Thursday, September 2, 2010

Book: Professional Penetration Testing (Purchased)

I'm reading a book I recently purchased, called Professional Penetration Testing.  I'm using this as a first try at using the tools available for Amazon Associates on Blogspot.  Feel free to hover over the image/link, and click for more information on the book.  I believe I only generate some sort of commission, when there is a sale.

I pledge to my readers never to offer products that I don't own myself.  I hope to give meaningful reviews of these products as well.

So far, my experience with Professional Penetration Testing is a positive one.  While I admit that the price tag is a little steep, you should understand that it comes with a DVD that contains not only instructional video, but also some system images to be used in training.  These images are suitable for loading into VMWare for example.

Another thing about the book that put it onto my "buy it now" list, is that in addition to covering the technical aspects of Penetration Testing, it also covers ethics as well as "the business" of Penetration Testing.

I hope you all don't get sick of this advertisement, but I'll keep posting it while I'm going through this book.  I know there is an awful lot of information that is redundant for me, personally.  That happens when you are at the stage of your career that I am in (I think they call it getting old).  There aren't many books I can pick up and not have to go through some amount of information that I'm already familiar with.  But this is as much a part of Cyber-Jutsu as anything else.  One needs to learn to dig through the proverbial weeds, in order to find the gems that will be useful.

Another really good reason for me to pick up this book, is that I expect that CyberCede, my company, will be hiring within the year.  I think this might be a great tool for my new recruits.  If you are in college and looking for a co-op position or if you recently graduated and desire a position as a entry/junior level information security analyst, drop me an email and/or shoot me your resume.  If you are eager to get started on this path - you might want to purchase this book (and keep your receipt).

The State Of The Current SNAFU vs. The Good Old Days

I sit and write this post, which is long overdue, and slightly off topic, while I watch my HP Pavilion dv9000 "running" Windows Vista Ultimate "welcome" me forever.  It is just sitting there with its very stylish shining circle spinning like its grandfather, the hourglass used to do.  I'll be honest.  It is still spinning - and spinning, and I'm getting the sinking feeling that this system isn't going to come back up without a hard boot.  Luckily, I'm barefoot right now.

While I enjoy the many terabytes of storage that store movies, pictures, and other data of all kinds in my home and home office, there is a part of me that longs for "the good old days".  Which good old days might those be?  How about a time when, if I had a problem with my operating system disk, I reached over and grabbed one the the other copies that I had in a pile of 5.25" floppy disks.

That was the way my first IBM clone worked.  It didn't come with a hard drive, it didn't even have a pre-established space to mount one.  I had the deluxe model, it had not one, but two five and a quarter inch floppy drives.  This allowed me to boot the computer off of the MS DOS disk, and leave it in the drive while I put my application floppy disk in the second drive.

Others, who didn't have this deluxe model would have to, from time to time, pull out their application disk, and re-insert their Operating System disk for a required file.  One of my most-used applications in those days was a word processor called "Word Star", another was dBase, a database I taught myself to use (it may have been dBase II). Ah, the time I saved by having that second floppy drive was well worth the price. :)

I purchased that first IBM clone while I was in the US Air Force, and stationed in Japan (1987-1989).  It was a Commodore PC10.  The "10" stood for the speed.  It ran at an amazing 10Mhz.  This was a vast improvement over the actual IBM PC computers I had the opportunity to use in the Artificial Intelligence lab at the on-base satellite-campus for the University of Maryland.  Those beasts were running around 4.77 Mhz as I recall, and the speed difference while running the expert system I had written in Prolog was significant. I recall my first reaction to seeing the IBM logo on those systems.  I was ecstatic.  "Oh man," I had said, "real IBMs!"  My instructor asked me if I had a computer back in my dorm, and I told him what I had.  "You will want to use that when you can," he advised; and, he was right.

While I was very skeptical at first, tinkering (or hacking) with the computer hardware started almost immediately. I had a friend who was disgusted by the notion that I was only using two floppy drives to run my system; and he helped me upgrade my IBM clone to include a hard drive.  It was the first time I had ever taken the cover off of a computer.  I was shocked and appalled when my friend pulled a drill out of his bag.  "This is a computer," I said, as if he was not aware of that obvious fact.  "It is a delicate piece of electronics," I continued as he moved closer to the system and plugged the drill in.  He spun the drill's motor up and grinned at me.  "I don't think this is the way it should be done," I pleaded.  He was mildly amused at first, but quickly annoyed.  I was perhaps 18 or 19 years old, and my friend was probably in his mid to late 30s.  He was perfectly content not to use the drill.  But he advised me, if we didn't, he couldn't help me install the hard drive I had just purchased with his help.

I bought the hard drive at the same location I bought the PC.  There was an electronics shop on base that had all of the wonders of the world, most of which would not be seen in the Continental United States for about four years.  Most Americans aren't aware of the consumer technology lag between Japan and the United States which is still around four years.  I think that is an effect produced by the unquestionable pseudo-truth that all Americans grow up with; namely, that the United States is the best country in every way.  But I digress.

My friend had suggested that I purchase the 10, or 20 Megabyte hard drive.  "You will probably only ever use ten megabytes," he advised.  "You might use ten, you probably won't ever even need more than ten," he continued as I held the forty megabyte box in my hands.  "You will never in your life use forty megabytes.  You are wasting your money," he urged.  I bought the 40MB hard drive, and never looked back.

Having been pushed up against the cliff of not getting that monster hard drive installed if I refused to allow my evil computer-doctor friend to use his barbaric drilling instrument, I gave the go-ahead.  He did an outstanding job.  That hard drive, a Seagate, is still mounted securely in that 8088 system to this day - and the last time I spun it up, it was still working.

While I've been typing away - my HP laptop did finally boot, and I was able to log into my desktop. However, Internet Explorer refuses to run.  Only God knows what the system was doing for all the time it took it to boot.  I'm attempting to remove Windows Live Once Care (which was a really good Microsoft offering that is no longer supported).  It refuses to be removed in Safe-Mode, and everything is just hanging (or taking unbelievable lengths of time to complete).

There were updates that seem to have failed to load - but kept trying each time I shut down. I've been round and round with this system now for longer than I care to admit.  Is it a virus?  Perhaps.  An intermittent drive failure?  Perhaps.  A heat issue?  Perhaps.  Is it a pain in the arse?  Definitely.  Can I easily swap out some parts to troubleshoot?  Definitely not. :(

Until next time,

Metajunkie