Do you mean in the elearning environment or also skip it in the Gold exam? I don;t think they would do that as it would create an unfair time advantage compared to regular students.

I am pretty confident that when you truly master WAPT you should have not much difficulties in the Gold certification for that part of the exam.

This is a common scam (at least in Europe) usually carried out by callcentres from India (or at least they have the accent and operate from whereever over VOIP). Haven't heared about any arrests but there have been multiple articles published in the media to warn the public.

Useless to say, this fails at some part of the population
$25 seems pretty low, considering somebody will have to fetch hundreds? thousands? of these money orders.

Congrats! It might also depend a bit on which country you are working in and for what company. Couple this cert with CISSP and you can walk into almost any interview room.

What material you plan to use for the CHFI? I might be doing it to learn some forensic basics.

Just finished eCPPT, hopefully passed it, next on will be either CISSP or OSCP.

Seems to be offline as they list various countries and locations in the registration process. Too bad I live on the wrong side of the planet, nothing available near here.

I noticed they were down from the 10th onwards as that was the day I wanted to start to use them for my eCPPT report. Too bad, had to use another source and since submitted the report. Now the long wait start...

Anything can get hacked 

A reply on your first part:

If hacking did not exist there would be no internet. The true and old definition of a hacker is somebody who has the need to understand the inner workings of something in order to enhance / improve it or to gain more knowledge.

When using that definition you see a hacker is not restricted to the digital world. The same processes can be adopted to almost any field. People like this are the reason society always advances and comes up with new technology.

Second part: my opinion is that somebody who breaks in a computer and finds information that the public should know about must have the right to publish this. However in real life this is not the case. It usually comes down to profits and money. If there is enough at stake companies will try to sue you and goverments will put you in jail.

Journalists occasionaly publish stuff they get from an anonymous source. That would be the only way I would dare to publish.

I'm with Don. Hacking is not good or bad, it is how the person that posesses these skills uses them. The media has given the term "hackers" a negative meaning as they only feature blackhat incidents under this label and in positive messages speak of "compter professionals / consultants / experts).

Blackhats or criminals are a necessary evil. If they wouldn't be around, there was no security industry or policeforce and hence many people would be without a job. So not expect a completely safe internet ever, it's the same as real life: there will always be risks. Take your precautions and you will be most likely be safe enough.

A fw or anti-virus will not keep you safe from a serious threat. You should determine for yourself how valuable your data is and what level of protection is needed. As long as anything is in a computer there will ALWAYS be a way to get to it.

I'm currently doing eCPPT and it's fun. The main reason was it's focus on web pentesting. Furthermore it is a nice warming up for the OSCP certification if you want to go that way.

The course content consists of a OS/Application section, WebApp and Network section. For me most material I knew already however I picked up a few new things and have gained a better understanding of the webapp pentesting part (I prefer OS/applications though haha). Did not write the exam report yet but am getting there.

Any questions? let me know. Also get the web application hackers handbook 2nd edition, it covers a lot of the same info as this course.

I'll usually run with NAT so you could check that.

However regarding your problem: is your network up while testing? As you have "replicate network state" it is easy to unplug your laptop and forgot that this breaks your VM networking as well.

Other things to check:
- what adapters you see with ifconfig?

You have valid reasons to stop however no valid reason for a refund. The fact you have months remaining is because YOU refuse to take a MANDATORY exam. The course provider has not broken any agreement or rules. You try to change those yourself and by doing so you are at the mercy of the course provider.

I don't know where you are from and don't want to judge you on that. Maybe your country has less formal rules. However where I am from (Europe) you can not simply request a refund when you have signed up for a course and find some aspects in the course you not like. This is why you have to accept the user agreement before signing up and after that you are bound to it.

This is the last time I will reply here as you seem to have made up your mind and will not do anything with comments that differ from it. Good luck.

Well I'm sorry to say but I have to agree with ajohnson and can not see how you are entitled to a refund.

The course clearly stated that an exam is mandatory to progress to the next level. If you refuse to take it and as such can not progress to another level, how would that entitle you to a refund? Yes, you do not use other material but you are occuping a seat that other students could have had. Furthermore, if you do the exam and pass you simply progress as you want. If you have the skills than a report would not be hard to write it only costs you some time.

Valid reasons for a refund would be:
- Company ends training activities before your subscription expires
- No reliable access to labs and study material where it would involve HackingDojo his hosting, not your own internet connection
Usually a course like this will test connectivity when you start to make sure you can access the material.

I did face the same challenge as you and have just signup and started eCPPT.

The reason for choosing this course is that my web-pentesting skills are weak. This course offers a good explanation, haven;t tried out their lab yet but will do it later on.

I know most of the info I got but putting it in a clear order makes it more easy to put together. Will write up something after I went through all material and the exam so stay tuned haha.

For OSCP preparations I recommend to read through their live training story: http://www.offensive-security.com/offsec/pwb-in-the-caribbean-part-1/

It points out some of the PWB focus and you can research these items youself beforehand.

If you live in a non-English speaking country it might be worth to setup pentest or other infosec training sessions (for a fee) in the native language. I notice many people, in both my homecountry and the country I live now, prefer to have study material in their native language.

If your classes are decent students might even want to try to obtain formal certifications later on (e.g. Offensive Security / eLearn Security) Those are all very hands-on and easier to accomplish for non-native speakers than multiple choice exams.

Personally I think that English communication skills are mandatory in the IT industry. So many software and documentation are written in it. Trying to troubleshoot an issue with localized software can be a pain in the ... 

The problem I currently am facing is a total lack of interest in infosec where I reside righ now. I will try to setup a small training facility and try to give free awareness classes at government, educational institutes and businesses. Hopefully over time this will lead to training demand and finally pentesting demand. It is a long way to go ... The positive thing is: I am the only company dedicated to infosec haha

No comment on the Cisco side but I am a bit on the same path as you. So I will share my methods with you but first I will tell a bit of my background so you can compare it to yours:

I grew up with an Amiga, played games on MS-DOS + Windows and when internet became popular my attention shifted to information security. I'm now 30 years old and the past 8 years I have hold the following positions: first-line support, system/network administration (Windows, Citrix, OS/400, Cisco) and finally security officer (risk assessment, policy/procedure writing, vuln. assessment/pentesting). 

Exploit writing has always amazed me and had something mystical about it. I see it as the top of the security chain, since without these people breaking security is a lot harder. It consists of two phases: find a vulnerability, write a working exploit.

Right now I am trying to plan a good way to reach my goal. These are the steps I will take:
1: Research the various types of bugs that lead to vulnerabilites: (heap/stack buffer overflow, off-by-one, use after free, etc). When you understand these, the next step is to recognize them in a specific technology/implementation.
2 Pick a technology: Operating Systems (32vs64 bit, local vs remote), Smart-phones/Tablets, Embedded Hardware (printers, networked devices). Since they are all very different from eachother you need to focus all your effort on 1 technology in my opinion.
3: Read, read, read: learn the language, uncover how things truly work. Use books, system documentation, research from fellow peers.
4: Finding vulnerabilities: debugging/RE tool usage (gdb is pain in the *ss if you are used to GUI's hehe), fuzzing, dissect patches, read published exploits and see what part it targeted and how it works, look for buffer overflow exploits and see if you can modify them to remote/local code execution, check if a vulnerability in a similar technology exists in ours as well. E.g. browser bug on OS also on smartphone?
5: Exploitation Phase: learn a scripting language to automate things, low level programming (assembly), metasploit (if you want to port your exploits to it), shellcoding + bad char identification + encoding, protection evasion (DEP, ASLR, EMET on windows)

Resources:
1 Wikipedia has a nice overview of the various types of programming vulnerabilities: http://en.wikipedia.org/wiki/Software_bug
2 Read the book: A Bughunters Diary to see how people do vulnerability analysis
3 IO challenges at smashthestack.org They give you vulnerable sourcecode, spot what is wrong and exploit it. Very difficult when you start but very rewarding when you write your first exploit from scratch.
4 Specific information for Windows exploit writing: https://www.corelan.be/
5 Watch on securitytube: Assembly for Linux or Windows, GNU Debugger, Exploit Research, Linux Format String/BoF, consider the Python Scripting Class


That is a bit of info of the top of my head. If you update your post with the specific technology or OS you like to exploit it is easier to give more specific resources.

Haha awesome! Maybe you will actually obtain the whole list  

What will your next cert be? I am currently prepping for CISSP. A lot of overlap with Security+ so I can recommend it if you are thinking about it. After this I really wanna start with OSCP, a fun hands-on challenge.

edit: WGU sounds nice. Too bad I am not a US citizen.  Good luck!