Personal Homepage

Test Post

Moved to a different setup - test post Test post to see this working. Here is some text: Lorem ipsum dolor sit amet, ne verear veritus abhorreant sed, pro homero blandit detracto ex, duo ei altera electram partiendo. Te sed eripuit dolorum phaedrum, an libris essent ius, eos aeterno invidunt in. Has ea impetus vocibus tacimates. Ut ancillae expetenda eam, ei pro primis nonumes inimicus, oporteat oportere eam te. Vis id doctus commune omnesque.

CREST Registered Tester (CRT Exam)

I have been meaning to get round to is this post for a while… It seems to me that a lot people come across this site looking for information on how to prep for the CREST Registered Tester (CRT) exam, and this is also what I get asked the most about though the contacts page. Everyone is different but here is my experience without breaking the NDA (note: should anyone from CREST have objections to this post please get in touch via the contacts page and I will remove it).

GIAC Certified Tester

Today I passed the SANS GIAC Certified Penetration Tester exam and thought I would write down a few notes to help people prepare for this exam. The exam is 4 hours long and consists entirely of multiple choice questions, but unlike other multiple choice exams I have taken, this one does not let you come back to a question later, you can either answer the question or skip it entirely. The other thing with the exam that I have not encountered before is that it is an open book exam, meaning you can take whatever books and notes you want to take with you in to help you in answering the questions.

Metasplot Resource Files

Metasploit has a handy feature that allows you to load settings from a file, this allows us to create easily repeatable configurations. I like to create a directory structure when pen testing keeping notes and tool output in plain text files and find it useful to create and store the metasploit config files along with these. The directory structure would look something like this: Within the ‘230_psexec.rc’ file I would enter the commands I would issue in metasploit to recreate the exploit used against a specific vulnerability (in this case, reuse of passwords across various targets).

OSCP Certification

Quick update to let anyone who reads this know how I got on… I sat the exam last week and passed, which I am really pleased about. I did expect it to be harder but it was no walk in the park either, it was well designed and enjoyable. I had the points I needed after 11 hours but carried on for a good while longer, it was good to see the offsec humor present on the target machines.

Recommended Preparation - OSCP

When I was doing research prior to starting the PWB v3 course I spent some time trying to find out what I should know before the course starts. This is just me, I try to prepare for everything I do in advance, read articles and reviews, buy books and learn as much as I can. I was very pleased to find the course is really well taught and I have not had a problem with any of it so far, although it has certainly been a challenge.


Well I am around 60 days in to the course and have just booked the OSCP exam / challenge. I am feeling fairly confident now and can’t believe how much I have managed to learn in the past two months. I am going to spend the next 3 weeks focusing on web application security and buffer overflows in preparation for the exam. I have some recommendations to make about things to learn about and books to buy prior to starting the PWB course so I will get round to posting them soon along with some interesting materials I have come across in my quest to improve my penetration testing ability.

Penetration Testing with Backtrack v3

Well it has been quite some time since my last post. I did not die though, I have just been very busy with my new job but I decided it was about time I started to make some time to blog. Anyway, I am currently working on the PWB v3 course from Offensive Security and it is the best training course I have ever done. I am two weeks in and have learned so much already, even if I don’t pass the final exam and get the OSCP certification it will have been well worth while (I will pass the exam though, even if it takes me more than one try).

SMB V2.1 DoS Vulnerability

Laurent Gaffie recently discovered a remote denial of service vulnerability in SMB v2.1 used in Windows 7 and Microsoft Server 2008 R2. The vulnerability can be exploited to leave a system unresponsive, the only recovery known so far is to power down the machine by removing the power. So far arbitrary code execution has not been achieved with this vulnerability. The exploit can be hosted from a Linux machine returning responses with flawed NetBIOS headers, the targets communication with the machine does not have to be manually initiated, the most likely method of exploiting this vulnerability will be via a webpage containing a link back to the Linux machine.

CISSP – Study Material

I found it tough to decide which study books to use when preparing for the CISSP exam, I ended up buying 4 books in the end so here I will tell you what I thought of them all in the hope that it will help you decide which books to buy too. The first book I bought was the CISSP All-in-One Certification Exam Guide by Shon Harris. This book is heralded as the number one study tool for the CISSP exam and on the front cover it has the bold statement “All-in-One is All You Need”.

CISSP – I passed

I got the “Congratulations” email from (ISC)2 yesterday informing me that I had passed the CISSP exam, needless to say I was over the moon because I had invested a huge amount of my personal time preparing for this one. One of the biggest choices I had to make leading up to the exam was how to study. I didn’t have the time or funds to take a training course and as I was already knowledgeable in some areas like networking, access control and disaster recovery I opted for the self study route.

Policies are not enough

Wigan council has lost personal information of 43,000 children and young people attending Wigan’s schools. The data was stored without encryption on a laptop which was stolen. It is reported that the person who downloaded the data to the laptop was breaching council policy. I am not surprised that this has happened once again, and it just shows that policies alone are simply not enough to keep data secure. Policies need to be communicated with user awareness training and all users should understand why it is important and how to achieve the standards the policy sets.