Penetration Testing

Offline Password Cracking: The Attack and the Best Defense

Offline Password Cracking is an attempt to recover one or more passwords from a password storage file that has been recovered from a target system.  Typically, this would be the Security Account Manager (SAM) file on Windows, or the /etc/shadow file on Linux.  In most cases, Offline Password Cracking will require that an attacker has already attained administrator / root level privileges on the system to get to the storage mechanism. 

Review: EC-Council’s Licensed Penetration Tester (Master) Exam 2.0: The World’s First Proctored, Hands-On Pentesting Examination

The most significant difference with the new exam format is that it is proctored.  This means that you are being watched over your webcam for the entire period of the session.  Proctoring a five-day exam is impractical, so the exam was split into three six-hour sessions.  Each six-hour session consists of three individual “challenges”.  Each challenge involves recovering the contents of a secret file, but some challenges will require hacking more than one machine.  You enter the contents of the file into a web page and submit it when you are done with the session.  You must complete at least one challenge per session, and you must complete at least five out of the nine sessions to pass the exam.

Top 10 Considerations for Choosing a Penetration Testing Vendor

You cannot fix what you do not know. A penetration test strengthens your defenses by revealing your weaknesses and recommending prioritized fix actions.This article contains ten items you should consider when selecting an organization to perform a penetration test against your environment.

OSCP vs LPT (Master): A Comparison by Someone with Both

The OSCP certification is great for individuals with several years of experience in system administration, networking, or software development, who wish to learn “elite hacking skills.” The LPT (Master) is great for those who want to pursue penetration testing as a career and who are looking for a certification that demonstrates that they can complete a realistic penetration test simulation on their own.