So I signed up for the Hacking Dojo recently. At $95.00 a month for 1x a week hacking class it seemed like a good deal. I figured I'd do a running review of the class on my blog. Maybe I'll write up a fancier one later.
The Hacking Dojo has several different levels. The lowest level is actually a 2 month class, that teaches the "Basics". Things like scripting, virtual labs, etc. The others are a pay by the month class.
The Class Format:
The class meets once a week at a set time. The classes meet via Skype conference call, and a web based desktop sharing program for "screen casting".
You can join the class at anytime, as long as there is an opening. Other than the Mukyu, which is ran for 2 months and can only be joined at the start of the cycle.
The Shodan Level, the one I'm in, are designed to recycle every 3 months. Basically go through three months of classes and then if the students have kept up with the home work and labs, they can test out of the class to the next level. The Shodan level classes are designed to teach students the basic frame work of Penetration testing. The exam is just as much about the ISSAF as it is about hacking the system.
First Impressions:
So I started with the Shodan class, because I have experience with Virtual Boxes and Virtual Labs, shell scripting, and some of the other topics that were covered at that level. I can't scrape a web page yet (one of the things you're expected to already know how to do in the Shodan class), but I'm sure I'll be able to figure it out when I have to. The one thing I'm more worried about is the lack of scripting / programming I've done over the last couple of years. I can do some basics but been a long time since I've had to do any real scripting.
I kind of lucked out when I signed up. I've been saying I'm going to for a while now. I was going to start with the lower class, but said meh, go big or stay on the porch. The first week's class I was lucky. It was the Review class for the last 3 weeks. It works good as an over view class too, giving the student an idea of what is to come.
The class incorporates both a Wiki and a Forum for peer level conversations. However, probably possible for a little bit of mentoring there too. But I haven't looked into it that much yet.
Moving to the next level:
To move up to the next level, you can ask to take the test at any time. It is a 2 part test. Both parts are timed. The first part is a 48 hour written exam, that must be passed before taking the second part. It's not just a bunch of answers, but includes having to prove your work with screen shots. The second test is the Practical exam. Where you have 72 hours hack the system.
After passing, you can move up to the next level, Nidan.
Stick around, my next class is in 2 days. I'll update sometime between then and next Sunday.
Saturday, April 2, 2011
Monday, March 14, 2011
new to me tools
I like finding "new" tools. That doesn't mean that the tools themselves are new, just new to me.
In Information Security, I play mostly on the defensive side. Firewalls, nmap scans of my boxes (the ones I'm responsible for), centralized logs, and google advanced searching.
That doesn't mean I don't want to learn some attacker skills. I'm always trying to learn more, to add more value. Even if the majority of my job now, doesn't involve much security (other than the occasional firewall rule).
Therefore I'm reading books on hacking. The one I'm reading now is Dissecting the Hack: The F0rb1dd3n Network. In the STAR section's first chapter I came across 2 tools that seem to be useful. They're plugins for Firefox.
Passive Cache Search: Lets you search the Google cache of a webpage. Usually searching the cached page still pulls down pictures and other multi-media from the site. But Passive Cache is supposed to have a way to do it as text only from the Google cache
Advanced Dork: Tool to help create advanced Google searches. This one should be fun. It's the one I've been playing with the most out of the two.
In Information Security, I play mostly on the defensive side. Firewalls, nmap scans of my boxes (the ones I'm responsible for), centralized logs, and google advanced searching.
That doesn't mean I don't want to learn some attacker skills. I'm always trying to learn more, to add more value. Even if the majority of my job now, doesn't involve much security (other than the occasional firewall rule).
Therefore I'm reading books on hacking. The one I'm reading now is Dissecting the Hack: The F0rb1dd3n Network. In the STAR section's first chapter I came across 2 tools that seem to be useful. They're plugins for Firefox.
Passive Cache Search: Lets you search the Google cache of a webpage. Usually searching the cached page still pulls down pictures and other multi-media from the site. But Passive Cache is supposed to have a way to do it as text only from the Google cache
Advanced Dork: Tool to help create advanced Google searches. This one should be fun. It's the one I've been playing with the most out of the two.
Sunday, March 13, 2011
back and forth
So I fired up my old skype account a couple of months back. I was trying to get it to work on my phone, but it won't without an upgrade and well.... AT&T / Samsung can't get their stuff together to push an update.
Fast forward to this week. I was talking to a co-worker about having long conference calls on a regular basis. I made a comment about upping my minutes on my account and carrying a charger to keep it charged. His comment was to just get a decent headset and use skype with the $3.00 a month dial out.
So I went out yesterday and got a head set. Logitec H530 USB headset. Man what a headache. At least on my Linux box. I've gone back and forth with ALSA and PulseAudio trying to get things to work right. I'm back to ALSA. While I can't listen to things through the headphones off calls. I got skype to work with Alsa and the headset where people said it sounded good on the phone.
I was using PulseAudio while listening in on the maintenance call last night, and when I was trying to ask questions, no one could hear me.
Don't know how it works with other OS, but at least with my Debian box, it's not perfect.
However, it's mostly going to be used with a windows box, so that might be another story.
Fast forward to this week. I was talking to a co-worker about having long conference calls on a regular basis. I made a comment about upping my minutes on my account and carrying a charger to keep it charged. His comment was to just get a decent headset and use skype with the $3.00 a month dial out.
So I went out yesterday and got a head set. Logitec H530 USB headset. Man what a headache. At least on my Linux box. I've gone back and forth with ALSA and PulseAudio trying to get things to work right. I'm back to ALSA. While I can't listen to things through the headphones off calls. I got skype to work with Alsa and the headset where people said it sounded good on the phone.
I was using PulseAudio while listening in on the maintenance call last night, and when I was trying to ask questions, no one could hear me.
Don't know how it works with other OS, but at least with my Debian box, it's not perfect.
However, it's mostly going to be used with a windows box, so that might be another story.
Sunday, March 6, 2011
another book review will be coming.
I'm reading another book that I'm going to write a review on. One of the author's said "nice review" on the Rework review. Considering the author is another one of the people I look up to in the Hacking community, I hope to do his book as much justice.
Sunday, February 27, 2011
Read Rework
Listening to the Exotic Liability the other week, a book was mentioned. Book called Rework. One of the casters (I know who, but not going to name drop here) said he requires his staff to read the book. Since I look up to the guy, hey we all have our info-sec heroes and he's one of mine, I got the book.
It's a business book written by the guys at 37Signals. It was actually a very fast read, and I was familiar with the concepts already. I didn't agree with everything in the book, but I agreed with the majority of it.
It contains concepts of why hiring Rockstars just to hire them is a bad idea. Why meetings suck the life out of your team. Don't chase the large customer, do what you think is right. Run it like you want to be the best you can be. The biggest thing I like in it was the Decisions and Quick Wins.
I have project coming up. I've been thinking that it's going to be a pain, and felt overwhelmed a few times. I'm going to set up the new web site for the Martial Arts School I teach at. Updating it to run on Drupal and the like. The book showed me I can do sections of it at a time, and go from there. Thinking up a finished product and pushing to that keeps you from being agile enough to change. Things won't be as good.
But if I start small, and go from there. Get the basic site up first, and then add things as needed, it'll be better. It'll give me time to move on feedback better. Which will make the site better.
So instead of installing drupal, getting blogs and forums set up, and user accounts, locked video section and all the different pages. I'm going to start with the basic drupal website. Add a few pages to it. And then add things as needed going forward.
Seriously the book is worth the read. It shows how you can be a lean mean company, hobby, or employee and ADD value instead of just being a Cog.
It's a business book written by the guys at 37Signals. It was actually a very fast read, and I was familiar with the concepts already. I didn't agree with everything in the book, but I agreed with the majority of it.
It contains concepts of why hiring Rockstars just to hire them is a bad idea. Why meetings suck the life out of your team. Don't chase the large customer, do what you think is right. Run it like you want to be the best you can be. The biggest thing I like in it was the Decisions and Quick Wins.
I have project coming up. I've been thinking that it's going to be a pain, and felt overwhelmed a few times. I'm going to set up the new web site for the Martial Arts School I teach at. Updating it to run on Drupal and the like. The book showed me I can do sections of it at a time, and go from there. Thinking up a finished product and pushing to that keeps you from being agile enough to change. Things won't be as good.
But if I start small, and go from there. Get the basic site up first, and then add things as needed, it'll be better. It'll give me time to move on feedback better. Which will make the site better.
So instead of installing drupal, getting blogs and forums set up, and user accounts, locked video section and all the different pages. I'm going to start with the basic drupal website. Add a few pages to it. And then add things as needed going forward.
Seriously the book is worth the read. It shows how you can be a lean mean company, hobby, or employee and ADD value instead of just being a Cog.
Saturday, February 26, 2011
ok, surprised
I don't think I'm down to the 220s yet. Sucky part of not having a scale. But... I did get my calipers and new measuring tape yesterday from Amazon. Both said I was between 20 and 22% body fat.Really a little surprised by that.
Anyway, I can take the stairs at work. I knew I could do the parking structure. Well it turns out with my badge, I can access the building stairs. So on average, I'm going down and up 6 flights of stairs at lunch time, and Down 6 and up 9 at the end of the day to go home (second floor in both, no ground access from the stairs in the building, at least not the stairs I'm using).
I feel more comfortable taking the employee bridge on the second floor anyway instead of walking across the road, dodging people pulling in and out of the garage.
Last Friday, I actually managed to run up those 9 levels. However yesterday, they kicked my but just walking up them. Although yesterday my pack was heavier than usual. It had a couple of extra books in it.
Anyway, I can take the stairs at work. I knew I could do the parking structure. Well it turns out with my badge, I can access the building stairs. So on average, I'm going down and up 6 flights of stairs at lunch time, and Down 6 and up 9 at the end of the day to go home (second floor in both, no ground access from the stairs in the building, at least not the stairs I'm using).
I feel more comfortable taking the employee bridge on the second floor anyway instead of walking across the road, dodging people pulling in and out of the garage.
Last Friday, I actually managed to run up those 9 levels. However yesterday, they kicked my but just walking up them. Although yesterday my pack was heavier than usual. It had a couple of extra books in it.
Wednesday, February 9, 2011
what?
at the rate I'm going, I'll be into the 220s sometime next week. Not really working out. Longer walks with my 20lbs back pack on (parking structure to office or reverse). Doesn't look like I can take the stairs at work.
I'm at 233 today.My weight has been dropping for 2 weeks now. Was at around 243 when I left my apartment 9 days ago.
I'm at 233 today.My weight has been dropping for 2 weeks now. Was at around 243 when I left my apartment 9 days ago.
Subscribe to:
Posts (Atom)
