Re: Skills needed to become a Security Expert and Penetration Tester?

[jcrout () softhome net]

Head over to LinkedIn.com.  Search the groups. Have plenty of time when you do.  Search on CISSP. The topic (CISSP) 
isn't really what you're after but you will find the some of the people are after, participating.  DEFCON comes to 
mind. There are many. Also google this "25C3".  

I do't know why -- maybe because I don't believe there is a useful use of the term, I'd drop the term "expert".  It's 
like having a sign on your back saying "kick me".  Someday, you will lose no matter how good you are.

Seems like everyone has a live Linux CD -- or can, if they know how to read and to ask a question or two.  Do it 
because its fun or because it makes a cool business card. 

Do a search for this string "coolnameshop.cn/in.cgi" or search spam for embedded iframes and harvest the URLs.  For 
heaven's sake, don't follow these with a browser -- you are looking for sites that are disessembling malware associated 
with them. 

The URL I mentioned is associated (seems to be) with a variant of CSRF exploits.  Instead of bating the victin into 
clicking something though, there is an infectious agent that is injecting iframes containing the malicious link, into 
otherwise clean web pages (after upload).

A request from anyone: If you know of something like this, hope you will send me email.  

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. 
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------