28 is not too old. I am making the transition after 15yrs working as a sysadmin

Pentoo 2013 released today. Haven't gotten a chance to test drive it yet, but figured I'd pass along the news:

http://www.pentoo.ch/

Easily one of the best reviews of the OSCP I have read.

Thank you!

There is also the Fedora security spin for those who prefer a RedHat based distro:

http://spins.fedoraproject.org/security/

Not courses, but some books that I really like on Python are:

Learning Python
http://shop.oreilly.com/product/9780596158071.do

Programming Python
http://shop.oreilly.com/product/9780596158118.do

Grey Hat Python
http://shop.oreilly.com/product/9781593271923.do

There is NetCut, which is windows only:

http://www.arcai.com/netcut-faq/62-what-is-netcut.html

and recently released WiFiKiller for android:

http://thehackernews.com/2012/09/eject-any-wifi-device-from-network.html

My lab is entirely on vm's. I even have the De-ICE disks loading as seperate vm's. The great thing about using vms is that if I fubar a machine I can resotre it form a snapshot. I can also clone the vms and quickly setup multiple machines in the lab.

So my setup is basically this:

Hadware:
Old old crap I got for free from a client who didnt want to paid to dispose of it; Dell PowerEdge 2600 running Dual Xeon's and a whopping 6GB of ram! on four scsi drives running in RAID 5 for 250GB of space. This doesnt leave much in the way of resources for the vm's but I really just need them to boot. I'm not actually doing any heavy lifting on them.
I also have 4 additions NICs installed in the poweredge as additional interfaces. All of the NICs are connected to a run of the mill linksys wtr54g except one that is dedicated for the host which is connected to my regular network for administation perposes and one that I designate/use as the public interface to the lab.

On it I run Debian with a headless virtualbox install. If I am looking to duplicate or imitate a sm/med business network. I'll setup a vm of untangle, astaro, psense, monowall, making sure that the firewall is on the inteface I decided to use as a 'public interface' and then my other vm's use the other NICs for connectivity (being careful to never use the NIC that is connected to my regular network). For a small to med business setup I usually run Win SMB Sever 2003/2008 using running as a domain controller and with a DHCP server running also. Other services are dependent on what type of business it is.

In my experience small business almost always only have one server and it is doing everything under the sun. Email, web-hosting, Database, file sharing, you name it.

A little convoluted there, but I hope you get some value out of it.

I ran my own server and ran wordpress for years, and I highly recommend both if you are planning on having a site that if going to get traffic or you are interested in learning.

For me though, I finally got sick of the all the admin time on keeping everything up to date on the server for a personal site that get next to no traffic and moved to google sites...

Yeah, I know what people are going to say, but I don't have to keep doing sys/web admin stuff when I come home now.

If you don't want to use unetbootin (I'm not sure why its a pretty good little utility); you can use the dd command to copy the iso to a drive/USB.

The Fedora project has a pretty good howto on this:
http://fedoraproject.org/wiki/How_to_create_and_use_Live_USB#Command_Line_Methods

Hey BACARDI,

I did 7 years in the military doing sys/net admin type work with a healthy dose of telecom/satcom thrown in. When I got out it became very apparent to me that without a degree very few companies where interested in me regardless of my experience. In fact in many cases, even after I have gotten a degree, my military experience has put off many potential employers. It to the point that I use a functional resume format instead of a chronological format to down play my military experience will still being able to include what I have accomplished in my career.

After being in the civilian world for several years I decide to get my MS in Comp Sci. Which has been the biggest boost to my career advancement. I've never been one for certs, but I have seen were they have gotten many people interviews over other people with experience.

Again I have to say that in my experience it has been my degree and advance degree that has open more doors for me then my military experience. That is not to say that the skills and experiences I got from the from the military are not valuable or have allowed me to excel in my career, just that it hasn't opened any doors for me.

Just a note if you are traveling by air in the USA the TSA only allows you to use certain approved locks;

http://www.tsa.gov/travelers/airtravel/assistant/locks.shtm

Congratulations! You'll have to give us your impressions of the course.

Wanted to share this article from IEEE on the recent uncontrolled trading on the stock market. Seems that the blame is being put on old software that was accidentally reactivated.

Begs to wonder how many servers/systems out there have old vulnerable software that has been 'disabled' that is just waiting for someone to come along and start up...

http://spectrum.ieee.org/riskfactor/computing/it/new-insights-into-knight-capital-trading-snafu

It's a cost/risk analysis.

How much will it cost to implement better security? Remember that some of these systems are running on legacy code. Much of the banking systems in the world are FORTRAN/COBAL. These legacy systems would have to be rewritten from the ground up. A HUGE undertaking as at a HUGE cost.

vs.

How likely is a breach and how much will it cost if/when it happens?


The simple fact is that the cost of a security breach is much less then the cost of upgrading the vast majority of these systems to a higher level of security.

I also run Backtrack in a VM. That being said I've always done upgrades. I
can't say that I've run into any issues during while doing an upgrade
. I've always been perfectly able to hose a Backtrack install all by myself.

My upgrade to R3 was painless and BackTrack already has a nice HowTo:

http://www.backtrack-linux.org/backtrack/upgrade-from-backtrack-5-r2-to-backtrack-5-r3/