Wednesday, February 28

Offensive Security and the OSCP

Take 10 minutes and check out the offensive security site. In case you do not know, these are are same people that brought you Auditor, Whoppix, Whax, and now Backtrack[2].

If you haven't used Backtrack, check it out. If you want to do more with it, consider their training, labs, and certification.

For a syllabus outline and more information, click here.
You can download a demo training session here. Warning: this starts a video with sound.

I really like the idea of this training because:

1. The tool is free.
2. People actually use this tool for real security work.
3. There are video examples that you can watch as many times as you like.
4. There are labs and exercises which support the lectures.
5. There is an applied certification (OSCP).
6. For the certification "exam" you must apply what you have learned to attack a real environment (in a somewhat controlled environment --- you vpn in).
7. The cost? $400 USD. In a day where a good IT security book is $50, this is a steal.
8. Their support so far has been excellent.

In short, I am down for this training. I have one other guy that is going to jump in on this as well. If we get 5 total (so 3 more), we get 10% off. Let me know if you are interested.


MSIA - Master of Science in Information Assurance

I have been MIA for a month now. I even missed indysec 5. Shameful, I know. I do however have some good news --- my MSIA (Master of Science in Information Assurance) is complete --- all 36 hours.

That is right, I just received notification of my grade [A]. I can not say enough good things about Capitol College. If you are looking for a distance ed offering in IA, Capitol is a great school to consider.

I have discussed this before, but the key selling point has to be the live lectures via the web. The NSA seems to like them as well.

If you have any questions about the program, or anything else, just ask.

Stephen R. Moore, MS

Wednesday, February 14

(IN)SECURE - February 2007

Check out the February edition of (IN)SECURE magazine.

I still haven't had time to dig in, but this edition may have some promise. The spyware, infosec career, and vista article are of interest.

Also, was it just me, or did the RSA conference get even more press this year than last?

I must say I feel terrible. As I said last night, I had not had a chance to completely read the entire publication. It turns out I skipped over and left out a friend and colleague, Mr. Didier Stevens. Take a look at his article on ROT13 and its use in Windows XP, then go visit his personal blog here.

By the way, I love ROT13, which I talked about earlier in a light hearted post "Republican Aide Tries to Hire Hackers" here.

Additionally, I saw that Didier was "Dugg" on Digg for his work on "Reverse Engineering Mentoring" found here.