Tales of a Security Professional

tag:blogger.com,1999:blog-3682554798416291160Sat, 05 Oct 2024 02:02:04 +0000certification testingpenetration testingweb application securityGSEweb application testingnetwork securitysecurity labtrainingfilteringinternet architecturetoolsclient side input validationegress filteringinput validationscanningwireless2012CCNP SecurityCISSPGWAPTNSMOSCPSguilhost discoveryingress filteringmalware analysisnetwork security monitoringnmapCCSPDrive RecoveryGFORGPENHolidayOSCEOSWEOWSPWEPbad web applicationbehavioral analysisgoalsmetasploitwelcomeTales of a Security ProfessionalMy ramblings and thoughts about being an Information Security Professional! I hope to give out some useful information to others in the field or looking to get into the field.http://securitylifer.blogspot.com/noreply@blogger.com (Dennis Distler)Blogger47125tag:blogger.com,1999:blog-3682554798416291160.post-7004441471922091819Sun, 04 Nov 2012 16:59:00 +00002012-11-04T10:59:49.422-06:00penetration testingsecurity labweb application securityPortable WAPT Hacme Travel Setup      <!--[if gte mso 9]> http://securitylifer.blogspot.com/2012/09/portable-wapt-hacme-bank-setup.htmlnoreply@blogger.com (Dennis Distler)0tag:blogger.com,1999:blog-3682554798416291160.post-1566501507559240211Sat, 04 Aug 2012 17:31:00 +00002012-08-20T16:04:46.522-05:00penetration testingsecurity labweb application securityweb application testingPortable WAPT Pre-built VM set up In the last post I described VMware host-only networking and the IP address’s to be assigned to each guest in the WAPT. This post will cover setting up the Samurai WTF and OWASP Broken Web Application VM’s. Since the Hacme VM will require an OS install, it will be covered in the next post. First we must download the VM’s. Click the following links to download the VM’s:    &http://securitylifer.blogspot.com/2012/08/in-last-post-i-described-vmware-host.htmlnoreply@blogger.com (Dennis Distler)3tag:blogger.com,1999:blog-3682554798416291160.post-6341986927412143552Sun, 29 Jul 2012 22:31:00 +00002012-07-29T17:32:01.227-05:00certification testingGSECongratulations Ash! I wanted to drop a quick note and say congratulations to my friend Ash for completing the GSE! If you have read this blog in the past, Ash and I sat for the GSE together in 2011 and he just finished his last bit to earn the GSE! http://securitylifer.blogspot.com/2012/07/congratulations-ash.htmlnoreply@blogger.com (Dennis Distler)0tag:blogger.com,1999:blog-3682554798416291160.post-7340036103370003562Sat, 14 Jul 2012 16:16:00 +00002012-07-14T11:17:17.568-05:00penetration testingsecurity labweb application securityweb application testingPortable WAPT VM NetworkingThe last post discussed the requirements and what would be used to set up a portable WAPT lab. This post will focus on setting up lab networking. If you are familiar with VMware network options, you will find absolutely nothing new, but I wanted to include it for people who may not be familiar with it. Hosting known vulnerable operating systems, and applications has obvious risks, and its http://securitylifer.blogspot.com/2012/07/portable-wapt-vm-networking.htmlnoreply@blogger.com (Dennis Distler)0tag:blogger.com,1999:blog-3682554798416291160.post-532719726072466312Fri, 06 Jul 2012 20:48:00 +00002012-08-04T10:23:00.628-05:00penetration testingsecurity labweb application securityweb application testingPortable Web Application Penetration Testing Lab This posting is the first in a series that will talk about building a portable web application penetration testing (WAPT) lab. After lab setup I may continue the series on attacking the lab. The first part will cover the reasons why I am trying this, hardware and software used in building a portable WAPT lab. FYI to the reader, I have not done this yet, so consider this a work in progress and http://securitylifer.blogspot.com/2012/07/portable-web-application-penetration_06.htmlnoreply@blogger.com (Dennis Distler)0tag:blogger.com,1999:blog-3682554798416291160.post-8735146606338896364Fri, 22 Jun 2012 02:46:00 +00002012-07-06T15:38:12.555-05:002012CCNP SecurityGWAPTUpdate2012 Mid-Year Update. I haven't forgotten about the blog, I have just been busy. I am trying to better manage time and keep everything afloat, and seem to be failing right now. To get back on track I am doing a mid-year status check. On the certification front, I passed the OSCP on my 2nd attempt. This time around I was more organized, focused and just overall better prepared. As someone http://securitylifer.blogspot.com/2012/06/update.htmlnoreply@blogger.com (Dennis Distler)0tag:blogger.com,1999:blog-3682554798416291160.post-5108277527681965909Sun, 29 Apr 2012 15:02:00 +00002012-04-29T10:02:43.883-05:00certification testingOSCPpenetration testingtoolstrainingHow to fail a certification testMy last post was all about Goals for 2012, and I will tell you I am already failing them. I have had a lot going on personally, nothing bad, just a lot going on right now. The only thing I have completed so far is I took the Offensive Security Pentesting with Backtrack class. I highly recommend taking this class to anyone who works in Information Security. If you think a pentest consist of http://securitylifer.blogspot.com/2012/04/how-to-fail-certification-test.htmlnoreply@blogger.com (Dennis Distler)1tag:blogger.com,1999:blog-3682554798416291160.post-1004802973360444125Sun, 22 Jan 2012 23:10:00 +00002012-01-22T17:10:16.322-06:002012CCNP SecurityCCSPcertification testingGFORgoalsGPENGWAPTOSCEOSCPOSWEOWSPGoals for 2012It’s been a long time since I have blogged, and one of my goals this year is to blog at least twice a month. I plan on having two types of post(s), a personal/goals update and a technical post, if I do additional posts in a month the post will be technical. This post is my first post so it going to be a personal/goals nature. I got the idea of from my Australian friends Chris and Ash. Each yearhttp://securitylifer.blogspot.com/2012/01/goals-for-2012.htmlnoreply@blogger.com (Dennis Distler)1tag:blogger.com,1999:blog-3682554798416291160.post-9106587118061256084Sat, 15 Oct 2011 14:04:00 +00002011-10-15T09:04:39.691-05:00certification testingGSEDrum Roll Please…………It’s been a couple of weeks since I have updated the blog. I hoped to get a post out about SANS FOR610, but that will have to wait. Thursday evening I I received an email from Jeff Frisk about my GSE results! Naturally my wife had been working late, was on the way home but she was still a good 30 minutes away. I called her and told her I got the results, she said OPEN IT NOW! Who am I to http://securitylifer.blogspot.com/2011/10/drum-roll-please.htmlnoreply@blogger.com (Dennis Distler)0tag:blogger.com,1999:blog-3682554798416291160.post-1718771648237372656Sat, 01 Oct 2011 23:31:00 +00002011-10-01T18:31:35.870-05:00certification testingGSEMy thoughts about the GSE lab.After sitting through the lab, and having some time to reflect the exam I thought I would give my thoughts on it. I don’t know if I passed or fail, but I wanted to get this out before I got the results so I had no bias. There is a lot of mystery surrounding the exam, and I am not going to reveal anything new about the exam itself. I’ll say there was nothing on the exam that wasn’t covered in thehttp://securitylifer.blogspot.com/2011/10/my-thoughts-about-gse-lab.htmlnoreply@blogger.com (Dennis Distler)0tag:blogger.com,1999:blog-3682554798416291160.post-3471715956202652586Mon, 26 Sep 2011 01:23:00 +00002011-09-25T20:28:55.045-05:00certification testingGSEThe GSE Lab………Completed!After months of preparation, I took and completed the GSE Lab on September 17th and 18th at SANS Network Security 2011 in Las Vegas. I took the last 30 days off from blogging to prepare for the exam. Unfortunately most of the time was spent working and not preparing for the lab itself, but I was getting a little burnt out studying. I flew to Vegas on Friday the 16th and meet my fellow tester and http://securitylifer.blogspot.com/2011/09/gse-labcompleted.htmlnoreply@blogger.com (Dennis Distler)0tag:blogger.com,1999:blog-3682554798416291160.post-2825031836254111701Tue, 16 Aug 2011 22:10:00 +00002011-08-16T17:10:00.731-05:00certification testingGSEtraining30 days and counting…… I have not blogged in a while because of various things going on. However I looked at calendar today and realized in 30 days I will be on a flight to Vegas for the lab! My final month is all about lab time and doing the exercises from the GSEC, GCIA and GCIH classes. As I am doing the exercises it’s about doing them fast and right. The clock is ticking during the exam so I have to be fast and http://securitylifer.blogspot.com/2011/08/30-days-and-counting.htmlnoreply@blogger.com (Dennis Distler)0tag:blogger.com,1999:blog-3682554798416291160.post-4867341936545962864Sun, 24 Jul 2011 22:20:00 +00002011-07-24T17:20:30.758-05:00certification testingGSEmalware analysistrainingI am alive, GSE prep and SANS Network Security 2011 facilitator…..My short absence from updating the blog is both sad and funny. I originally planned to skip one week because of short 3 day holiday with my wife and friends. While on holiday I received a phone call from my father explaining to me how he just broke his leg 500 miles from home! To complicate matters, my mother just had knee replacement surgery a few weeks earlier and was home in bed unable to do http://securitylifer.blogspot.com/2011/07/i-am-alive-gse-prep-and-sans-network.htmlnoreply@blogger.com (Dennis Distler)0tag:blogger.com,1999:blog-3682554798416291160.post-6127762535116020892Sun, 03 Jul 2011 14:14:00 +00002011-07-03T09:16:31.970-05:00certification testingGSEnetwork securitynetwork security monitoringNSMSguilUbuntu, Sguil, InstantNSM and GSE Lab PrepLast week I discussed Sguil and I was going to do a post on getting Sguil running on Ubuntu. Like most good plans, mine feel apart. To start with, I changed what I intended to blog about late in the game, than ran out of time. My plan now is to include using InstantNSM and the Sguil packages to get a Network Security Monitoring (NSM) up quickly. In order to do to this I have to modify InstantNSM http://securitylifer.blogspot.com/2011/07/ubuntu-sguil-instantnsm-and-gse-lab.htmlnoreply@blogger.com (Dennis Distler)0tag:blogger.com,1999:blog-3682554798416291160.post-8511203924460118824Sat, 25 Jun 2011 20:54:00 +00002011-07-03T09:12:38.234-05:00certification testingGSEnetwork securitynetwork security monitoringNSMSguilGSE Lab Prep – The Tao of Network Security Monitoring and SguilI spent the past week reading The Tao of Network Security Monitoring by Richard Bejtlich as part of my “study plan” for the GSE Lab. Fortunately, or unfortunately, take a train to work every day and that gives me 1.5 hours to do whatever I want to. This time allows me to read a 600+ page technical book cover to cover in a little over a week. I also have spent time building/playing with my GSE labhttp://securitylifer.blogspot.com/2011/06/i-spent-past-week-reading-tao-of.htmlnoreply@blogger.com (Dennis Distler)0tag:blogger.com,1999:blog-3682554798416291160.post-787818477114131499Sat, 18 Jun 2011 15:19:00 +00002011-06-18T10:26:41.204-05:00certification testingGSEGSE Lab plan……With the GSE written out of the way it’s time to focus on preparing for the lab. My plan, which will go to hell over the summer as work and personnel stuff take over, but it’s my plan anyway.The first part of my plan is to go over several books, which I have been trying to do for a longtime. Here is a list of the following books I plan to review:The Tao of Network Security Monitoring Extrusion http://securitylifer.blogspot.com/2011/06/gse-lab-plan.htmlnoreply@blogger.com (Dennis Distler)1tag:blogger.com,1999:blog-3682554798416291160.post-424251616072432035Sun, 12 Jun 2011 17:56:00 +00002011-06-12T12:56:44.418-05:00certification testingGSEWell that was unexpected…….Seven days ago I posted that I was going to spend that week reviewing SEC 504, then using this week to review the material I needed to work on and taking the GSE written on the 18th. Review of the 504 material went much quicker than I thought and was done Tuesday.  I spent time contemplating moving the test date forward, and decided to take the written on Friday the 10th. My thought was, if http://securitylifer.blogspot.com/2011/06/well-that-was-unexpected.htmlnoreply@blogger.com (Dennis Distler)0tag:blogger.com,1999:blog-3682554798416291160.post-6200080694709345480Sun, 05 Jun 2011 18:57:00 +00002011-06-05T13:57:48.741-05:00certification testingGSEGSE Written…Studying has begun in Ernst!Since I decided to apply for the GSE I began reviewing my material from the three classes. My schedule was to have all my reviews done by 6/12 with an eye on taking the written on 6/18. As of today I am on track just completing my review of SEC 503, and already completed SEC 401. This week is all about the last class SEC 504 (Incident Handling). Looking over the material I will say this review http://securitylifer.blogspot.com/2011/06/gse-writtenstudying-has-begun-in-ernst.htmlnoreply@blogger.com (Dennis Distler)0tag:blogger.com,1999:blog-3682554798416291160.post-6687275800453157974Sat, 28 May 2011 17:18:00 +00002011-05-28T12:19:28.798-05:00certification testingGSEGIAC GSE.....the beginningSo it’s been a while since I have blogged, but I have decided to try again. This time though I am going to take the reader on a ride. I have spent considerable time contemplating and I have made the decision to attempt the SANS/GIAC GIAC Security Expert (GSE). If you are unfamiliar with the GSE it’s SANS Expert level certification check out this link for details, it covers the requirements http://securitylifer.blogspot.com/2011/05/giac-gsethe-beginning.htmlnoreply@blogger.com (Dennis Distler)0tag:blogger.com,1999:blog-3682554798416291160.post-8145726595512409627Sun, 21 Nov 2010 20:59:00 +00002010-11-21T15:02:41.149-06:00toolsweb application securityweb application testingfuzzing a web applications directory structure p { margin-bottom: 0.08in; }a:link { } When performing black-box web application penetration test one of the most important steps, but often overlooked is the application profiling phase. The objective of the application profile phase is gather as much information about the application structure and the applications functionality as possible. Typically, especially during a black-box test, http://securitylifer.blogspot.com/2010/11/concepts-of-determining-applications.htmlnoreply@blogger.com (Dennis Distler)0tag:blogger.com,1999:blog-3682554798416291160.post-5780095222540755988Thu, 04 Nov 2010 00:24:00 +00002010-11-03T19:24:55.448-05:00certification testingpenetration testingscanningtoolstrainingwirelessCompleted OWSP challenge …………………and passed!A few months ago I blogged about taking the Offensive-Security Wifu class, which can be found here. I finally completed the second part of the class and signed up for the challenge to get the Offensive Security Wireless Professional (OWSP). The second part of the class, which had several videos with it, was focused on gathering information and using that information to attack wireless networks.http://securitylifer.blogspot.com/2010/11/completed-owsp-challenge-and-passed.htmlnoreply@blogger.com (Dennis Distler)1