This weekend in Nashville,TN Phreaknic 13 will be rocking Halloween.  Brian Wilson and I will be presenting and there is some cool content being presented.  Their official website is here: http://www.phreaknic.info/pn13/ .  If you are in the area, or even if you aren't, come on down to one of the longest running security conferences around and friday night, Dual Core is going to be presenting.  If you aren't familiar with the music of Dual Core, check out the website here: http://www.dualcoremusic.com. Hopefully see y'all there!

It looks like HD is working for rapid7 :
http://www.rapid7.com/metasploit-announcement.jsp

Congrats!  That's awesome.

To be honest, book choice is very personal.  For me, I already know other languages so for the most part I want to reference that tells me functions, parameters, and use cases, but if you don't have very much experience programming then that may not be ideal for you.  I recommend going to a bookstore and flipping through some books starting with the O'Reilly books and find something that feels like you would enjoy going through it.  There are lots of resources online too, you may want to head over to: http://wiki.python.org/moin/BeginnersGuide and just see what you think before opting for a book.  It's all in your learning style.

Just as a heads up, you don't have to be a top notch coder for this course.  Some basic scripting is really all that you need.  If you do one of the <language> in 21 days type book you will probably have all that you need.  The course focuses on short scripts that perform very task oriented things so you won't need to deal with any of the really complex programming topics, just the basics like network socket creation and basic functions. 

It's my fault   I haven't gotten it to Don yet, but I hope to this weekend.  I was at SecTor (http://www.sector.ca) this week and was preparing for it last week so I have been slow in getting this out.  Check back in a few days and you will hopefully see it   The next sections cover actual exploit development, compiling and utilization so I think the next section is going to have some of the goodies that everyone is looking for.

Both certs are packed with good information.  The answer to your question revolves around what you want to learn.  Everything from SANS has a business take to it.  GPEN is focused making sure that you are covered, that you follow good processes, and also it has some great skills for the actual process.  It covers all the goodies with enumeration etc in an environment where if you have questions you have a direct person to ask about it.  It isn't as deep as the OSCP, but if you are interested in making sure that your practices are good etc, then it's a good place to start.  I had fun in the class but the steps to pen testing and business elements are a focus the whole way.

OSCP covers enumeration, exploit writing, and popping boxes.  There's tons of good stuff in there, and it's pretty much all skills and techniques with little focus on the business stuff like ensuring that you have a project scoped etc.  It goes more in depth into enumeration and exploitation, even walking you through creating your own exploit.  The courses are in video and PDF format, and there isn't just one person who is accountable for questions, but there are a number of venues for asking.  If you are looking for a class that is fun from start to end, then this class is definitely fun.  The only thing is, this class is what you make of it because of how it is delivered.  You have the ability to pick up tons of skills if you don't already have them, but it isn't as spoon fed as GPEN is.  

All in all, they both cover different material, and taking both of them wouldn't be a bad plan if you can at some point.  The question is what you want to focus on first.  If you are just starting and want some additional hand holding, go GPEN first. If you are already strong with linux and have some background with pen testing or security, then OSCP is a lot of fun.

Video led.  Here's my thoughts on getting help.  At 4am, I have asked a question in IRC and had it answered.  There are always folks on there, and if they don't know the answer right away, if you give it a little bit an instructor will get back with you.  Theres so much information though, there is never a spot where you will be "If I don't get this RIGHT NOW then I can't do anything else"  What really struck me though, is that the videos are so good, that I haven't had any questions about the content.  The questions I had were regarding the extras.  I think that the videos explain stuff very well, and I was impressed at how well they addressed questions that might come up.  There where a few times when I had thought to myself "I wonder how.." and before I could finish the thought, the videos were already addressing that concern.  If you would like to see what the quality of the videos are, there are a number up for free on their website.

I would say for the most part yes.  You are talked through what is going on while you watch, and then much of the information is put into the manual.  In some cases, I think the manual is more thorough than the videos, and I had no trouble going back to reference the manual.  Actually any time I needed to remember how to do something that I saw I went to the manual and not the vids.  Some of the stuff is definitely easier when you see it done as opposed to reading about it, so I think overall it's good to do both.

Although you didn't ask for it really, I figure I'll throw in my thoughts about what your stated goals are.  Taking the exploit out of metasploit and trying to port it into your own application doesn't really help your knowledge of how the exploit works.  When you look into the metasploit framework at each individual exploit, what you see is just the juicy bits you need to perform the exploit.  You get just the good stuff because Metasploit has already written all of the network stuff, random character generation, and in many cases protocol stacks that you may need to do your job.  If you are interested in learning more about how an FTP exploit works for instance, you don't have to learn/write anything about how to create sockets or connect or build payloads, just how to get executable code to run.  If you are interested in the individual payloads, they are all explorable outside of the context of the exploit.  Once you understand enough about each individual piece, then you might go to writing your own, and you would use the contents of the exploit module that you need, plus the output of msfpayload to generate your payload to do what you want.


After saying all of that, if you don't really have a good understanding of debugging, you really haven't learned anything about any of this with the exception of how to just port an exploit from one language to another.  If you really want to understand what's going on , there are roughly a few hundred examples using the warftpd password exploit available on the internet.  Going through there and figuring out how to get EIP and launch executable code will get you a lot further in understanding what's going on than trying to pull apart a metasploit exploit and re-assemble it in perl/python/C.     


Take that for what you will though.  You do need the whole trunk to ever run one of the metasploit exploits as there is a ton of stuff in the lib that isn't included under /modules.  As the whole beauty of metasploit is the libraries that facilitate exploit/payload creation, without the libs you are just left with a rough outline of what is going on, you will never get the full picture.

Could you clarify which software you downloaded and what are you are hoping to do with the hash.  With that information I can hopefully get you a little bit closer. 

Sorry for the delay, I was out of town for a bit. 

For the class I have been using a BackTrack 4 VM on my Macbook (with 1G of memory).  I have been using VMWare as my virtualization, and have had it in both bridged and nat mode depending on where I am. I have accessed the network via both my home internet connection and 3G.  If you are doing 3G, you need to have a lot of patience.  The only downside to doing it on my Macbook, is some of the stuff is really suited for a bigger screen.  I wouldn't forsee any issues to doing this on a VM though.  I have a ESX server at home, and was going to use that, but as I knew I'd be traveling, I opted for my macbook since it's much easier to carry

I am done with the second week, and just need to get this to Don.  Sorry I'm a bit behind, but I hope to get it to him tonight.  So far though, this class is a blast.  The lab environment is nice, and I've picked up some great tidbits. 

As this isn't a case of someone doing something benign to be funny, but appears to be pretty serious,  I'd contact a lawyer as soon as possible to talk about what is going on.  I am not a lawyer, but I suspect that this breaks a number of laws.  The lawyer can talk to you about your situation and the impact of bringing law enforcement into it.  

It sounds like you have some pretty serious stuff going on, and just getting your computer clean may only be the half of it.  I would talk to a lawyer before you clean your computer.  If you start taking all of the bad stuff off, it makes it harder for people to figure out what happened.  Until then, I wouldn't do anything sensitive on your computer. If the lawyer says nothing can be done, then clean away, change passwords etc, but if online "evidence" is being brought into court, you are going to want to bring this to the attention of someone outside of this community.

Hope this helps

Thanks!  I will definitely give a recap.  Last year was the first time I've had the opportunity to do BH/DC so this isn't my first year, but I do expect my experience to be different.  I will write up some thoughts when I'm done, or maybe before in case there are folks who are new who are going.  I was very lucky last year and Don put up with me, but I have made some friends and contacts which have definitely kept up over the last year.   

I agree with the server side ESX or ESXi, for host side, I like VirtualBox.  It's free, the network isn't as easy to setup, but it is more flexible so you can do more stuff with it.  It is also free for personal use.