Mmm... new scripts. YUM! Nice update. I really like the addition of Firewalk

Still only 50 characters. (It did error out on me at 150ish characters) Pretty difficult to say anything in less than 50 characters. Kinda disappointing since I had some good stuff for them. Hope they fix it soon.

Anyone have the link at the site? (If it's even up yet) Some creative Google searches did not turn up anything outside of some mentions of v7.

This list should give you what you need to determine what might be covered by the exam

http://www.giac.org/certbulletin/gpen.php

I found the real exam to be very close to the practice exams and as Ziggy mentioned I did slightly better on it as well.

I've avoided CEH in the past based on poor feedback from colleagues, but I may have to look into it again after they implement these changes. It's always been on my radar because so many jobs ask for it, but I've always made excuses to postpone because I didn't feel like memorizing the names of every tool on the planet for the exam. Sounds good. Thanks for the info BillV!

I would tend to agree with the Freenode suggestion. That's usually where I hang out.

Tor is soooo slow! Even if there were not issues of confidentiality, I cannot even imagine trying to push any significant traffic through Tor. At least that was my experience a couple years ago when I used for browsing.

I'm doing GWAPT and SANS Metasploit course in April but I've been seriously considering WCNA after that. It's either that or RHCE. I'm still interested in OSCP but Im thinking I'll wait a bit on that as I've been focusing on the pentest stuff lately and need to round out a bit some of my core skills. I have the WCNA book and it's really good stuff.

I tried it once before about 3 years ago for GSEC in Ft Myers, FL and could not generate enough interest. You have to promote your course. SANS will work with you and send out official correspondence mentioning it and list it on their upcoming events pages but that was not enough. I'm probably going to try to do a GPEN mentor course later this year in Orlando and see if I have better luck. It's a great program but I'm really bad (lazy) at marketing.

Check out http://nbise.org/ in the US. They are finishing a beta round of testing for Crest.

Thank you very much! Great read. 

I always go the http://www.sans.org/security-training/volunteer.php route. $800 for conference attendance + cert + 4 months of Ondemand + some of the best social networking opportunities at the conference, What it does NOT include is bonus materials like SIFT kit, Wireless hardware etc which you will have to pay extra for. For instance I think the SEC508 Forensics course as a volunteer winds up being around $1100 which is still way cheaper. For most courses though this is a non-issue since only a few tracks utilize these extra materials.

For the record, when I did GCIA I did it via OnDemand and had never worked in packet analysis outside of troubleshooting network issues with Wireshark and some very basic work with tcpdump when pentesting.

It's funny, my wife is so pessimistic I have to switch gears when I get home and be the optimist. So very different from how I am at work.

I probably could, I do have a DroidX with Proxoid setup with ADB for tethering on my linux machine. http://carnal0wnage.blogspot.com/2010/11/tethering-your-droid-to-linux-system.html

I've used that before for reverse connections but it's painful sometimes since my cellular coverage is a bit spotty and I've noticed that some connections tend to get filtered by Vz, but then sometimes they don't. It's almost like some Vz nodes are filtered but if I get routed through a different Vz node it isn't. I suppose if it's inside the VPN tunnel that probably won't be an issue. If I can't get the work cable modem approved I may go that route.

*post edited because I realized that my pondering was a really bad idea. Fun, but not smart*

A 3rd party test will only give you information current for that point in time that their test was done. It's very useful for initial remediation efforts but you will want some kind of ongoing scheduled scanning/testing solution in place. Whether a 3rd party MSSP provides this service or you do it internally is a business decision you have to make, but you should have some kind of ongoing vulnerability assessment process in place. I know you mentioned something along those lines so you are thinking in the right direction. The biggest challenge is vetting the capabilities of the 3rd party you use for your test. There are a lot of charlatans out there that will sell you a pen test when they are really just doing a vuln scan.

In my environment, I budget about 30k a year for external 3rd party pentests focused on my PCI environment, and spend about 25k (my salary hours focused on these activities + training costs + software expense) on in house conducted pen testing and then another 50k or so on software licensing and 5k or so on salary related expenses for ongoing vulnerability scanning but this scope includes my entire environment, not just a single app so YMMV. It really depends on your scope and complexity as to cost so we could give you a wide range of numbers that may be meaningless for you. You could also buy cheaper software than me, but I really like what I'm currently using and don't want (or plan) to give it up.

(Total cost for me = 110k)

Btw none of these numbers above include actual remediation. There's another group that handles that. I'm not even an admin on the systems I'm testing (by design - but my tools do have appropriate permissions for credentialled scanning) This is just assessment, and documentation of remediation plans and communication to management of the extended business risk from the discovered and verified vulnerabilities so they can make informed decisions and prioritize remediation tasks.

Hope that helps.