Wesley is awesome, and i respect his opinion =)

If you read carefully we actually have the same ideas about the book but draw different conclusions.

I see it as the only up to date reference atm, and being so cheap, for anyone who wants to get into pentesting or has no idea about backtrack, it is a great resource.

Comparing it to WAHH by content is unfair b/c WAHH is all webapp. if the comparison is one of quality, sure WAHH wins hands down...

Imo it's either BASPT, an outdated book,  a $300 course from offsec ,or googling everything yourself.

Anyways, it's always good to have multiple viewpoints!

Hey Guys/Gals,

Just in case you hadn't seen this, a couple months back I started a open source penetration testing bookmarks set! it has been contributed to by a lot of really good testers and we will begin version 1.6 in the coming weeks which will add a ton of stuff... Here's the info:


http://code.google.com/p/pentest-bookmarks/

I know a few people out of college who did security work right away, but they were all-stars and were already focusing on hacking/pentesting while still attending university. Some were doing CCDC or Defcon CTF, others were doing projects on heuristic IDS or other security tool development.

If your major is directly related then it is more possible, if it is not then... sysadmin, dev, etc, all while trying to gobble up sec related projects will get you to a sec career quickly.

Hey Sil,

I have a cheatsheet for command line scripts and workarounds that i use often. Most of them are from Ed Skoudis and other pentesters who trade 'em around. When you first show them to people they lol... and then they cry when they cant use nmap.

Ill host my cheatsheet up later this weekend. Good post.

Here's one for Directory Bruteforcing i did.

Sorry just let me clear up this post:

ElearnSecurity and LearnSecurityOnline are two COMPLETELY different trainings..

Elearn is in the middle of UPDATING their first revision of Penetration Testing Pro, which was awesome. The main guy to talk to there is Armando Romeo (armando@elearnsecurity.com)

LSO is in the middle of completely restructuring their offerings, "So You Wanna Be a Pentester?" and  "So You Wanna Be a Webapp Pentester?" Joe McCray (joe@learnsecurityonline.com) is the author of all the LSO courses. I just finished taking the live "APT: Advanced Penetration Testing, Prentesting High Security Environments" which was stellar.

Hey BlueEyedSamurai,

I know the authors pretty well, they have some good stuff. Right now they are trying to restructure the course. You should email joe@learnsecurityonline.com and ask him what he's got going on atm.

Also if we're talking network level shell (not webapp/php/etc) Metasploit has some built in privilege escalation exploits in the priv module (meterpreter) and after patch tues a few weeks ago more should be coming


Also, Depending on your specific permission level you can use incognito to token steal from a domain admin or user and add a new account for yourself with higher privs.

Whats funny about this is that it seems to have happened out of need not want.... 

Rapid7 and HD Moore said "SANS New Class is the official Metasploit Training" so obviously people on twitter asked "what about Metasploit Unleashed?" and HD replied " We will continue to link to it as long as it is updated"

And hey... look at that! Updates!

There was a really good presentation at Bsides by one of the Intrepidis guys on this. He attacked the protocols, auth mechanisms, and other aspects using a variety of MiTM attacks... Ill see if i can dig it up.

Mallory is gonna be sweet for this.

DAVtest is a newer tool for testing extensive web server options,

http://code.google.com/p/davtest/

it has also been implemented as a Nmap script, check out the scripts directory for more information.

The default shell it will give you is limited, i replace it with the new meterpreter PHP payload. Or you can supplement with Ironfist's AJAXShell (clean, better, faster than c99/r57/etc):

http://sourceforge.net/projects/ajaxshell/

I know i'm resurrecting an old thread, but having taken all the courses that have been mentioned in this thread i can offer the following:

GWAPT has a great methodology, but it does lack in some of the technical areas. It covers the domains of app testing, the best and most current tools, intros to scripting languages, and lots of application theory. it gives you all the tools you need to move forward in appsec testing if you've never done it or are primarily a network ninja. It's an introductory level class.

Elearn's module on webapp hackery is impressive, its technical detail is more in depth, and it covers some one-off tools that i now enjoy using in my app tests. I'd say its a intro to medium level class. Armando is still planning on doing the stand alone course on webapps, i don't know the timeline on that though.

Joe's "So you wanna be a webapp pentester" is good. It's an intro to moderate level class. It has a little on the basics, and ton more on specifics of exploiting certain DBMS's, etc. Very similar to his free talk on SQL injection. After seeing him at blackhat and taking his Advanced Penetration Testing class i know he is close to finishing a complete revamp of all his courses... and if they are anything like the one i took, they will be excellent. More on that soon.

Dafydd and Marcus's Two day Blackhat class is by far the most "Ninja" class i've taken so far. They expect you to have gone through the Web Application hackers handbook and have a solid grasp of whats what in the appsec vuln landscape. The majority of the class (depending on what kind of group you take it with) is bashing your head against different filters and flaws. It's painful but awesome. The only problem with that is that the class is only 2 days. I could have easily soaked up Dafydd and Marcus's knowledge for week. Dafydd and Marcus have some new stuff on the horizon which i will be writing about in the near future.

Forgive my absence, new baby on the way and con season have rendered me forum-useless.

There are a few initiatives for this kind of documentation out there atm. One i like a lot is:

http://tools.securitytube.net/index.php?title=Main_Page

Which has syntax and videos for a lot of tools.

gl!

ill be there sunday-sunday, we should all grab some drinks!

Also CG did an excellent writeup of XPATH injection right here on EH.net =) Gives some tool mentioned above:

http://www.ethicalhacker.net/content/view/185/24/

feed the wsdl to founstone's WSDigger, then go to the top menu and chose to run tests, this will check for commonly known injection attacks.

Sec542 has a whole section on webservice hacking =)