshooting techniques for each service and each tool is capable of being used, understood, and able to be taken advantage of; much like a Hacker might think...

I.E. Hiding Files with a common name (Microsoft), starting a complete file subsystem, for say a pubsto, then taking away all rights and permissions in addition to setting the hidden attribute...

Sneaky, but common.  Now say we take that concept a step further and create out directories at the prompt level and use a filename of Alt+255.  

Well let's see, it's virtually invisible inside of Windows, it's hidden just in case, rights and permissions have been removed and then it's buried in places most won't even look.

Now let's do the same thing again but this time in the recycle bin...

And let's add a twist say, AUX, CON, or PRN...

Now let's play...

You see how the process evolves, we used social engineering to hide the file (common name), then we might use old-fashioned stuff like Alt-characters to hide our filesystems and then we said we would hide them further in our recycle bins and maybe even with system device names...

Now let's take that a step even further...

Let use alternate data streams... Ha... Ha...

It's getting darker on this side of the force..

You see getting into a machine by just using penetration methods is great but one needs to understand how a system might be exploited from the indside out or back again if one really wants to understand a hacker...

And that's where we come in to train those who come seeking knowledge...

It's good to be able to break into a system, it's great to be able to do totally undetected until one is ready to leave...

Now most people have a hard time detailing these things or simply do not want to...

But then that's where this type of hands-on training comes in...

Let me know if you wanna know more...
8  Other IT certifications / CISSP / CEH Achieved on: September 04, 2003, 12:46:36 PM
Well Guys:

I spent a week in a CEH Training Class (not a bootcamp).

Then spent the weekend reviewing the tools, their respective creators, and trying to use as many as possible (there are over a hundred) and then sweated as I waited until Tuesday to take my exam.

I passed at 92% on my first attempt.

1 Cert Completed.

A few more to go...

Looking for the following:

Security+
TICSA
Microsoft MCSA/MCSE + Security (already MCSA/MCSE) so I need either 2 or 3 exams.

CCSA/CCSA - Just because I like Checkpoint too!

But the GSEC is officially the 4th Cert.

BTW - I got to get my Sniffer Certs completed in about the same time.

As far as the trove of tools - I came about it from a sortie with a Trojan/Worm tools that I noticed seemed to visit a variety of sites but none were the same on any two of the machines hit.  (Over 30 overall).

So I tried my luck and hit paydirt.

Now I have an arsenal of viruses and worms that are immune to virii checkers.

So these troves do exist.  But it does appear they are mobile?

Good luck finding one.

Look at your worms.  Particularly ones with the sdbot or some other bot.

Seems they go and download 2 files from the trove.
9  Other IT certifications / CISSP / Ethical Hacking - Hmmmm.... on: July 08, 2003, 11:10:43 PM
Starting a 6-month intensive burn the brain course...

Fully Hands-on.

Goal 4 Cert in months and full y functional in at least 2 OS's (but hey why not learn a little about Novel and OS2, cause you can...)

Recon
Audit
Attack
Clean-up
Hide in Plain site
Defense

Hard Drive Forensics
Virus, Worms, and Trojans, on my...

And what about Social Engineering?  Nice trick for an interview...

After all business is war and "all's fair in love and war"... where the end justifies the means...

Ever heard of the OSSTMM...

I intend that all students use it for a bible...

Nice to have a thorough guideline to audit and to build a solid defense...

Think castle and moat...

Then think Ninja and Samuri...

Now you have an Ethical Hacker...

The Ethics of a Samuri, coupled with the skills and armament of a Ninja...


Hide in Plain site - Check
Weapons of Mass Destruction - check
Strong Armor - check
A few more secrets...

After all, it takes a Hacker to find a Hacker...

Final Exam - Find a Hacker Tool's Archive - Hack in (anyway you can) and retrieve at least 3 Gigs of the best tools you can find...

Bonus Points for 0-Day Tools...

Anyone care to ante up...

Oh yes...  I might advise that your personal PC or Palm be armored before such an undertaking into a Dragon's Hoard...

Care to live the adventure?
10  Cisco / CCNP / Things aren't sooo bad, here's why... on: June 20, 2002, 02:24:47 PM
Just left my credit union:

I can defer my two car payments for up to 90 days with penalty.  (Lifetime of each loan).

Done.

Student Loan can be deferred.

I/P - Will be done today.

I'm checking the credit cards that are in my name to get them deferred.

There are training programs in my state that are I'm eligible for:

Including up to 2 years college "scholarship"

or free MCSE training + Exams

or CCNP training + exams.

I already have the CCNP.

I thought the upgrade to MCSE2K + Exams sounded nice or better yet finish my bachelor's degree while in transit. - I lack three courses.

Whew!

Gotta give up the $1500.00 apartment though!

So I'm going now to ask about my options with them...

And I only have 1 credit card and 1 account with a computer vendor.

So maybe they can either defer or not charge interest during this period of unemployment.


Maybe it's not that bad, for me it's been only three weeks.

But I've ran into others who have been on the sidelines for better than 6-8 months.


Can't take chances.

Meanwhile I've signed up to be a free agent with many of the usual suspects...

I'm still very skilled technically.  Freelance is not so bad and I've done it before...

Pays the bills.

Better than U/C anyway.

Take advantage of the programs if I'm deemed eligible.

Otherwise knockin' on doors and making phone calls...

Hi, it's me can I fix your PC, fix your network, connect your router, program your phones, make your office wireless, wire your office/house, switch your phone carrier and save you some bucks...

Or just build and sell custom PCs.

Life always offers challenges...

It is up to us how we meet them...
11  Cisco / CCNP / Hmm... on: June 18, 2002, 07:15:55 PM
Lately the only return calls I've been getting are out of state for VoIP/AVVID deployments that pay 100k +


or the flip sideis that I picked up an application to work at 7-11 figuring it may pay better than unemployment till something happens.

Lots of jobs for Call Center People...

What a Career - Get's ya up into nearly the 6 figure range then - WHAM!


And I'm practicing saying:

Do you want fries with that?


Now, I'm no newbie and I've got the certs at the highest level and the skills to go with em'

But it looks like I'll be going to work at -11 and Wendy's to finance my ad campaign to become get some consultant business again...

That's about wha it has resulted to...


Good New I charge $125.00 per hour to small-medium networks to do the same things I do for larger networks... for 60-80k

What I life...

Maybe it is for the better...

Funds are starting to drain...

Still got 5 possibilities out of state, waiting on a couple of resumes in-state and a few projects here and there...


I am becoming well-versed in the AVVID Arcitecture, though...

Imagine getting a job at Mickey D's and as a FRY-Boy and then setting up an International AVVID Solution for them and all for minimum wage pay...

Go figure...


Such is life...

I do have my "Will route for food" sign ready...
12  Cisco / CCNP / WanteD: Dead or Alive! on: June 14, 2002, 07:19:04 PM
Hey guys

I got an opportunity for a contract but I need to make a team of 5 people...


Voice over IP / CCNP / MCSE / Unity is a Plus

Let's Build an IPCC or migrate....

Read...

I need resumes of interested people...

The Rates are good 50-60.00

Allright:

Job is in the northeast...


I need 5 indviduals who can become a team.

Goal: Deploy an IPCC

Here's what ya gotta have:

5+ years experience in IT
VoIP Design/Implementation Experience
Any background with Legacy PBX/Phone Systems a Plus
(Specify Lucent, ATT, or Meridian )

Any AVVID Qualifications are a Plus as are any CIPT Quals you can achieve by Sunday Evening.

There are some good books on IPT out there.
Cisco's Web-Site has a great project plan from start to finish.
If you are a potential candidate -> Then you already have access.

If not, then this job is not for you.

Gotta have Cisco Quals

Prefer experience with any of the following:

26xx, 36xx, AS5300, AS5800, 7204 or 7206 VXR, 7505's
and Catalyst 4000, 65xx, 85xx would be nice...

If you know the 35xx or the 4224 that is a plus as well.

MCSE Required w/Exchange 5.5/2000
CCNP Probably Required

Any MS-SQL is a Plus

Any XML is a plus

CAT 5, 5e, 6 /Gigabit/ ATM Networking is a definite plus.

Structured Cabling is a plus...

Now the good part:

Pay: 50-60.00 per hour
Terms: Contract to Perm


I need resumes...

I'm not the recruiter, but I said I could put together a team.

Let me know if you think you qualify.

This is not entry-level.

But if you have been around IT in a serious job-role for the past 5+ years, I wanna hear from ya...

Comblues@yahoo.com

Clock is ticking
13  Cisco / CCIE / Too much??? on: June 14, 2002, 07:16:16 PM
Timi

For what I am doing my quals are barely entry level...

Getting the Cert is only the first step to show others I even have a clue and can enunciate the diction required...

Got alot more hurdles to get through...

The more you learn the more you realize you have to learn...

Happens to me everyday...
14  Cisco / CCIE / Actually... on: June 11, 2002, 10:55:07 PM
I have most everything one can ask for to study for the CCIE R/S with...

And I have been recently going through the Cisco CD eyeballing where I can find nearly 150 topics in a minutes notice...

And it appears to me that Cisco has done an excellent job of documenting most every feature and if one were to do the given examples then one would be able to master most (all - naturally) of the concepts covered in the CCIE Level Exams...

Remember the CCIE is but the beginning of the journey...

Good Luck!

And I've been to the gettlabs FTP site...

They have nice labs as well, however I do not believe I have seen any of theirs on Security yet...
15  Cisco / CCNP / Good Conversation. on: June 10, 2002, 01:36:43 PM
I, myself, have re-structured my debt.  Made it possible for to live on a 30k+ cut and be happy.

I've even come to accept that unless one of the out-of-state opportunities becomes a reality that I will be re-inventing my skills locally.

My NT is out of date.  I need to get Metaframe XP for my Citrix.  May be a good time to get certified with Novell (back in the day we believed them all to be just "paper".  Get some of my Lucent and 3Com qualifications completed.


And of course, finish the CCIE and a BSIT (need about 3 classes).

So this is a time to also re-evaluate what I am trying to get out of my career (money or just being happy working with good people and new technologies).

And of course, spend more time with family, even get back to the gym.

Whew!

Just a few positive things...

Got caught up in the rat-race, time to get back on track for what I got into the field for in the first place...

Ciao
Pages: [1] 2 3 4
Powered by MySQL Powered by PHP Powered by SMF 1.1.13 | SMF © 2006-2011, Simple Machines LLC Valid XHTML 1.0! Valid CSS!