> Sure, you can make donation to [email protected] using Paypal. If you don't like Paypal just send a donation to any charity and email me so I will feel good about it ;)
Don't say you accept donations over Paypal unless you are a registered non-profit organization. This is one of the most common reasons why accounts get frozen.
(EDIT: I re-checked, and it seems plenty of people receive donations with Paypal without a hitch... until they reach a certain threshold and get locked out.)
I like it, looks great. But I would like to see your education/certification/experience presented on the website. I would say that is kind of mandatory when saying you teach "The Right Way" of something.
Yes, sorry for that, it may be a bit presumptuous. I tried "The Worst Way" it didn't work as much ;)
Joke aside, most training/material I saw give too much information or not enough, I tried to find the right balance to help people understand (giving a lot of information) and remember things (working hard to learn stuff).
Most other training are also pretty expensive: I tried to a cheap version and ended up providing the exercises for free. An lot of universities don't have the resources to provide good quality/up-to-date training, I hope students will be able to learn from my exercises...
Most other training are backed up by a certifications: I tried to do something where people just learn stuff because they are interested by them and want to get better and not teaching them "just what they need to pass the cert..."
Regarding my background: one engineering degree in IT architecture, one master in Security (both done in France). Few years of sysadmin at school and teaching web tuff (mostly PHP to pay for stuff). 3 years working in France as a security consultant, where I also gave few trainings and talks. And the same thing for 4 years in Australia. I don't put that online because I didn't think it was relevant :/
Finally, marketing is hard and I needed something catchy ;)
Great initiative, it would be nice to have some more info on your site who you (they) are. I think many people aren`t going to download and execute data from unknown person/organisation.
<Kaa singing "Trust in Me">
My real name is on the PDF and you can find a lot of information on me on Internet... Previous talks, where I worked... As far as I know, the PDF aren't backdoored (I'm also working on a HTML version), you can open in Google docs if you're not sure. For the ISO, I wouldn't waste a bug allowing to break out of VMWARE/Virtual Machine/...
</Kaa singing "Trust in Me">
Slightly off-topic but I figure what the hell I may ask. I am two years out of university (comp sci), working as support/development in investment banks (indeed the work is destroying my soul.) I've spent quite a bit of time looking into fields I may be interested in such as security i.e. why I'm going to try your exercises.
My question is, this area seems quite niche, how does the average person work out if they're suited to this? Furthermore, is there obvious prerequisites to working out whether you will enjoy certain areas. i.e. I do not feel very good at programming, therefore is it strongly unlikely I would enjoy testing / security.
I realise this isn't the right place so feel free to ignore me :)
I think you can be suited for everything. IT Security is a real big domain, depending on your skills and what you like, you can land different jobs. If you are a person who go to calmly deep dive into problems, you may be interested by security code review, if you're more into quickly understand how things work and try to abuse the default behaviour, you can work in pentest. IT sec is a huge field. Just start learning and you will see what you like... There is no suited for this, even if being curious and working hard help a lot ;)
Feel free to email me (my email is on the exercises' front page), if you need to talk about this ;)
Some corporate clients are asking for pentest results from "a reputable pentest organization". Anyone on this thread have advice as to how I can satisfy them without breaking my startup bank?
You can try bugcrowd, they won't qualify for "a reputable pentest organization" yet, but they will get stuff done and you can then argue that you had few hundreds hacker attacking your app.
Maybe you can talk to one of this "reputable pentest organization" and get them to drop the price if they can blog or use your startup as a show case for other potential clients. Pentest companies have a hard time advertising their services (it's "lemon market"), so everyone could win in that deal.
Do you want a serious pentest (i.e. really looking for vulnerabilities) or do you want a pentest that will get you certification so you can sell clients ?
[+] [-] qpleple|13 years ago|reply
> Sure, you can make donation to [email protected] using Paypal. If you don't like Paypal just send a donation to any charity and email me so I will feel good about it ;)
I like this state of mind.
[+] [-] rubinelli|13 years ago|reply
(EDIT: I re-checked, and it seems plenty of people receive donations with Paypal without a hitch... until they reach a certain threshold and get locked out.)
[+] [-] snyff|13 years ago|reply
[+] [-] a1a|13 years ago|reply
[+] [-] snyff|13 years ago|reply
Joke aside, most training/material I saw give too much information or not enough, I tried to find the right balance to help people understand (giving a lot of information) and remember things (working hard to learn stuff).
Most other training are also pretty expensive: I tried to a cheap version and ended up providing the exercises for free. An lot of universities don't have the resources to provide good quality/up-to-date training, I hope students will be able to learn from my exercises...
Most other training are backed up by a certifications: I tried to do something where people just learn stuff because they are interested by them and want to get better and not teaching them "just what they need to pass the cert..."
Regarding my background: one engineering degree in IT architecture, one master in Security (both done in France). Few years of sysadmin at school and teaching web tuff (mostly PHP to pay for stuff). 3 years working in France as a security consultant, where I also gave few trainings and talks. And the same thing for 4 years in Australia. I don't put that online because I didn't think it was relevant :/
Finally, marketing is hard and I needed something catchy ;)
[+] [-] unknown|13 years ago|reply
[deleted]
[+] [-] _mpf|13 years ago|reply
[+] [-] wyck|13 years ago|reply
[+] [-] snyff|13 years ago|reply
<Kaa singing "Trust in Me"> My real name is on the PDF and you can find a lot of information on me on Internet... Previous talks, where I worked... As far as I know, the PDF aren't backdoored (I'm also working on a HTML version), you can open in Google docs if you're not sure. For the ISO, I wouldn't waste a bug allowing to break out of VMWARE/Virtual Machine/... </Kaa singing "Trust in Me">
[+] [-] darxius|13 years ago|reply
[+] [-] snyff|13 years ago|reply
[+] [-] robmil|13 years ago|reply
[+] [-] shicky|13 years ago|reply
My question is, this area seems quite niche, how does the average person work out if they're suited to this? Furthermore, is there obvious prerequisites to working out whether you will enjoy certain areas. i.e. I do not feel very good at programming, therefore is it strongly unlikely I would enjoy testing / security.
I realise this isn't the right place so feel free to ignore me :)
I can't seem to find the right place :( !
[+] [-] snyff|13 years ago|reply
Feel free to email me (my email is on the exercises' front page), if you need to talk about this ;)
[+] [-] david_shaw|13 years ago|reply
It certainly looks a step above the "standard" tools of reading documentation and trying lessons learned on things like WebGoat and Gruyere.
There's no substitute for experience and guidance, but this seems like it might be the next best thing. Thanks!
[+] [-] mooneater|13 years ago|reply
[+] [-] snyff|13 years ago|reply
Maybe you can talk to one of this "reputable pentest organization" and get them to drop the price if they can blog or use your startup as a show case for other potential clients. Pentest companies have a hard time advertising their services (it's "lemon market"), so everyone could win in that deal.
[+] [-] ig1|13 years ago|reply