Before It Bytes!

Louisville Metro InfoSec Conference Discount Code

Use the code“geek seat” to get $20 off registration for the Louisville Metro InfoSec Conference.

The conference lineup features some great members of the Security community such as John Strand, Paul Asadoorian, Lee Kushner, Scott Moulton, Adrian “IronGeek” Crenshaw.

Check out Securabit Episode 38 where we talk to Conference Chair, Brian Blankenship and tune in live Wednesday, September 23 with special guest Scott Moulton.

Securabit Live Wednesday with Paul Asadoorian from Pauldotcom

Securabit will be recording live with special guest Paul Asadoorian from Pauldotcom Security Weekly and Tenable Network Security on Wednesday, September 16th.  Paul will be discussing Nessus and some of the new features/updates contained within Nessus 4.0.2 which launched today.  The stream should be live around 7:30 pm EDT and the show will start recording at 8:00pm EDT.  Tune in!

Social Engineering Framework and Metasploit Unleashed

Two great projects are getting ready to launch, keep in eye out for them over the next week:

The Official Social Engineering Framework is set to launch on Wednesday, September 16th. The goal is to gather some of the community to produce the web’s first and only true social engineering framework. This framework is being developed by Jim Elwood Gorman,muts Aharoni, and LoganWHD along with many contributors from the SE and Security community. Check out their site, blog, and also hop onto their IRC channel, #social-engineer, on

Metasploit Unleashed “ Mastering the Framework will be launching next week on Tuesday, September 22nd.  This framework is brought to us by the members of the Offensive Security Team along with several active members of the security community.  This course will cover the Metasploit Framework in full detail with topics such as:

  • Social Engineering attacks
  • Advanced port scanning
  • Writing your own MSF plugins
  • Auxiliary modules kung fu
  • Vulnerability Scanner Integration
  • Writing simple MSF fuzzers
  • Pivoting, Tunneling
  • Exploit Development
  • Egghunter mixins
  • Mastering MSF Payloads
  • Post Exploitation techniques
  • Practical Fast Track Usage
  • MSF Backdoors
  • Advanced AV avoidance
  • Much more!

Best of all, the PDF guides for this course will be FREE with the videos and PDF (in typical Offensive Security style) available for a small fee. All proceeds going towards feeding children in Kenya and Uganda with the Hackers for Charity project.  This looks to be a great course for a great cause!  Go check out the site next week and get ready to get some MSF Kung-fu!

Penetration Testing Training on the Cheap

I have been looking into finding a decent Penetration Testing training.  There are a lot of cheap (under $550), self-paced training out there.  I have accumulated the list below (most of which are on sale this month).  If you have taken any of these, drop a comment and let us know how they turned out.

Penetration Testing with BackTrack

“Pentesting with BackTrack” (previously known as Offensive Security 101) is an online course designed for network administrators and security professionals who need to get acquainted with the world of offensive security. This penetration testing course introduces the latest hacking tools and techniques, and includes remote live labs for exercising the material presented to the students.

This course gives a solid understanding of the penetration testing process, and is equally important for those wanting to either defend or attack their network. The course can be taken from your home, as long as you have a modern computer with high speed internet.

The cost for the course is $550 for training videos and documents and 30 days of lab time.  For $150 more, you can get 60 days of lab time or purchase 30 extra days after the fact for $200.  I have heard great things about Offensive Security Courses and would expect this to be top notch. offers two penetration courses ranging from fundamentals to intermediate:

Penetration Testing Fundamentals Course

For those just starting out in the field of professional penetration testing, the Fundamentals course will provide a thorough understanding of how a professional penetration test is conducted and the methodologies behind performing an attack. It is suggested you already have a familiarity with basic Linux commands and file structure.

Intermediate Penetration Testing Course

For those individuals familiar with hacker tools who have some penetration testing experience, the Intermediate course will provide a comprehensive understanding of how to run a penetration test in a real-world environment. Students should have a solid understanding of Linux and the ability to effectively use commercial and Open Source hacker tools. was founded by Thomas Wilhelm who has contributed to the Security community with a number of great books such as Netcat Power Tools and Professional Penetration Testing along with providing the De-Ice PenTesting Live CD’s.  You get access to the online videos for 30 days, two live CD’s that are downloadable,  and an autographed copy of Thomas’ new book Professional Penetration Testing.  The cost of the Fundamentals course is $395 and is currently discounted to $295 until October 1.  The Intermediate course comes in a little more at $595 and is currently discounted to $445 until October 1.  You also get access to version 2.0 of the courses that come out after Oct 1.  The Fundamentals course looks very intriguing since at $295, you get some decent training and an $80 text book.  Quite a good deal.

So You Wanna Be A Pentester

This was one I never heard of, until MattJay commented on it on Twitter.  This course will cover some of the newer aspects of penetration testing such as Open Source Intelligence Gathering with Maltego and other Open Source tools.   Advanced Scanning, Enumeration, Exploitation (remote and client-side), and Post-Exploitation relying heavily on the features included in the Metasploit Framework will also be covered.

How the course is run is quite different from the ones mentioned above.  You will receive courseware and lab manual PDF’s, but you also get three 30 minute phone calls with Joe McCray to walk you through specific lab exercises and/or answer questions.  This seems like a very interesting way to run it with the chance of interacting with a what appears to be personal phone calls with a trainer.  You also get 30 Day Unlimited Access to LSO Lab Network from the day of course registration. The cost of the course is $300 and is currently discounted to $200 until Oct 1st. They also have a So You Wanna Be A Web App Pentester course for $450 but currently discounted to $300.

This is one of the more unknown trainings to me, so if anyone has comments on it or any training, we would love to hear them.  If there are any other cheap ones out there, drop that in the comments too. 🙂

Upcoming Cons and Webcasts

As we mentioned on Episode 39, there are lots of great cons coming up.  Here is all the links you need to find out more information:

Pittsburgh Information Security Users Group (PittSUG) Capture the Flag Event – September 17, 2009

BrucCON 2009 – September 18-19, 2009 – Speakers: Chris Gates, Chris Nickerson, Jayson Street, and many more!

Louisville Metro Infosec Conference – October 8, 2009 8am – 5pm – Speakers: John Strand, Lee Kushner, Scott Moulton, Adrian “IronGeek” Crenshaw, and many more!

ToorCon -  October 23-25, 2009

Rochester Security Summit – October 28-29, 2009 – Speakers: Rob Fuller (Mubix), Larry Pesce, Bruce Potter, Ed Skoudis and many more!

Phreaknic 13 – October 30 – November 1, 2009

DojoCon – November 6-7, 2009 – Speakers: Marcus J. Carey, Marcus J. Ranum, Richard Bejtlich, Ron Gula, and many more!

SecurityTubeCon – November 6-8, 2010

SANS Cyber Defense Initiative – December 11 – 18, 2009

Shmoocon – Feburary 5-7, 2010

NOTACON – April 15-18, 2010

There are also lots of great free webcasts coming up in the next few months (some posted on the EDUCAUSE Security List):

WhatWorks in Intrusion Detection and Prevention: Securing Servers for PCI Compliance with The White Company
WHEN: Friday, September 11, 2009 at 1:00 PM EDT (1700 UTC/GMT)

Stop Cache Poisoning Attacks With DNSSEC
WHEN: Monday, September 14, 2009 at 1:00 PM EDT (1700 UTC/GMT)

SIEM and DLP – Strength in Integration
WHEN: Tuesday, September 15, 2009 at 1:00 PM EDT (1700 UTC/GMT)

Staying Ahead of the Latest Endpoint Security Threats Featuring highlights from the IBM X-Force 2009 Mid-year Trend and Risk Report
WHEN: Thursday, September 17, 2009 at 1:00 PM EDT (1700 UTC/GMT)

Building the Business Case for Penetration Testing
WHEN: Thursday, September 17, 2009 at 1:00 PM EDT (1700 UTC/GMT)

It All Starts with Log Management: Leveraging the Best in Database Security, Security Event Management and Change Management to Achieve Transparency
WHEN: Thursday, September 24, 2009 at 1:00 PM EDT (1700 UTC/GMT)

WhatWorks in Firewalls, Enterprise Antivirus and Unified Threat Management: Virtualizing Server Security with the U.S. Army Human Resource Command
WHEN: Monday, September 28, 2009 at 1:00 PM EDT (1700 UTC/GMT)

Identity-Aware Networking Done Right
WHEN: Tuesday, September 29, 2009 at 1:00 PM EDT (1700 UTC/GMT)

Is Your Organization Losing the Cyber-War?
WHEN: Wednesday, September 30, 2009 at 1:00 PM EDT (1700 UTC/GMT)

Transparent Data Encryption: New Technologies and Best Practices for Database Encryption
WHEN: Thursday, October 1, 2009 at 1:00 PM EDT (1700 UTC/GMT)

Finding the Root Cause of Any Security Alert – Fast
WHEN: Wednesday, October 7, 2009 at 1:00 PM EDT (1700 UTC/GMT)

IT Audit for the Virtual Environment
WHEN: Thursday, October 08, 2009 at 1:00 PM EDT (1700 UTC/GMT)

Automated Malware Threat Analysis: Getting actionable intelligence on attacks effectively and efficiently
WHEN: Wednesday, October 21, 2009 at 1:00 PM EDT (1700 UTC/GMT)

Post any others that you know in the comments and we will add them to the list!