Course Review: InSEC Techs Metasploit training

Enroll for $110.

Nothing really original here. There are a lot of similar courses available, and I didn’t find anything that really separates this from other courses. Generally I would recommend that you work through this or this, rather than spend the money on this course. Also I should mention that Cybrary has some options that are better than this, IMO. There is mention that the course will follow the PTES standard, but I really did not see it.

OK, on to the review………..

Auxiliary Modules: We do one scan. One SYN scan of Meatsploitable. No other types of port scans, no other port scanning tools that we can import into MSF.  No specific auxiliary modules like SNMP, SMTP, SMB, FTP, SSH, etc. just one lowly port scan.

From there we went into Exploits right away, with specific modules on excellent exploits, good ranking exploits, and normal ranking exploits. All in all, there were 4 videos that discussed the exploit ranking system. Yikes! I can understand how someone might take a little time to understand that concept. Not 4 videos, especially when I am paying for the course. (disclosure: I didn’t actually pay for this, it was purchased for me.) (Also note: all of a sudden we have a windows machine we are attacking. No mentioned of that in setting up a lab. Not even the free temp machines you can use found here.

The only form of vulnerability analysis was running a Nessus scan, and then importing it into MSF. In the exploit ranking videos, they show using the exploits, with no indication of how they knew to run that specific exploit. I get it, that it is a staged environment, this is still something you should teach a new learner.

On changing the MAC attributes, I am not certain. I was taught it is the MACE attributes.

There are tons of videos on building a payload, and running it. One for with a firewall and one, without. One for PDF files, one for Word files, etc. etc. However, there is only a single lesson on what to do once you have access to the host, and this was with Armitage. No command line ideas, only how to do it in a GUI. Nothing on how to look for information on the host to further exploit the network and environment. Nothing on how to find important files, places to look for passwords, or even how to perform a privilege escalation attack if needed to further exploit a host. These are all important items to know when using metasploit.

Final Verdict: Stay Away

There are other courses that are better than this.

Course Review: InSEC Techs Cyber Security & Hacking Course

InSEC Techs – The Complete Cyber Security & Hacking Course

Various modules covering Enumeration, Scanning, System Penetration, Web Application Hacking, and so forth. You can find these courses on their website, Udemy, and other similar training portals that are slowly popping up around the web.

So to begin with, the presenter discusses the many types of courses and skills available to the teachers from InSEC Techs. I should have known something was up, when SEO & Digital Marketing were included with Ethical Hacking, CCNA, SAP All Modules. This was a very auspicious beginning, and it gave me some indication fo what I was going to be dealing with. If only it was that good.

Overall the video quality is not that great. Some videos the volume is very low. Then the next one is so loud you blow your eardrums out when you are using headphones. In my opinion this does not seem to be a truly professional training organization, but instead seems more like a fly by night operation. Sometimes the audio just flat out stops, and there is a lot of digital noise. Some videos have a lot of background noise, and it seems the presenter is sitting in an outdoor cafe. There was one video where you can here a single word overdub, which was a different voice, and at a different volume level. I had to listen to it 3 times, because I thought it was crazy.

The courses themselves only seem to go over tools and how to use them. Made me think very much like the CEH course I had previously experienced, only much worse. There is also no understandable order to the course. Other courses I have looked through follow a framework, such as PTES, or a recognized path, like the Lockheed Martin Attacker Kill Chain. (something) This course seems to move about randomly, moving from Viruses, to Social Engineering, Email Hacking, to Sniffing. Again in my opinion it would be very confusing to a new learner. There is no discussion at all about programming, which is really required for this type of work.

Some sections are downright terrible. For example, under the nmap section they run only one scan. No discussion of different types of scans, scripts that can be run, timing, evasion, or anything a real tester would need to effectively use this tool. The three methods of hacking are: Key Loggers, Trojans, and Password Cracking. The section on cracking WinRAR passwords??? REALLY??? 

The SQL Injection was not even that. The presenter opened up PHPMyAdmin, and ran the queries directly in the appropriate dialog box. No presentation of how that would look like to an attacker, or how to find it through a web form. Terrible. There are a few others that I could go into, like how is installing Truecrypt and creating a secure container file is a solid description or explanation of cryptography?

Final verdict would be to stay away from this course. Don’t waste your time, even though it is free.

DFIR 014 – Continuous IR

Nice little post here on continuous IR, and how it can feed into the program as a whole.

Making Incident Response a Security Program Enabler

The approach an organization can take to take incident response from a reactive process to proactive one involves the following steps:

– Improving an organization’s incident response capabilities
– Improving an organization’s root cause analysis capabilities
– Improving an organization’s security monitoring capabilities
– Influencing others to see incident response as a continuous process
– Operationalizing incident response information
– Collecting and documenting data for the organization’s incident response metrics
– Analyzing the organization’s incident response metrics to produce intelligence
– Presenting the intelligence to appropriate stakeholders

DFIR 013 – Adding Malformity to SIFT

This is a quick post on how I added Malformity to my SIFT workstation. This process is super complex, so you have to make sure you are really paying attention…… ;-)

First get Malformity….

git clone

Change into the new Malformity folder, and run the following

sudo python install

OK, once that is done, you need to run the following

canari create-profile Malformity

Finally, open up Maltego, and click on the main icon in the upper left hand corner. Choose import, then import configuration, and just follow the prompts then.