Welcome to the forums.

The CISSP is probably the single most influential infosec cert there is. The OSCP is respected within pen testing communities, but it's not going to have the broad appeal that the CISSP does. Also, a lot of non-technical customers like seeing (and occasionally require) things like CISSP, CISM, etc., even though there are much more relevant pen testing certifications.

PWB, eLearnSecurity, and SANS 560 are all excellent courses on the pen testing side of things.

Hey man, as long as the problem isn't me being an idiot and missing something obvious, it's all good

I actually was but forgot to ask, thanks. Am I missing something though? Didn't you say the system was fully patched? Why was that exploit able to execute successfully?

Welcome to the forums MaXe!

Can you give any required skills/recommended resources to fill in the gaps between the OSCP and OSCE. It was my impression that the OSCE was significantly more advanced, and it wasn't intended to simply be a natural continuation of the OSCP.

Not a fan of Fire Gestures?

Ctrl + Right Click + Drag = Selected links in new tabs. Great for forums, Digg, etc.

I just noticed that Exploit DB provides an Archive. That simplifies things a bit. I really should pay more attention to navigational menus...

I don't have a lot of experience with these tools. They need to be used with care as some checks may drop databases or cause other damage, correct?

Don't forget SMTP, IMAP, and POP with netcat. You can also use Nmap's ncat with the --ssl option to connect to ssl-based services (or use sslproxy with one of the netcat variants that don't support ssl).

Your best bet would be to perform a packet capture while establishing an legitimate connection to see what information is normally transmitted and then adjust that as necessary.

You could then use a packet crafting utilities, such as HPing, Scapy, PackEth, etc. (or hexedit and file2cable if you are feeling particularly l33t) to generate your custom packets.

Disclaimer: I don't have much hands-on experience with this, but I think that looks right in theory

Here are a couple of other books that I've found to be pretty good that may help out with this one:

http://www.amazon.com/Enterprise-Security-Architecture-Business-Driven-Approach/dp/157820318X/ref=sr_1_1?s=books&ie=UTF8&qid=1281812697&sr=1-1

http://www.amazon.com/Security-Engineering-Building-Dependable-Distributed/dp/0470068523/ref=sr_1_1?s=books&ie=UTF8&qid=1281812688&sr=1-1

Honestly, as good as they are, I stopped reading early on. I really have a hard time getting into this material and would much rather be playing with something more technical.

I think one thing that's really benefited me is that I'm a cert junkie, and having taken so many exams, I feel that I have gotten significantly better at determining what the question is asking and what they're looking for in terms of an answer. That may sound kind of stupid for anyone who hasn't taken an (ISC)2 or ISACA exam, but determining what the question is asking and knowing how to answer it in the way they want (not necessarily real-world) is as important as knowing the material itself. Seriously.

I'll take a stab in December. I got my CISA results yesterday (pass), so that one's up next. I used pretty much the same resources as you, minus the 100 question supplement. I'll splurge for that on the CISM; I felt pretty shaky on this one.

Congratulations on your pass. What's up next?

I just talked about it recently in this thread: http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,5923.msg31439/#msg31439

Honestly, aside from the security-centric stuff, it's just been a good learning experience too. I really hadn't done anything with BSD up until that point, so it was fun to just dive in and try to get things working.

So you're an exploit whore with OCD?

I figured that was the route I was going to have to go. I was just wondering if there was an easier way to acquire and manage everything since that is a major PITA.

I <3 snapshots. I'm a VMware junkie, without a doubt!

I appreciate the response. Also, ISACA *said* they will be email results out today or tomorrow.

It's not free, but I'll vouch for ARP Networks. You get a lot for only $10/mo.

http://www.arpnetworks.com/vps

The only down-side is that they sell out quick and you need to get on a waiting list. I waited almost two months for mine.

You're probably going to be best of learning assembly. After that, The Shellcoder's Handbook and Hacking: The Art of Exploitation (2nd) are good resources to take the next step.

Thanks for the response. I do the same thing

I have an OpenBSD VPS ($10/mo with ARP Networks - They ROCK), and I have SSH listening on 443, amongst others. It's pretty nasty as I only get stopped if they're doing application-level inspection or are a deny-all shop and are only allowing specific IPs/URLs.

I used to do port-redirection to TinyProxy until I found out about the ssh -D option. That's been working out great. It's nice for keeping away from eavesdroppers on Hilton's network too.

If all else fails, I can often just get back online once I return to the hotel and prepare for the next day. It'd be nice if work would spring for some sort of air card though.

I think the issue I run into is simply a lack of time. Like this week, I had to perform social engineering, a security assessment with physical inspection, and a pen test in three days. I'm not even going to be able to get all the low-hanging fruit on this one, let alone go after anything more obscure.