You forgot "Perform normal computing tasks as a non-privileged user and use runas or sudo when higher privileges are required"

I've found taking this step prevents a huge number of infections

There's a big difference between collecting and alerting. My preference is to collect as much data as feasible and then filter the data set down to a manageable level. I would rarely condone collecting less data but almost always recommend trimming alertable events, tuning, and filtering so as to not DOS the analyst. You can always expand your filters if necessary as long as you have the data.

Which was why I mentioned ZAP

Why not write an extension for Zed Attack Proxy? http://code.google.com/p/zap-extensions/ Psiinon is very active/responsive and and I'm sure would really appreciate the contribution.

Thanks for the mention m0wgli. It really was a pretty great course for what it was (2 days really limits how deep you can cover material) but definitely not free (for anyone that didn't win an ethicalhacker.net contest I mean)

I'd highly recommend Jeremy Druin's video series and Mutillidae. 79 videos and counting!

http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae

Also OWASP has a bunch of great materials as well. Here's a link to the OWASP education project https://www.owasp.org/index.php/Category:OWASP_Education_Project  and OWASP has teamed with Security Innovation to make OWASP Team Mentor available which is a nice resource. http://owasp.teammentor.net/teamMentor and then a free hacking lab for OWASP Top 10 at https://www.hacking-lab.com/events/registerform.html?eventid=245

Don't forget http://www.securitytube.net/tags/web . I also highly recommend WAHHv2. I have not done the MDSEC labs and have heard good things but I was focusing on free resources here.

Looks like Joe's Python course is being offered again in a week or 2. http://www.trainace.com/courses/python/ I'm not sure if he's the instructor or not.

Also, the Scapy course was a Judy Novak original. SEC567, here's a cheat sheet for the course http://www.sans.org/security-training/course_sums/1382.pdf I was very sad to see it go.

Unfortunately Scapy didn't sell well so they appear to have abandoned that content.

Keep in mind 2 things.

One, SANS markets courses at the lowest common denominator to maximize attendance, which in security means non-coders. They have to cover basics here and will probably never have a 500 level course that requires substantial knowledge coming into the course. If this course does well for them I'd expect to see a more challenging 600 level or perhaps 1 or 2 day advanced courses in the future.

Second, this course is beta, and they very frequently make changes from beta to live and often even a year or two after going live sometimes make sweeping changes. If they see that people are not buying the course because of this they will shift gears. If however a bunch of people without experience sign up then we will just have to wait for the more advanced course.

Personally I think SPSE is the better value by far but with Mark Baggett at the helm I'm expecting some pretty great stuff from this course as well. I plan on doing both but I probably won't do the SANS course until they work the kinks out. That usually happens by the time they have the cert. GPYP maybe?

Did anyone here take Joe McCray's Python course earlier this year? http://strategicsec.com/services/training-services/classroom/python-for-security-professionals/ Anyone know if he's doing another run of it?

Check it out, it's a 5 day course and includes a copy of http://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579  - http://www.sans.org/course/python-for-pen-testers

We will have hackable badges at B-Sides Orlando and a hardware hacking workshop http://bit.ly/BSidesORL /endshamelessplug 

Yeah I was referring to VNC for console access. Have not used their service so was not sure how much control you had over the console (assumed was shared) to lockdown VNC but not sure why they wouldn't use something like nxserver to shovel X11 over SSH. It's a much more secure config in my opinion. It's not free but neatx or freenx implement the GPL'd libraries from the commercial version and work just as well. I use FOSS nxserver versions (usually freenx) with the commercial client (also free) and find it to be a much better way to manage via GUI.

I really am not a fan of VNC for any systems I am storing sensitive data on ...

I do like their prices though, am currently using https://www.linode.com/ 1024 w/backup now and that winds up running me about $15 more a month than arpnetworks. I've been very happy with their service but this discussion prompted me to look for some other cheaper options. I used the hackingmachines BT5 VPS for awhile and am technically still a customer but theres no management and its really expensive.

I was there, sorry I missed this thread or I would have tried to find you to have a beer. I attended on a free pass I received from OWASP and drove down on Monday. I missed many of the early morning keynotes (really sad I missed Jeremiah Grossman but understand it was very CISO-style metrics stuff) and with the exception of the Sourcefire keynote (which was really good) the rest of them were just silly or really bad.

I have to say though that given EC-Councils atrocious reputation this is what I expected and thought that it would continue throughout the conference. I was mostly there to network, not really for the content. The fact is though, regardless of how you feel about the parent organization and which side of the "They are a marketing organization" or "They taught me to be a leet hacker" fence you stand on there were some really good presentations on day 2 and 3.

There is some minor overlap with other security conferences but the biggest benefit of attending is the speakers who attend Hacker Halted are mostly a different group than your Black Hat, DefCon, Bsides, Derbycon crew. Some of this is because EC-Council is somewhat myopic and many of it's constituents are the same way but the end result was content I might not have otherwise seen and that has value for me. The quality I don't think is quite as good but to generalize around the entire org and say everyone with a CEH is a moron is really a short-sighted view. There ARE some smart people here, and there's some highly delusional ones as well. I will admit to being pleasantly surprised although my opinion on the whole about EC-C or the CEH has not really changed.

Don was very supportive and followed up with me quite a bit during that period. Much of the issue had to do with course popularity and they kept having to cancel the course due to low registration numbers. Eventually they just did a remote live training for me and 1 other student. So while it sounds really bad I don't think there's much more Don could have done.