OT: Training

From: Stephen Haywood 
------------------------------------------------------
I'm thinking about putting together a couple of training classes. One =
would be intro to Python programming and the other would be an intro to =
hacking/pentesting. These would not be free classes.

Would any of you be interested in classes like this? Would any of you be =
willing to pay for classes like this? What would you want to see in =
classes like these?

BTW, I'm available for contract security testing/consulting.

Thanks,
--
Stephen Haywood
Owner, ASG Consulting
CISSP, GSEC, OSCP
423.305.3700
stephen@averagesecurityguy.info





=============================================================== From: Tyler Mittan ------------------------------------------------------ I would be very interested, Stephen!

=============================================================== From: Stephen Haywood ------------------------------------------------------ Which one or both? -- Stephen Haywood Owner, ASG Consulting CISSP, GSEC, OSCP 423.305.3700 stephen@averagesecurityguy.info On Aug 21, 2013, at 4:20 PM, Tyler Mittan = wrote: wrote: would be intro to Python programming and the other would be an intro to = hacking/pentesting. These would not be free classes. be willing to pay for classes like this? What would you want to see in = classes like these?

=============================================================== From: Tyler Mittan ------------------------------------------------------ Well, I am taking a "scientific programming" class (not sure what exactly that means, but it's going to be going over C++) so I might be interested in the hacking class a little more so.

=============================================================== From: Jon Stanford ------------------------------------------------------ I'm interested in both but how much money and how much time the classes would take are concerns for me, my budget is pretty tight right till I get a new job. ----- Original Message ----- From: "Stephen Haywood" To: "Chattanooga Unix Gnu Android Linux Users Group" Sent: Wednesday, August 21, 2013 4:17:43 PM Subject: [Chugalug] OT: Training I'm thinking about putting together a couple of training classes. One would be intro to Python programming and the other would be an intro to hacking/pentesting. These would not be free classes. Would any of you be interested in classes like this? Would any of you be willing to pay for classes like this? What would you want to see in classes like these? BTW, I'm available for contract security testing/consulting. Thanks, -- Stephen Haywood Owner, ASG Consulting CISSP, GSEC, OSCP 423.305.3700 stephen@averagesecurityguy.info

=============================================================== From: Tyler Mittan ------------------------------------------------------ I second what Jon said. I am on a tight budget as well.

=============================================================== From: Benjamin Stewart ------------------------------------------------------ I'm interested in the pentesting one. The price I'm willing to pay would probably depend on whether I could sell it to $work.

=============================================================== From: Keith ------------------------------------------------------ I'm interested in both of these classes and would certainly be willing to pay.

=============================================================== From: Stephen Haywood ------------------------------------------------------ What I'm thinking right now is an 8 hour class for $250. Does that fit = most budgets? -- Stephen Haywood Owner, ASG Consulting CISSP, GSEC, OSCP 423.305.3700 stephen@averagesecurityguy.info On Aug 21, 2013, at 4:49 PM, Benjamin Stewart = wrote: would probably depend on whether I could sell it to $work.=20 wrote: wrote: classes would take are concerns for me, my budget is pretty tight right = till I get a new job. would be intro to Python programming and the other would be an intro to = hacking/pentesting. These would not be free classes. be willing to pay for classes like this? What would you want to see in = classes like these?

=============================================================== From: Ed King ------------------------------------------------------ Do you accept bitcoin? ------------------------------

=============================================================== From: Ed King ------------------------------------------------------ Do you accept bitcoin? ------------------------------

=============================================================== From: Stephen Haywood ------------------------------------------------------ No Ed, that's not real money. :) -- Stephen Haywood Owner, ASG Consulting CISSP, GSEC, OSCP 423.305.3700 stephen@averagesecurityguy.info fit most budgets? wrote: would probably depend on whether I could sell it to $work.=20 wrote: wrote: classes would take are concerns for me, my budget is pretty tight right = till I get a new job. One would be intro to Python programming and the other would be an intro = to hacking/pentesting. These would not be free classes. you be willing to pay for classes like this? What would you want to see = in classes like these?

=============================================================== From: Know Juan ------------------------------------------------------ Along these same lines, I'm working to set up a pentesting lab where people can vpn in and have a safe place to practice penetration testing. Would anyone be interested in getting access to something like that on a subscription basis?

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Could you define "a safe place to practice penetration testing" please? Why is your VPN "safer" than my house, or my neighbor's cracked WiFi, or from $dayjob Datacenter? Also assuming your VPN would then tunnel *all* my traffic to the Internet through your connection (otherwise you would have to set up specific tunnel rules for each connection based on what they wanted to pen-test), what assurances do I have that you aren't capturing/sniffing my traffic? And if I connected to your VPN and starting banging away somewhere like nsa.gov and the helicopters and black suburbans pull up to your driveway, how quickly will you turn over my subscription information? (I know the NSA doesn't give a rats ass about nsa.gov, it's just a website not connected to anything interesting) Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSFkBAAAoJEMP+wtEOVbcdsJoIAJr1bTv5akBUXL8j2+MXfV51 d+u+usgcmrnFIBlMvT3OEs6BW16H33Y/PhDd3qfVm9Rdtxm+gRgtB8j+ECRuk6+p Y4tnqN8f4UE8a37JXYJuOpMZ2Twuj12oRRs+bwpLTokBPcK56pVUShgM/8K2PYN5 dciawoIk0O83h3RJ2LUTSOL+ZKPTK2/ZsPdXFvbWuOq0DAYHW2A3APoav7j36H5o fp4j5CVGfVfPoRP5DX5TkEWoax7I9V8yczTyledsDaU4FPRfb/SoHrBr8OPw8ipL RqMDSDfOnvcO7DmeVU70TIj8eypjp3cto42JDddAPEAun/FhV7inNPZiAM0zSHc= =0zEj -----END PGP SIGNATURE-----

=============================================================== From: Know Juan ------------------------------------------------------ It's safer because it's a sandboxed environment without access to anything outside. You don't get to bounce your malicious code off of my network to target a .mil - you get to VPN into my contained network and attack VMs that I have set up in said environment - nothing else. You don't have any assurances that I'm not sniffing your traffic, but seeing as how this environment won't enable you to access the internet, that shouldn't be of much concern.

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What fun would that be? :) Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSFkvUAAoJEMP+wtEOVbcdbnwH/2jeHQ8EYxJk72qV8QMIq4fA K8KRwIdL4GbWzECcIZi0Id12YlWl4xtUEcqtWiLFqx7GaGY8Ier2Bz1zQ3dKbrFi 6wn/8bCAjfrFrzG0s9CH79/00D4P6Gh3CI4mIUEeS4g5PdeMxrPOdnr3yfemMhKC ZYpj/Khl0Bur1j7feihA0Xv4unSGe1oIGNphZaTYdkZ/A1CWGmBIlu+w9d60yNZa JKoNw8xHQnynnmVysKYHal4M2yYdTceqlk2lpvrUthJGqymYwqJU21lpkz7yJuJe scaNcRgvjrCNLYlroj3T0kUgumBTtcVbPMsK9yw1aAKBid/FWMMHCR5JCdL/xG0= =WMIc -----END PGP SIGNATURE-----

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So I know you probably think I'm just being a dick, but I'm really trying to flesh out your business model... and what benefits it brings to the table. Do we get to choose the hosts that you spin up in your environment? Do we get to choose the software stack running on the VMs? Do you have a menu to choose from? Is your actual physical infrastructure running the Virtual Infrastructure an option and/or do we get our money back if we get to it? Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSFoFgAAoJEMP+wtEOVbcdNv4H/11tBchHNTz4YHFncvYYnvL6 XkDZ9Yig20c2I9Yxqk1lUmddgVIIIZt+4a/wuQ3H5OeNepLZIYZI0gTsRABnBCx/ HQQ0mFUDVb3gzmm0oXmHy6wZJjjwXkarl/aoLP1HE+SFCuM/tmqsixvrm/wI9lhT vCnloFh3TqN7TAQFOv/dn6vgOPlKw5xh8LAs27I37jaxlrws9fJSVLKoX2xkEpdG P5AKgBLcwltHchHP+gkPXSLmM6RA3viUBLKBm56jqYwwdSVRSD3ilLn78sywyKm8 408GWC4aehSSbRQrZvep+MnheAjnQmkQmKi/Xn4yoNz8EWhz2aXyLBcpWXwBLPc= =GGGJ -----END PGP SIGNATURE-----

=============================================================== From: Jim Wells ------------------------------------------------------

=============================================================== From: Keith ------------------------------------------------------ Hey Stephen, I think your thread got hijacked. For your course do you plan to have materials and take-home activities, particularly for the python session? I'm less likely to pay 250 for pen testing but that's just because I'm interested but it's doubtful I could capitalize from that training. I do consider 250 for an 8hr session to be on par, in terms of cost, with midrange formal classroom tech training. So I would have certain expectations. On Aug 21, 2013 6:56 PM, "Stephen Haywood" wrote:

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My darknet requires Internet access, you know that :) Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSFtOCAAoJEMP+wtEOVbcdlz4H/R0SKPtAlW9CoW9SvE9s0h5/ P9EVvIZ0gt61uWlG/7NcwplyuS5MXFq4ICpH01nrXkMCwVypZEslYCZb8aW7XnRp UQarQIPIN/jnOMdqsLaOrkQ2cFs8PvkXS8IxHAsH9xQpdzD0WLQ9GPh7Bk60Eoyh GLbvPiro/lCzJdRshN7KDsDVCgGwNCJzApNnbN0s0SUo/dBbHxM7mtRRjjahg/7S j6TOxjVeqfe19pzpJMtZk3X8mC7gmKNsaDwcF4Dw7LwRnTowIWuI2+OwDer3pAur td5JzxPjOL/HLI8Os+ADlmPIwsIELR89zfS2uQ7UT2N1OHXX8LRxLSHt9S6cY5Y= =YYr2 -----END PGP SIGNATURE-----

=============================================================== From: Stephen Haywood ------------------------------------------------------ Feel free to send me your list of expectations off list. -- Stephen Haywood Owner, ASG Consulting CISSP, GSEC, OSCP 423.305.3700 stephen@averagesecurityguy.info activities, particularly for the python session? interested but it's doubtful I could capitalize from that training. with midrange formal classroom tech training. So I would have certain = expectations. wrote: most budgets? wrote: would probably depend on whether I could sell it to $work. wrote: wrote: classes would take are concerns for me, my budget is pretty tight right = till I get a new job. One would be intro to Python programming and the other would be an intro = to hacking/pentesting. These would not be free classes. you be willing to pay for classes like this? What would you want to see = in classes like these?