Heorot.net

I’m heading to DefCon again this year, and wanted a few extra bucks in my wallet for t-shirts, swag… who am I kidding – I need beer money.

I have dropped the cost of the 1DCPT and 2DCPT Heorot.net Certified Penetration Tester courses by 25%. For those who have been around awhile, you know that I only do discounts once (maybe twice) a year, so if you are interested in participating in one of the online courses, now is the time. The discount will only last a couple weeks, so don’t wait too long to sign up. As a reminder, you will receive a copy of the “Professional Penetration Testing” book, published by syngress, as an added bonus for signing up with either course.

Thanks for listening, and see you at DefCon!

- Tom Wilhelm MSCS, MSM
ISSMP CISSP SCSECA SCNA SCSA IEM IAM

On March 1, we are “officially” launching the updated professional penetration tester training courses at http://heorot.net. There have been some major changes to the training structure as well as course content. First off, all courses are being migrated to online training – previous advanced courses were available in Colorado only. In addition, a new course is being added that teaches reverse engineering, malware analysis and exploit code creation.

Secondly, we have streamlined our certification process to make it more comprehensive and complete. We understand the penetration testing is an advanced concept within Information Technology, and want to recognize the higher level of knowledge and skills needed to compete in this profession. We have done so by renaming our certifications into the following degrees:

• (1DCPT) Shodan Certified Penetration Tester
• (2DCPT) Nidan Certified Penetration Tester
• (3DCPT) Sandan Certified Penetration Tester
• (4DCPT) Yondan Certified Penetration Tester
• (5DCPT) Godan Certified Penetration Tester

For additional information about the courses and content, please visit http://heorot.net

Friday, September 25, Tom Wilhelm will be a guest on PaulDotCom’s weekly security webcast, where he will discuss multiple Information Security topics, as well as his new book titled “Professional Penetration Testing: Creating and Operating a Formal Hacking Lab.”

The staff of Heorot.net is pleased to announce the inclusion of an article regarding the De-ICE LiveCDs in Hakin9 Magazine’s “Best Of” special print, available on sale now at local bookstores. The article had originally been printed in issue 3/2008, and described to readers how to learn penetration testing using LiveCDs as attack targets, specifically in the De-ICE PenTest LiveCDs Project founded by Thomas Wilhelm and maintained at Heorot.net.

The staff of Heorot.net is pleased to announce the release of “Professional Penetration Testing: Creating and Operating a Formal Hacking Lab,” published through Syngress. The book is intended to teach readers of all skill levels how to conduct a professional penetration test from conception to conclusion, and includes material for both management and pentest engineers. The book is available for immediate delivery from Amazon. Discussions about the book are on the Heorot.net Forums.

Product Details
* Paperback: 528 pages
* Publisher: Syngress; Pap/Cdr edition (August 14, 2009)
* Language: English
* ISBN-10: 1597494259
* ISBN-13: 978-1597494250

The founder of Heorot.net will be speaking at DefCon again; this year, the topic is “Hacking WITH the iPod Touch,” which will examine the use of Apple’s most advanced iPod to exploit networks and systems. Details about the speech can be found at: DefCon 17 Archive. After the talk, all material will be posed in the Heorot.net Forums.

Book Deal Announced
Thomas Wilhelm, the founder of Heorot.net and developer of the De-ICE PenTest LiveCD project, signed a book publishing agreement with Syngress this month. The book, titled “Professional Penetration Testing,” will provide a comprehensive look at conducting penetration tests, from conception to completion. Based on the successful PenTest training courses at Heorot.net, the publication will target managers, engineers, and even students interested in learning or improving their skills in the field of information security.

“I’m excited to be working with Syngress again, and thrilled to have this opportunity to expand the body of knowledge within the profession of information security. The success of the Heorot.net courses have improved the skills of many security professionals, and the book deal will help spread that knowledge even further,” stated Thomas. “The content of the book will benefit anyone who has any connection with a pentest project, especially project managers and engineers. In addition, based on my experience as a college professor, the book will fill a gap in the educational realm. The book will also be intended for use in a classroom, so that students interested in learning the art of penetration testing can do so in a systematic and controlled environment, with hands-on exercises that reflect and target real world security challenges present in today’s corporate and government IT climate.”

The book will include a DVD that contains instructional videos, exercises, and real-world server software that can be used in a pentest lab to develop hands-on skills within information security penetration testing.

About Thomas Wilhelm
Thomas Wilhelm has been in involved in Information Security since 1990, where he served in the Army for eight years as a Signals Intelligence Analyst / Russian Linguist / Cryptanalyst. A speaker at security conferences across the U.S., including DefCon and HOPE, he is employed by a Fortune 50 company to conduct Risk Assessments, participate and lead in external and internal Penetration Testing efforts, and manage Information Systems Security projects. Thomas is also a Doctoral student who holds Masters degrees in both Computer Science and Management. Additionally, he also dedicates some of his time as an Adjunct Professor at Colorado Technical University, and has contributed to multiple publications, including both magazine and books. His latest contribution was multiple chapters in the Syngress publication titled “Netcat Power Tools,” released in April, 2008, which was his third book contribution to Syngress.

About Heorot.net
Heorot.net focuses strictly on providing training in “Information Security Penetration Testing” for both engineers and managers alike. Based on years of experience, the staff at Heorot.net uses real-world knowledge to provide training that can be applied towards day-to-day operations upon completion of the courses. Besides teaching the methodologies, courses at Heorot.net include valuable, hands-on techniques that are current to today’s Enterprise-level threats.

I want to announce that that Hackerdemia Project has been moved to Heorot.net. Presented at “The Last HOPE” security conference in New York in 2008, this project fills the gap between theory and practical experience in the use of “hacker” tools. The Hackerdemia Project is a LiveCD that provides both an instructional platform (in the form of a wiki) and an attack target to practice newly acquired skills.

In addition to this announcement, I would like to extend my thanks to Citizen Scott112 for stepping up and volunteering to be the Project Lead. I would strongly encourage everyone to extend a warm welcome to the new position, and help him out in making this project a great success.

The download link will be available October 1. As always, don’t hesitate to let us know what you think of the project and how we can make it even better.

There has been a renewed interest in IRC Chat and webinars on the Heorot.net forum board recently. Originally started by Citizen Benedictus, the IRC chat room for the forum has been around for many months. Citizens, Epyonx has decided to commit some of his time to give the IRC chat more life. In the near future, there will be weekly discussions on the IRC forum as well as live web presentations. Make sure you swing by the Heorot.net forums and voice your opinion on what topics you’d like to see!

Kudos to Citizen Benedictus and Citizen Epyonx!!

The staff at Heorot.net is excited to announce that Hakin9 magazine is printing an article about De-ICE.net and its Penetration Test LiveCDs, which is the Open Source project founded and supported by Heorot.net. This project is designed to provide legal penetration testing scenarios for anyone interested in learning how to conduct professional penetration tests. Along with the training programs at Heorot.net, this project provides engineers and managers of all skill levels a way to increase their professional knowledge in security and auditing by learning real-world techniques useful in corporate penetration tests.

For more information about the Hakin9 magazine 3/2008 issue, you can visit:
http://hakin9.org/prt/view/about-the-mag/issue/807.html

For more information about Heorot.net training opportunities, you can visit:
http://heorot.net/training/