I think the following three books will give you the most knowledge combined with the OSCP track, although it can be pretty complex:

Metasploit: The Penetration Tester's Guide
The Shellcoder's Handbook - Discovering And Exploiting Security Holes
Web Application Hacker's Handbook (not sure how much web-attacks come back in the exam as they also seem to be developing a webapp track)

I did read "Advanced Penetration Testing for Highly-Secured Environments" but it is not as advanced as the title suggests. Better pick it up second hand and use the money you save to put into obtaining more certs or have a beer.

Further more I like to mention:
Ninja Hacking - Unconventional Penetration Testing Tactics and Techniques

This books covers some unrealistic attacks but also hands out a nice selection of attacks that can be used and usually not come back in other books. For example I liked the mention of disrupting an admins routine to add stress to his daily work and by doing so make him less focused on the work at hand. I know most attacks will be out of scope but nevertheless it is a nice read and of course these tactics can be applied by blackhats without restriction.

On my "to read" list:
Rootkits - Subverting the Windows Kernel
Practical Packet Analysis 2nd Edition

Aww, I did miss this topic. Earlier this year I passed CCNA and CCNA Security. Now I am looking at some pentest course, OSWP/OSCP/eCPPT. Not sure yet which ones I gonna take, all have pro's and con's. The only one I know for sure is OSCP but I have to schedule some holidays then haha.

Later this year I have to do Prince2 Foundation and TMAP Next Test Engineer. As you can imagine they are not my favorite ones so I have to throw a pentest cert in it to keep myself happy.

I will update this topic after I decide my next cert challenge:
OSWP (need to buy some HW),
OSCP (lack of time)
eCPPT (not sure how deep it goes).

Anyway I see 3 courses mentioned in your sig. Did you complete all of them? If so, please answer the questions in your opening post. I might help me out as well.

Hmm, I really wanna do this course but lack the time right now. I can recommend Smashthestack.org IO challenges for anybody that wants to improve their exploitation skills before opting for OSCP. I found it beneficial as it improved my gdb knowledge and general Linux exploitation skills.

Currently contemplating if I should do eCPPT in the mean time (since they have flexible labtime) but a bit scared I know most of it already.

If you need custom shellcode and have no access to metasploit, this is a good resource: http://www.shell-storm.org/

Nice post but unfortunately I read similar stories so no new info for me. However I am already looking forward to the tech-part as I never really done any research on smartphones myself, keep up the good work 

Nice writeup! I would also include Command Injection attacks as they are relatively easy to exploit, see some info here:

https://www.owasp.org/index.php/Command_Injection

https://www.golemtechnologies.com/articles/shell-injection#how-to-test-if-website-vulnerable-to-command-injection

I adopted this approach after stumbling over it while researching report writing info. Forgot the source but if I come across it, I'll post it here. Since then I stuck with it but of course it depends always on what the customer wants.

It is however a valuable insight if the company has spent time and money on it's defense. By seeing that some attacks fail because of their previous investment it will also help them obtain the required budget more easy.

I use Camtasia Studio for this as I run most audits of my Windows box (I have backtrack in VM or just use a SSH connection).

The client does not mind it but of course I have to store it securely and can not disclose it without their approval. Nothing beats a live demo but a recorded video also makes a lasting impression if it is a spectacular hack

Creating a good report is one of the hardest things to do so here is the format I use.

Executive Summary: Introduction, Summary of Results, Summary of Recommendation, Conclusion
This part I try to write as clear as possible avoiding most tech speak. I try to add some pictures or graphs that help to explain the issues found and recommended mitigations.

Project Scope, Rules of Engagement and Methodology
General information about what is and is not allowed + overview of the system/ip's we did use to conduct our audit.

Technical Attack Narrative
This is written for the tech guys and details any attack we carried out (succes AND failure). Discovery/enumeration is kept basic.

Vulnerability Mitigation Techniques
Here we calculate the risk of each vulnerability and they ways it could be mitigated. By calculating the risk we help the company to prioritize the fixes.

Appendix A - Toolkit
This lists all tools we have used in the audit.

Appendix B - Cleanup
This lists all files that were created and deleted during the test.

I like to have a video record of my tests and archive them offsite together with a digital copy of the report (encrypted of course). This way we can always show proof of what we have done in case the customer claims any damage or misconduct.

As good pentester I always start any certification with some OSINT  So I came across a post that said metasploit can not be used (or just once) and I agree with this limitation but does this also mean we can't use the scripts for exploit writing? I am talking specificly about pattern_create and patter_offset.

Right now I have not signed up and am studying many different attacks and the theory behind it. However I feel overwhelmed as well since there is so much to cover.

Besides reading many of the papers mentioned here I practise as well on smashthestack.org (mainly IO). There are many different challenges that expose you to the various types of vulnerabilities, helps you to identify them and gives you an understanding how to exploit them in a timely manner. Of course I document everything and write my own little scripts or code where I need it. You never know when you need it again.

I struggle a bit with GDB as I am used to Immunity, Olly or IDA. Yeah yeah, I am a Windows guy hehe.

There is cheatsheet worth printing:
darkdust.net/files/GDB%20Cheat%20Sheet.pdf

And of course an Intel Assembler 80x86 one:
http://www.jegerlehner.ch/intel/

Anyway it is a good prep for the OSCP cert I think. Will be signing up after OSWP. Good luck everybody 

I always read a lot here but with a sponsor like this I just had to sign-up haha. This year I started to turn my knowledge into certificates (always good when you meet the HR folks) and of course Offsec certs are something worth having. So regardless of winning they will see me for sure.

Will AWE become available as normal track as well? Right now it links to Blackhat. Very interested in it since web pentesting is my weakness.