10Nov2008 (UTC +8) On 11/6/08, Sujiru <[EMAIL PROTECTED]> wrote: > Yeah, really helpful and educational. As a linux hobbyist with an interest in > security I was > wondering if it's possible to tag along on your engagements? Do you have > informal > gatherings we noobs can attend? > > http://wehavedayjobs.blogspot.com
Unfortunately, a pentest engagement is not a spectator sport :) But I've been thinking about hanging out with a bunch of like-minded individuals to teach other stuff. What if, somebody comes up with a machine (a powerful laptop with WLAN is best) that has VMware in it, then somebody else provides a victim MS Windows VMware image, then somebody else provides a Linux or Solaris VMware image also as a victim, then you have Joomla or Drupal plus web content, and MySQL and MS SQL victims contributed by others, then everybody else with their laptops (and WLAN) with Metasploit and Nessus come out to party? It'll be good to have a Snort IDS in the mix too. There are only a few rules that I can suggest: 1. Everybody may be anonymous. If you know the name, or you give your name, then that is optional. 2. If you can't contribute, that means you're a marketing drone or you're there just to leech off. Somebody must contribute something technically --but its interpretation is subjective. 3. This organization will be informal. No regular meetings, no contributions, no SEC registration, no officers, no NDA. Everybody will be equal. 4. This will be an equal-opportunity educational thing. Whatever your gender or sexual preference is, what your religion or language is, noob or L33t haXor, as long as you can contribute something, you'll be welcome as a peer. 5. Every gathering will be a one-day thing. Preferably 11am or later (I can't do mornings) To start of, I have a dual-battery SUV that has a power outlet for 110v boxes. That means I can contribute the victim server (quad-core CPU & 4GB RAM) with a VMware in it, plus a WLAN access point, so that we can hang out either in a parking lot while sitting down in a coffee shop nearby, or we can move the test equipment in a room somewhere. And if we're in a room, I can also bring a projector so I can teach you all what is happening on a server and also how to fine tune your Nessus, Nmap, Net Stumbler, Metasploit or SQLninja attacks. Somebody else has to contribute the VMware images for the victim servers. Let's start with a group of 10 or 15 so it won't be too hard to mentor others. What say you? Drexx Laggui -- CISA, CISSP, CFE Associate, ISO27001 LA, CCSI, CSA http://www.laggui.com ( Singapore / Manila / California ) Computer forensics; Penetration testing; QMS & ISMS developers; K-Transfer PGP fingerprint = 6E62 A089 E3EA 1B93 BFB4 8363 FFEC 3976 FF31 8A4E _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
