Schneier put together a great list of Ars Technica articles that went in-depth and contain some pretty interesting information: http://www.schneier.com/blog/archives/2011/02/anonymous_vs_hb.html

This course includes a lot of hacking concepts because you need to know how common attacks (at an extreme minimum) are performed in order to properly respond to them. The course is definitely taught from a defensive / reactive perspective, which I believe is what you're looking for. On the other hand, the GPEN focuses on the offensive aspects of penetration testing / ethical hacking.

Welcome to the forums!

Check out: http://www.pfsense.org/

Oh, I just want something to break in lab. It looks like there are free soft phone packages for Asterisk. That should be enough to get me started.

I'm totally jealous, congrats!

That's awesome. I probably won't get a shot at that until 2012 (mostly because of weak skills ), but it looks amazing. I'm eagerly anticipating the review (and the pass)

While we're on the subject of VOIP, do you have any recommendations for getting started? It seems like Trixbox is a popular system to get up and running quickly. I just don't know what else I need in terms of hardware, software, etc. It's a major shortcoming of mine that I need to remedy.

I missed this; that's actually not true. The exam is structured around the GCIH and GCIA. Windows and Linux skills are also required with either the GSEC or both GCUX and GCWN. I wouldn't necessarily call it a generalist certification, but it's definitely focused on IA and IH and not pen testing. While you can substitute additional 500-level certifications for the required gold papers, it's not going to change the focus of the exam even if you decide to do something like GPEN and GWAPT. That's not to say that type of knowledge wouldn't be useful on the exam, but again, it's not the focus. There were rumors of a GSE for penetration testing that included GPEN, GAWN, and GWAPT, but I asked recently and was told there were currently no plans for it.


Honestly, probably not. The only times I've seen it mentioned on job applicant wish lists have been in a ridiculous context, such as, "GIAC or GSE certified." Like you've observed, there have only been a couple dozen since it started in 2003. I'm doing it for personal reasons and because I want to feel like I'm part of an exclusive geek club

If you're pursuing certifications because you want mass recognition, this probably isn't the one to go after. I wouldn't expected the masses who aren't in-the-know (read: hiring managers) to even be aware of it, but they'd probably think you could walk on water if you told them you were a CCIE.

Or, I'm just telling you that to discourage you to keep the numbers low. Who knows...?

Great stuff!

Great advice so far.

Also, check out a tap (you can buy high-end ones, but it's easy to make your own too: http://09-f9-11-02-9d-74-e3-5b-d8-41-56-c5-63-56-88-c0.com/category/diy/). A hub may work too, depending on the speed of the connection.

I'll be attempting this in 2011 with a (now ex-) coworker of mine. We're starting to put a blog together with notes, lab setups, sample captures, etc. It's mostly just rambling at this point though. I have a month or two of college classes I have to wrap up before I can commit a lot of time to it, but I'm going put an enormous amount of time into it starting in December or January. I'm pursuing this primarily because it's 1) a challenge, and 2) once you obtain it, you can renew all your GIAC certs by passing the GSE written exam once every four years.

Chris Mohan took a stab at it this year, and he's posted some thoughts on his blog: www.chris-mohan.com I can only imagine how excruciating the 30-day wait would be, ugh...

It could look at the user agent that's being reported, but that's something that's easy to change. Application in this context doesn't really refer to a specific application that the client is using, but rather the protocol that is in use. It's referring to the application layer of the OSI/TCP models. For example, a packet filtering firewall could be configured to do something like only allow outbound traffic with a destination port of port 80 (standard HTTP).

However, I could do something like run SSH on that port and create a semi-covert channel. The firewall wouldn't have any problems with that since I'm adhering to the rules. However, an application-level firewall would actually perform deeper packet inspection and notice that I'm not making HTTP connections. If it was configured to only allow HTTP, my connection would be denied and logs/alerts would be generated.

It looks like an excellent course, and that's going to be how I'll be spending my 2011 training budget. It prepares you for those five exams, but it only includes vouchers for the CEH, CPT, and CEPT. There's going to be a lot of programming and exploit development, so be sure that you're at the level you need to be for that. I'm not, which is why I'm going to be hitting The Shellcoder's handbook and Hacking: The Art of Exploitation (2nd) hard until my funds come in.

Do a search for open source information gathering. There's a ton of resources already available. Chris Gates has a good presentation that's an overview of a lot of the tools that are out there. Google Hacking by Johnny Long is an excellent written resource. Most ethical hacking/penetration testing books contain recon chapters that adequately cover common tools and techniques.

Scavenge for info first and foremost; people post all kinds of useful tidbits. Always do recon before attempting any fancy techniques.

I run an SSH server on 443, so I'm good unless they're doing app-level inspection (rare) or only white-listing specific IPs/DNS.