Wow.

I got through as much of this thread as I could take.

The bottom line is this:


- Yes, you are absolutely, 100%, allowed to ask for/request a refund for whatever you want, regardless of what your reasons are.

- No, you will not always be given a refund


My opinion is this: I do not think you are entitled to a refund and I support the decision already made by Thomas/HackingDojo.

However, I will refund you $5 USD if you stop posting (in this thread/about this topic)

That is, unfortunately, about all you do. You've got one of the highest posts-per-day counts, yet you're at bottom in terms of posts-to-substance. Aside from your initial enthusiasm, you've done very little besides whine or instigate.

These forums provide a rare opportunity for ethical hacking and infosec novices to interact with experienced professionals (who graciously take time out of their insane schedules to respond). I'm not sure how you haven't picked up on this by now, but this isn't a place where people just dump out every empty, unfiltered thought that crosses their minds. I think you've confused these forums with Twitter. You've single-handedly brought a level of immaturity to these forums that I haven't seen in the four years I've been here.


Yes, ignoring his professional experience, numerous years and 1000+ insightful posts here, and reality, I think you nailed it. I can't believe that you alone were able to quickly decipher this situation while everyone else was fooled for years. You truly are amazing, and it's a shame you're going into security and not psychology.

The thing you don't seem to understand is that your actions are only hurting yourself. No one is getting upset or offended at your posts, and no one is impressed by the played-out internet bad-ass routine. You've only succeeded in burning bridges and removing value for yourself.

It's completely fine to disagree and state your opinion in a polite and respectful manner, and this is in fact how great discussions come about. The subtle and not-so-subtle responses you've received up until now have truly been attempts to just get you to stop spilling YouTube-quality comments all over the forums.

Please don't feel obligated to respond; everyone already knows what you're going to say, verbatim.

No but there's plenty of resources on how to conduct click-jacking attacks including a few demo's on various websites. 

I agree with the early start. I started at 7AM after a good night sleep.

The real question is if the javascript is executed by the browser or just displayed as text

><script>alert('XSS')</script>

The Expect request-header field is used to indicate that particular server behaviors are required by the client.

      Expect       =  "Expect" ":" 1#expectation
      expectation  =  "100-continue" | expectation-extension
      expectation-extension =  token [ "=" ( token | quoted-string )
                               *expect-params ]
      expect-params =  ";" token [ "=" ( token | quoted-string ) ]
A server that does not understand or is unable to comply with any of the expectation values in the Expect field of a request MUST respond with appropriate error status. The server MUST respond with a 417 (Expectation Failed) status if any of the expectations cannot be met or, if there are other problems with the request, some other 4xx status.

This header field is defined with extensible syntax to allow for future extensions. If a server receives a request containing an Expect field that includes an expectation-extension that it does not support, it MUST respond with a 417 (Expectation Failed) status.

Comparison of expectation values is case-insensitive for unquoted tokens (including the 100-continue token), and is case-sensitive for quoted-string expectation-extensions.

The Expect mechanism is hop-by-hop: that is, an HTTP/1.1 proxy MUST return a 417 (Expectation Failed) status if it receives a request with an expectation that it cannot meet. However, the Expect request-header itself is end-to-end; it MUST be forwarded if the request is forwarded.

Many older HTTP/1.0 and HTTP/1.1 applications do not understand the Expect header.

Thanks a tonns DARK_KNIGT. U gave a heavenly direction. Thanks alot. One more question, if u have time.
    Is pentesting or hacking skill mandatory for gorensics and if yes, then upto what level? I love to learn pentesting skills but  I have a dream to go for forensics only. What would u suggest? Is forensics considered next step of pentesting/hacking or is it parallel on knowledge grounds?
   Thanks...

Jason, dark_knight ! Thanks for posting. I understand i have to get into doing it all. I am absolutely ready for that. I have my own VM Ware lab for that. But i should know atleast what to choose. There are plenty of courses out there. But which one will suit me at this situation. Offcourse i will sign up for a security course. And seriously i have money saved for just that only. One bitter truth is that:-  torrent is stealing only. I accept it.
    Ok apart from this can someone suggest me the path? I'll be very grateful.

I think you need to pick your own poison and go from there. Think of security in terms of a baseball team. Here you are saying: "I want to play which position should I aim for?" What are your strengths and weaknesses. Focus on your weaknesses to bring them up to par with your strengths while in parallel upping your strengths.

In security, there are a lot of avenues to choose from. Forensics, pentesting, application security, cryptography, networking, etc. Each have their unique methodologies, technologies, protocols, pros and cons.

Examples:

++++++++++

Forensics. Where would you want to fit in? Working as an incident responder researching malware, researching e-Discovery, researching the cause of a compromise? What field? Pros: Banking, insurance, defense industries, huge Fortune 100s are always in demand for these types of individuals.

Cons: Job can be linear, stressful, repetitive.

Certifications: (real world relevant) GCFE, GCFA, EnCe, GCIH, ACE, CCE, GREM, WCNA (Wireshark), GCIA

++++++++++

Pentesting: Where would you want to fit in? Define pentesting. Too many companies have turned this field into a tool (Core Impact, Metasploit, Nessus, etc) however there is more to pentesting than running tools. In order to fit into a well rounded position, the document I linked you too will give you excellent foundations needed. You then need to progress into a more linear stage (focus on applications (which web application, business applications (SAP, etc)).

Pros: Can be fun, creative, non-linear (no two pentests are ever the same)

Cons: Industry has created too many retards that rely far too much on tools. Many industries are now mandated to have penetration testing (PCI requirement). With that stated, many companies are relying on point and click drop boxes (QualysGuard) and calling it a "pentesting day."

Certifications: (the ones that count) GPEN, CEPT, OSCP, OSCE, CPT, RWSP

++++++++++

Network security: Where would you want to fit in? Managing firewalls, IPS, IDS, DLP, acronym hell? Performing network analysis' with tools and hardware such as nGenius, Netwitness, Wireshark, etc., this can criss-cross the forensics realm.

Pros: ALL COMPANIES need network security period.

Cons: Can be as linear as in point A to point B

Certifications: (ones that count) WCNA, CC{N,D,S}P, GCIH, GSEC

++++++++++

Take note, all the certifications I listed are TECHNICAL, for those wondering why CISM, CISA, CGEIT, CISSP, etc isn't listed. And NO, the SSCP to me is not a technical cert. When I state "ones that count / relevant" I mean the ones you *truly* want to aim for as you WILL LEARN while getting them. Not to take anything away from say the C|EH, CHFI but it is what it is. I felt the certifications I listed would help you LEARN something as opposed to dumping a billion tools on your lap and telling you "hey this is a security tool, learn this tool's syntax and we will give you a shiny certificate!"

Your best bet regardless of any advice you see from me or anyone else is to determine something that you can enjoy while making money. I would hate to focus on Forensics only to have a job I hated doing e-Discovery 24x7x365. I know people that dread getting into the field. They work to dissect/analyze info, go to court, are stressed out as all hell. The money they make doesn't cover sanity, happiness.

Go over to Dice.com and check the markets for certs also. Search for the certification itself to see its demand and WHO is asking for that particular cert. That is a good baseline as is e.g:

http://www.payscale.com/research/US/Certification=Certified_Ethical_Hacker_%28CEH%29/Salary
http://www.payscale.com/research/US/Certification=SANS%2fGIAC_Security_Essentials_Certification_%28GSEC%29/Salary
http://www.payscale.com/research/US/Certification=SANS%2fGIAC_Certified_Intrusion_Analyst_%28GCIA%29/Salary
http://www.payscale.com/research/US/Certification=SANS%2fGIAC_Certified_Forensic_Analyst_%28GCFA%29/Salary
http://www.indeed.com/salary/q-Forensic-Consultant-Ence-l-New-York,-NY.html
http://www.indeed.com/salary?q1=GREM&l1=New+York%2C+NY

It is not about stealing others hardwork. I dont have good financial background, so that i could spend on gathering basic knowledge, sorry if it hurts u.well, today sombody can act like shouting on me, becoz i am seeking for guidance. But tomorrow if I master these things, I am going to welcome everybody open heartedly when someone asks for any help. Here i just wanted to ask for guidance about what to do,not for any help from anyone. I am capable of helping myself, thanx alot.