Nmap are conducting a survey to find out how user interact with their products and other bits and pieces.
Help them help you by filling out the questionnaire. The need 5000 responses and at the time of writing have only received 231 so get cracking!
We Are Hiring!!!
March 17th, 2010 4 comments »Role
This is a consulting role where the successful applicant would be providing Network and/or Web Application penetration testing services to our clients requiring Inter-Sydney and surrounding travel. In-house coding and providing technical expertise to our other departments will be required periodically.
The successful applicant must have a strong coding background in at least two of the following languages; Perl, Python, C, C++, PHP, ASP, LISP or SQL.
Strong Web Application Hacking abilities are a HUGE advantage (experience not necessary, but proof of ability will be tested). Experience with Firewalls, Servers, and Networking will be looked upon favourably.
Personal qualities
• Presentable
• Excellent written and verbal communication skills
• Enjoy working individually and as part of a team
• A well rehearsed root dance.
Education
A CISSP, OSCP, OSWP, OSCE, GPEN, GWAPT etc is preferred but not necessary if you can pass our testing.
What we offer
• Training opportunities
• Highly competitive remuneration
• Flexibility
• Personal networking with some of the best names in the business.
• A friendly, fun and supportive working environment
If this sounds like a role suitable for you then contact me via jobs{–at–}damiangrace.com with your details. Overseas candidates are welcome.
GWAPT Certified
March 13th, 2010 6 comments »Well that’s another certification attempt passed on my route to world domination.
This time it was the SANS GIAC Web Application Penetration Tester (GWAPT) certification. I managed to scrape through with a 97.33% which I am pretty happy about 
hmm, I just realised this is the first time in about 8 months I haven’t had a certification hanging over my head… hmm… all of a sudden I feel all alone… confused… lost… bored…
OK, now I have to find something else to do…
Suggestions anyone?
Core Impact Pro with Metasploit Integration
February 17th, 2010 No comments »Core Security Technologies have just announced that the next version of Core Impact Pro (due out in April) will support Metasploit integration. It’s not a bad list of things you will be able to do too.
* Bring a system compromised during testing with Metasploit into the IMPACT environment and deploy an IMPACT Pro Agent. The Agent is a patented, syscall proxy payload that allows users to:
1. Launch IMPACT Pro’s full range of automated penetration testing capabilities from the compromised system.
2. Leverage IMPACT’s broad selection of commercial-grade exploits, plus multiple pre- and post-exploitation capabilities for in-depth, comprehensive attack replication.
3. Pivot penetration tests to other systems, mimicking an attacker’s attempts at identifying and exploiting paths of weakness to backend systems and data.* Use IMPACT Pro’s automated Rapid Penetration Test (RPT) to exploit vulnerabilities, then launch Metasploit’s db-autopwn feature and subsequently upload the results back into IMPACT Pro. This allows users with less training and expertise to view Metasploit testing information within the IMPACT environment.
I for one am looking forward to playing with this
Where have I gone???
February 9th, 2010 No comments »I know I’ve been a bit quite lately and I figured I owe you all an explanation…
But you’re not going to get one… well not a full one anyway.
I have had some pretty dramatic changes happening this year thus far. These are causing a re-evaluation to what I do and what has become my primary focus. There will be some big announcements this year, but I can’t give you anything just yet.
So I’m still here and I haven’t forgotten about you. I am just busier than ever trying to organize some stuff that I hope you will like
