Yeah, but it won't have a pineapple on it...

That is a cool little device. The price is not outrageous either. Nice find.

Looks like my B.A. in English will have a use someday after all...

If you are new to linux, try Ubuntu or Mepis first and get acquainted with basic commands and concepts. Then jump into Backtrack.

The latest revision is Backtrack 5r2, r3 is due very soon. You can get it here:

http://www.backtrack-linux.org/

along with lots of good free info

Can't recommend HP's for anything. Ever since the big Nvidia chipset meltdown and ensuing PR disaster. Watch the heat.

I'm not a pen tester yet, still learning. I run Backtrack 5 on a crappy old HP hand-me-down from client who didn't want to pay to replace the drive, probably worth about $250. Nothing near your specs. If money is not an issue, go for it. Otherwise, I'd stuff a bunch of RAM into an older model and live with it.

How is the winner chosen? Pure random chance? One chance x number of posts? I'd really like to win, but I don't want to spray the boards with newbie questions and "How are you today?" posts.

Yar! I've been drooling over the PWB course for awhile. Awesome prizes.

I'd take their offer. It's not your product, and they are responsible for whatever happens.

In my little lab my BT5 VM is bridged. Bridge your other VM's and they should all see each other, and whatever other machines are on the same network as your host.

So social engineering aside, the attack method for my test XP box is basically throw best guesses at it, like recent java /IE/adobe exploits at it and see what sticks? So for a better testing experience, I should load up old adobe and other apps and toss exploits at it.

On the target machine, I am browsing to the IP and port my BT5 box is serving malicious code on. Pretending to be a user who says OK to everything.

spending a bit of time in my home lab today. Have a VM of BT5 R2 loaded up, target machine is XP Pro SP3, firewall disabled. Nothing else installed. Fully patched.

If there are no vulns to exploit, would the only way to get a shell be to go after the browser and get the user to click a link?

Working on learning the basic strategies and tools.

Wow, thanks for all the info and advice. I have much to learn and lot to consider.

I've noticed that CISSP is a requirement for many jobs in this and related fields. Seems like a "common denominator" and a good place to start.

Incident response and pen testing both interest me greatly. But I have a LOT to learn. I've read many of the OSCP exam posts, that sort of training sounds awesome, but I obviously need to get up to speed on my pre-requisite skills before attempting any of that. Plus I am self-funding, and I'd have to do PWB first, and need to know my investment will pay off quickly.

So, how did you incident response people get your start?

I'm not currently a security professional, but I'd like to be. For the past ten years, I've run my own one-man computer networking \ repair business doing basic stuff. I really want to expand my skill set.

For the past 6 months, I've been playing around with Backtrack and Linux generally on test laptops, playing with the tools on a mini-network and my own wireless router. I learned SME server to the point where I installed one for a client. I read though all the free training stuff on the Backtrack site. I have a cousin who works for a major bank on their incident response team. Had a fascinating two hour chat with him, this is an area I'd like to explore more of.

From what I've read here, it seems the CISSP cert would be a good fit for me. I've ordered the Shon Harris book and signed up for free test questions.

How does my experience fit with the "ten years experience in two domains" requirement?

Also, do you see this as an advisable career move? I am 39, married, two kids . Would need to make good $$, live in an expensive area (MA)