Re: Educational Security Assessment project for Northern Virginia Community College students.

From: pete (lists_at_isecom.org)
Date: 01/24/05

  • Next message: Frederic Charpentier: "Is there any known "escape shell" techniques on a IIS/ASP server ?" 
    Date: Mon, 24 Jan 2005 15:56:29 +0100
To: Djiali <djiali@speakeasy.net>

    Hi,

    For $140US you can have a year of access to the internet-based ISECOM
    Hacker Highschool test network. Check out
    http://www.hackerhighschool.org/license.shtml. It's the same network
    concept we use for the OPST (OSSTMM Professional Security Tester) exam.
      You can hack away without problem then. Version 2 of the network will
    be released this quarter and that has a few new features that are great
    for classrooms (pedagogic mode shows you what attack you did). And you
    can be sure of further development of ISECOM projects like the OSSTMM as
    that fee goes to support all ISECOM projects.

    Sincerely,
    -pete.

    Djiali wrote:
    > Good morning list,
    > I'm a student enrolled in the Information Systems Security Certification
    > program offered at Northern Virginia Community College. This
    > certification is considered a specialization for students who already
    > have a degree in a network related field and have completed the course
    > load required for the InfoSec certification. The final course is an
    > independent study supervised by the most senior InfoSec faculty member.
    > The goal of this course is to offer students real world experience in
    > conducting a security assessment on a real company. The whole course is
    > structured to protect both the company and students from any
    > harm...we've had to sign an ethics contract with the college, and we
    > will have to enter into a contractual agreement with the company we
    > would be working with.
    > As the team leader, I've decided to proceed using the OSSTMM methodology
    > for Information Systems (we're not going to try any war dialing, site
    > surveys, or try to enter the company's physical location). From our
    > side, we're going to conduct the port scanning, enumeration, and web
    > application testing on the live systems, but then take the "proof of
    > findings" stage into our test lab where we'll replicate the company's
    > production environment and attempt to exploit any holes we find. No harm
    > will be done to your production systems.
    > Now for the dilemma part. As you can imagine, it's been a little hard
    > for us to find someone to work with...companys would rather leave their
    > holes undiscovered then have some students do identify them for free!! I
    > can't say that I blame them entirely...I don't know what I would do if
    > the tables were turned. This is why I'm turning to the list...I'm hoping
    > that if we can discuss the project with security folks who understand
    > what we're trying to do, we'd have better luck.
    > In any event, if you think that you might help out a group of students
    > trying to break into the InfoSec world, please email me directly, I have
    > some preliminary project plans, the course syllabus which outlines
    > everything, and of course, the contact information for our professor if
    > you wish to contact him for validation.
    > Thanks!!
    > Wade
    >
    >
    >

  • Next message: Frederic Charpentier: "Is there any known "escape shell" techniques on a IIS/ASP server ?"

    Relevant Pages

    • Re: how to stop a users internet access???
      ... the network administrator or maybe some policy was in the way. ... use of innocent students to do their dirty work.... ... I think we all agree that the internet can be addictive to people, ...
      (microsoft.public.windowsxp.general)
    • Re: Network Hacking
      ... Network security. ... If the teacher's assignment includes activities that the sys ... >This is the same convoluted logic that had others claiming that students ... >> conduct security assessments. ...
      (microsoft.public.win2000.security)
    • RE: [Full-Disclosure] "MS Blast" Win2000 Patch Download
      ... >> I guess we just have a diferent approach to laptops and the corporate ... >> network is if it has been cleard by the IS department. ... You have 50,000 students living in dormitories, ... > network when they walk up from the dorms. ...
      (Full-Disclosure)
    • Re: Network Hacking
      ... >>> admin should be apprised of, they should be apprised of it. ... > students to hack the University network without first getting approval ... > inexperienced students to bring it down while playing with it. ...
      (microsoft.public.win2000.security)