I have been meaning to get round to is this post for a while… It seems to me that a lot people come across this site looking for information on how to prep for the CREST Registered Tester (CRT) exam, and this is also what I get asked the most about though the contacts page. Everyone is different but here is my experience without breaking the NDA (note: should anyone from CREST have objections to this post please get in touch via the contacts page and I will remove it).
Today I passed the SANS GIAC Certified Penetration Tester exam and thought I would write down a few notes to help people prepare for this exam. The exam is 4 hours long and consists entirely of multiple choice questions, but unlike other multiple choice exams I have taken, this one does not let you come back to a question later, you can either answer the question or skip it entirely. The other thing with the exam that I have not encountered before is that it is an open book exam, meaning you can take whatever books and notes you want to take with you in to help you in answering the questions.
Metasploit has a handy feature that allows you to load settings from a file, this allows us to create easily repeatable configurations. I like to create a directory structure when pen testing keeping notes and tool output in plain text files and find it useful to create and store the metasploit config files along with these. The directory structure would look something like this: Within the ‘230_psexec.rc’ file I would enter the commands I would issue in metasploit to recreate the exploit used against a specific vulnerability (in this case, reuse of passwords across various targets).
Quick update to let anyone who reads this know how I got on… I sat the exam last week and passed, which I am really pleased about. I did expect it to be harder but it was no walk in the park either, it was well designed and enjoyable. I had the points I needed after 11 hours but carried on for a good while longer, it was good to see the offsec humor present on the target machines.
When I was doing research prior to starting the PWB v3 course I spent some time trying to find out what I should know before the course starts. This is just me, I try to prepare for everything I do in advance, read articles and reviews, buy books and learn as much as I can. I was very pleased to find the course is really well taught and I have not had a problem with any of it so far, although it has certainly been a challenge.
Well I am around 60 days in to the course and have just booked the OSCP exam / challenge. I am feeling fairly confident now and can’t believe how much I have managed to learn in the past two months. I am going to spend the next 3 weeks focusing on web application security and buffer overflows in preparation for the exam. I have some recommendations to make about things to learn about and books to buy prior to starting the PWB course so I will get round to posting them soon along with some interesting materials I have come across in my quest to improve my penetration testing ability.
Well it has been quite some time since my last post. I did not die though, I have just been very busy with my new job but I decided it was about time I started to make some time to blog. Anyway, I am currently working on the PWB v3 course from Offensive Security and it is the best training course I have ever done. I am two weeks in and have learned so much already, even if I don’t pass the final exam and get the OSCP certification it will have been well worth while (I will pass the exam though, even if it takes me more than one try).
I found it tough to decide which study books to use when preparing for the CISSP exam, I ended up buying 4 books in the end so here I will tell you what I thought of them all in the hope that it will help you decide which books to buy too. The first book I bought was the CISSP All-in-One Certification Exam Guide by Shon Harris. This book is heralded as the number one study tool for the CISSP exam and on the front cover it has the bold statement “All-in-One is All You Need”.
I got the “Congratulations” email from (ISC)2 yesterday informing me that I had passed the CISSP exam, needless to say I was over the moon because I had invested a huge amount of my personal time preparing for this one. One of the biggest choices I had to make leading up to the exam was how to study. I didn’t have the time or funds to take a training course and as I was already knowledgeable in some areas like networking, access control and disaster recovery I opted for the self study route.
Wigan council has lost personal information of 43,000 children and young people attending Wigan’s schools. The data was stored without encryption on a laptop which was stolen. It is reported that the person who downloaded the data to the laptop was breaching council policy. I am not surprised that this has happened once again, and it just shows that policies alone are simply not enough to keep data secure. Policies need to be communicated with user awareness training and all users should understand why it is important and how to achieve the standards the policy sets.
Well I have not written here for quite some time because I have been preparing for the CISSP exam which I took on Saturday, I am now waiting for my results and really could not say if I have passed or not, I answered all the questions and got done in 5 hours but so many of them had more than one answer that seemed correct and it was difficult to work out which was actually the best answer.
At lunch time I read a fantastic article on techcrunch written by Nik Cubrilovic titled The Anatomy of the Twitter Attack. It outlines the steps taken by “Hacker Croll” to gain access to a whole lot of private information from Twitter including access to employees email and control over the Twitter.com domain name at godaddy. The basis of the attack was gaining control over an employees gmail account using the password reset feature, the alternative email was a hotmail account that had expired so the hacker was able to recreate the hotmail account and reset the gmail password with it.
It is the start of the month of twitter bugs, each day for the rest of a month the guys over at twitpwn.com will be releasing a new vulnerability in a 3rd party twitter app. This is done to raise awareness and hopefully improve security in 3rd party twitter service. The 3rd party service provider will be given at least a 24 hour advance warning of the vulnerability before it is published to the site.
This morning I have read an article on risky web searches on a study carried out by McAfee on The most dangerous and safest Web searches with some interesting findings. McAfee claims that a search for the term “screensavers” is the riskiest with 59.1% of the sites shown in search results contain some form of malware. The term “lyrics” followed closely with around half of the results leading to sites containing malware.
Lately I have been receiving more and more phishing attempts via email. I usually just report them then delete them without giving them a second though but today I decided to take a good look at one for tell tale signs you could use to warn users. I had one which claimed to be from my bank although it was not a bank I use and one explaining to me that I had won over £900,000 on the lottery.
So you have your super strong password and nobody would guess it in a million years, but maybe a someone wanting to gain access won’t need to…. Often sites ask you to provide answers to security questions when you sign up, these are used to recover or reset you password if you forget it and are often things like, “Where were you born?” or “What was the name of your first school?