Tag: Salary

How to learn Hacking Part 2

Now that you have read the basics here at http://www.decisionstats.com/how-to-learn-to-be-a-hacker-easily/ (please do read this before reading the below)

 

Here is a list of tutorials that you should study (in order of ease)

1) LEARN BASICS – enough to get you a job maybe if that’s all you wanted.

http://www.offensive-security.com/metasploit-unleashed/Main_Page

2) READ SOME MORE-

Lena’s Reverse Engineering Tutorial-“Use Google.com  for finding the Tutorial

Lena’s Reverse Engineering tutorial. It includes 36 parts of individual cracking techniques and will teach you the basics of protection bypassing

01. Olly + assembler + patching a basic reverseme
02. Keyfiling the reverseme + assembler
03. Basic nag removal + header problems
04. Basic + aesthetic patching
05. Comparing on changes in cond jumps, animate over/in, breakpoints
06. “The plain stupid patching method”, searching for textstrings
07. Intermediate level patching, Kanal in PEiD
08. Debugging with W32Dasm, RVA, VA and offset, using LordPE as a hexeditor
09. Explaining the Visual Basic concept, introduction to SmartCheck and configuration
10. Continued reversing techniques in VB, use of decompilers and a basic anti-anti-trick
11. Intermediate patching using Olly’s “pane window”
12. Guiding a program by multiple patching.
13. The use of API’s in software, avoiding doublechecking tricks
14. More difficult schemes and an introduction to inline patching
15. How to study behaviour in the code, continued inlining using a pointer
16. Reversing using resources
17. Insights and practice in basic (self)keygenning
18. Diversion code, encryption/decryption, selfmodifying code and polymorphism
19. Debugger detected and anti-anti-techniques
20. Packers and protectors : an introduction
21. Imports rebuilding
22. API Redirection
23. Stolen bytes
24. Patching at runtime using loaders from lena151 original
25. Continued patching at runtime & unpacking armadillo standard protection
26. Machine specific loaders, unpacking & debugging armadillo
27. tElock + advanced patching
28. Bypassing & killing server checks
29. Killing & inlining a more difficult server check
30. SFX, Run Trace & more advanced string searching
31. Delphi in Olly & DeDe
32. Author tricks, HIEW & approaches in inline patching
33. The FPU, integrity checks & loader versus patcher
34. Reversing techniques in packed software & a S&R loader for ASProtect
35. Inlining inside polymorphic code
36. Keygenning

If you want more free training – hang around this website

http://www.owasp.org/index.php/Cheat_Sheets

OWASP Cheat Sheet Series

Draft OWASP Cheat Sheets

3) SPEND SOME MONEY on TRAINING

http://www.corelan-training.com/index.php/training/corelan-live/

Course overview

Module 1 – The x86 environment

  • System Architecture
  • Windows Memory Management
  • Registers
  • Introduction to Assembly
  • The stack

Module 2 – The exploit developer environment

  • Setting up the exploit developer lab
  • Using debuggers and debugger plugins to gather primitives

Module 3 – Saved Return Pointer Overwrite

  • Functions
  • Saved return pointer overwrites
  • Stack cookies

Module 4 – Abusing Structured Exception Handlers

  • Abusing exception handler overwrites
  • Bypassing Safeseh

Module 5 – Pointer smashing

  • Function pointers
  • Data/object pointers
  • vtable/virtual functions

Module 6 – Off-by-one and integer overflows

  • Off-by-one
  • Integer overflows

Module 7 – Limited buffers

  • Limited buffers, shellcode splitting

Module 8 – Reliability++ & reusability++

  • Finding and avoiding bad characters
  • Creative ways to deal with character set limitations

Module 9 – Fun with Unicode

  • Exploiting Unicode based overflows
  • Writing venetian alignment code
  • Creating and Using venetian shellcode

Module 10 – Heap Spraying Fundamentals

  • Heap Management and behaviour
  • Heap Spraying for Internet Explorer 6 and 7

Module 11 – Egg Hunters

  • Using and tweaking Egg hunters
  • Custom egghunters
  • Using Omelet egghunters
  • Egghunters in a WoW64 environment

Module 12 – Shellcoding

  • Building custom shellcode from scratch
  • Understanding existing shellcode
  • Writing portable shellcode
  • Bypassing Antivirus

Module 13 – Metasploit Exploit Modules

  • Writing exploits for the Metasploit Framework
  • Porting exploits to the Metasploit Framework

Module 14 – ASLR

  • Bypassing ASLR

Module 15 – W^X

  • Bypassing NX/DEP
  • Return Oriented Programming / Code Reuse (ROP) )

Module 16 – Advanced Heap Spraying

  • Heap Feng Shui & heaplib
  • Precise heap spraying in modern browsers (IE8 & IE9, Firefox 13)

Module 17 – Use After Free

  • Exploiting Use-After-Free conditions

Module 18 – Windows 8

  • Windows 8 Memory Protections and Bypass
TRAINING SCHEDULES AT

ALSO GET CERTIFIED http://www.offensive-security.com/information-security-training/penetration-testing-with-backtrack/ ($950 cost)

the syllabus is here at

http://www.offensive-security.com/documentation/penetration-testing-with-backtrack.pdf

4) HANG AROUND OTHER HACKERS

At http://attrition.org/attrition/

or The Noir  Hat Conferences-

http://blackhat.com/html/bh-us-12/training/bh-us-12-training_complete.html

or read this website

http://software-security.sans.org/developer-how-to/

5) GET A DEGREE

Yes it is possible

 

See http://web.jhu.edu/jhuisi/

The Johns Hopkins University Information Security Institute (JHUISI) is the University’s focal point for research and education in information security, assurance and privacy.

Scholarship Information

 

The Information Security Institute is now accepting applications for the Department of Defense’s Information Assurance Scholarship Program (IASP).  This scholarship includes full tuition, a living stipend, books and health insurance. In return each student recipient must work for a DoD agency at a competitive salary for six months for every semester funded. The scholarship is open to American citizens only.

http://web.jhu.edu/jhuisi/mssi/index.html

MASTER OF SCIENCE IN SECURITY INFORMATICS PROGRAM

The flagship educational experience offered by Johns Hopkins University in the area of information security and assurance is represented by the Master of Science in Security Informatics degree.  Over thirty courses are available in support of this unique and innovative graduate program.

———————————————————–

Disclaimer- I havent done any of these things- This is just a curated list from Quora  so I am open to feedback.

You use this at your own risk of conscience ,local legal jurisdictions and your own legal liability.

 

 

 

 

 

 

Analytics 2011 Conference

From http://www.sas.com/events/analytics/us/

The Analytics 2011 Conference Series combines the power of SAS’s M2010 Data Mining Conference and F2010 Business Forecasting Conference into one conference covering the latest trends and techniques in the field of analytics. Analytics 2011 Conference Series brings the brightest minds in the field of analytics together with hundreds of analytics practitioners. Join us as these leading conferences change names and locations. At Analytics 2011, you’ll learn through a series of case studies, technical presentations and hands-on training. If you are in the field of analytics, this is one conference you can’t afford to miss.

Conference Details

October 24-25, 2011
Grande Lakes Resort
Orlando, FL

Analytics 2011 topic areas include:

The impact of currency fluctuations on outsourcing businesses globally

 

The impact of currency fluctuations on outsourcing businesses globally.

If you have a current offshore team in a different country/currency zone then you may find that the significant cost savings from outsourcing have vanished due to currency fluctuations that occur for reasons like earthquakes, war or oil- something which is outside the core competency of your business corporation. As off shoring companies incur cost in local currencies but gain revenue in American Dollars and Euro (mostly), they pass on these fluctuating costs to their customers but rarely pass along discounts on existing contracts. Sometimes the offshoring contract actually gains from currency fluctuations.The Indian rupee has fluctuated from  43.62 Rupees per USD (04-01-2005) to 48.58 (12-31-2008) to the current value of 44.65.This makes for a volatility component of almost 10 percentage points to the revenue and profit margins of an off shoring vendor. Inflation in India has been growing at 8.5 % and the annual increase in salaries has been around 10-15 % for the past few years. Offshoring vendors have been known to cut back on quality in recruitment when costs have risen historically, and the current attrition rate in Indian ITES is almost 17%.
This raises important questions for companies going for global bids for the offshoring contracts. Should macroeconomic indicators like currency fluctuations, wage-inflation be part of the request for proposal process (RFP). Would vendors be comfortable in disclosing the ratio of salary costs to billing revenue. Should dips in service quality be penalized by customer. Most importantly, while going in for a multi year contract, the projection of fore-casted savings may vary greatly due to extraneous factors.
(this article was originally written for and published by http://www.indiasoftwarebrief.com/ in their daily newsletter and their socail media channel- see http://www.linkedin.com/groups/impact-currency-fluctuations-on-outsourcing-3825591.S.48411960)

 

 

Related Articles

Towards better quantitative marketing

Cycle of Research and Development, from "...
Image via Wikipedia

The term quantitative refers to a type of information based in quantities or else quantifiable data (objective properties) —as opposed to qualitative information which deals with apparent qualities (subjective properties)

http://en.wikipedia.org/wiki/Quantitative

Fear, uncertainty, and doubt (FUD) is a tactic of rhetoric and fallacy used in sales, marketing, public relations,[1][2] politics and propaganda. FUD is generally a strategic attempt to influence public perception by disseminating negative and dubious/false information designed to undermine the credibility of their beliefs.

Source-

http://en.wikipedia.org/wiki/Fear,_uncertainty_and_doubt

Top 5 FUD Tactics in Software and what you can say to end user to retain credibility

1) That software lacks reliable support- our support team has won top prizes in Customer Appreciation for past several years.

  • Our software release history-
  • graph of bugs filed-
  • turn around time box plot for customer service issues
  • quantitatively define reliability

2) We give the best value to customers. Customer Big A got huge huge % savings thanks to our software.

  • Pricing- Transparent – and fixed. For volume discounts mention slabs.
  • Cost to Customer- Include time and cost estimates for training and installation
  • Graphs of average ROIC (return on capital invested) on TCO (total cost of ownership)  not half a dozen outlier case studies. Mention Expected % return

3) We have invested a lot of money in our Research and Development. We continue to spend a lotto of money on R &D

  • Average Salary of R and D employee versus Average Tenure (Linkedin gives the second metric quite easily)
  • Mention Tax benefits and Accounting treatment of R&D expenses
  • Give a breakdown- how much went to research and how much went to legacy application support
  • Mention open source projects openly
  • Mention community source projects separately

4) Software B got sued. Intellectual property rights (sniff)

  • Mention pending cases with your legal team
  • Mention anti trust concerns for potential acquisitions
  • Mention links to your patent portfolio (or even to US PTO with query ?=your corporate name )

5) We have a 99.8% renewal rate.

  • Mention vendor lock in concerns and flexibility
  • Mention What-If scenarios if there are delays in software implementation
  • Mention methodology in calculating return on investment.

 

 

 

Also

http://blogs.computerworlduk.com/infrastructure-and-operations/2010/10/three-fud-statements-used-not-to-implement-standards-based-networking/index.htm

Related Articles

Google Raise What

Google recently did the following-

1 Raised salaries by 1000 $ across board, and gave a 10% increase at lower levels to reportedly 30% increase at higher levels.

The surprise 1000$ cash bonus , was a simple application of expectation management, people love a surprise 1000$ raise, but hate if told they would be getting a 90$ raise in their monthly salary from next quarter.

Ex Googlers or GoogleX as the groups is called have helped create a lot of not so evil value at Facebook, and at Twitter. Even the rest of the World made more money on Map Reduce than Google itself did

And Google refuses to do simple things like sell Android )s at 10 bucks a pop, or Google Maps at 0.99 cents a pop. Not even a paid content search by integrating syndicating sources like Factiva, Bloomberg etc

The book scanning project would be out soon , hey when, but they could better get some health record scanning contracts to help cut digital costs

And the A/B experiment to move to pay per conversion rather than pay per click will hurt spamboy advertisers in Facebook or Bing more than Google.

and will someone remove the 100$ limit in Adsense minimum revenue-the internet long tail doesnt end at the round number

But Google ‘s rumors of firing the guy who leaked the raise rumor is totally deception –

seems they are just plugging the leaks for hot new features to counter Gmail killers (where did we heard this phrase before) by

Mark “Still dont have a diploma from Harvard”

speaking of which if Facebook has 500 million unique customers logging and clicking ads (right)- how many unique customers search and click ads on Google. A histogram using a Monte Carlo would be nice- 🙂

 

 

Related Articles
Image using png package courtesy Romain Francois at http://romainfrancois.blog.free.fr/

Top ten RRReasons R is bad for you ?

This is the original symbol of the Perl progra...
Image via Wikipedia

R stands for programming language based out of www.r-project.org

R is bad for you because –

1) It is slower with bigger datasets than SPSS language and SAS language .If you use bigger datasets, then you should either consider more hardware , or try and wait for some of the ODBC connect packages.

2) It needs more time to learn than SAS language .Much more time to learn how to do much more.

3) R programmers are lesser paid than SAS programmers.They prefer it that way.It equates the satisfaction of creating a package in development with a world wide community with the satisfaction of using a package and earning much more money per hour.

4) It forces you to learn the exact details of what you are doing due to its object oriented structure. Thus you either get no answer or get an exact answer. Your customer pays you by the hour not by the correct answers.

5) You can not push a couple of buttons or refer to a list of top ten most commonly used commands to finish the project.

6) It is free. And open for all. It is socialism expressed in code. Some of the packages are built by university professors. It is free.Free is bad. Who pays for the mortgage of the software programmers if all softwares were free ? Who pays for the Friday picnics. Who pays for the Good Night cruises?

7) It is free. Your organization will not commend you for saving them money- they will question why you did not recommend this before. And why did you approve all those packages that expire in 2011.R is fReeeeee. Customers feel good while spending money.The more software budgets you approve the more your salary is. R thReatens all that.

8) It is impossible to install a package you do not need or want. There is no one calling you on the phone to consider one more package or solution. R can make you lonely.

9) R uses mostly Command line. Command line is from the Seventies. Or the Eighties. The GUI’s RCmdr and Rattle are there but still…..

10) R forces you to learn new stuff by the month. You prefer to only earn by the month. Till the day your job got offshored…

Written by a R user in English language

( which fortunately was not copyrighted otherwise we would be paying Britain for each word)

Related Articles

Ajay- The above post was reprinted by personal request. It was written on Jan 2009- and may not be truly valid now. It is meant to be taken in good humor-not so seriously.

%d bloggers like this: