Congrats MaXe! These experiences made you a stronger webmaster and security enthusiast I am sure.  Thanks for the info too.  Learning how badly 1and1 reacted will help others not to choose them in future.  Do you plan to make any more challenges in the future?   

I saw that story on twitter.  I could not believe that the judge could discount the 5th amendment like that.  "Here is the evidence against me, do what you will with it..." Huh?  How is that possible?  I am sorry but the Constitution is getting its butt kicked these days. 

WOW more pain.  Pretty cool.  It looks like they are coming out with a web app course in February too.

http://www.offensive-security.com/information-security-training/advanced-web-attack-and-exploitation/

Congrats! Taking time off or on to something else to study?

Thanks guys.  I could not believe it. I never win anything so this was definitely a blessing.   I want to thank Don and everyone at EthicalHacker.  This is always a fun and informative site.  I will give a full review afterwards.  I want to take SEC560 and the timing is great.  OSCE to SEC560!

Thanks.  I was looking at that page a while back but it is nice to know they are going to update it for the new year.  Sweet.  Hopefully I am done with the osce by then.  It would be a nice transition.  Of course, I am finding new ways to put off the ccna, oy vey....

Yeah I have not seen any either.  I think Joey McCray has a course in Maryland I would love to attend but it is really expensive.  I know my company is not paying for that one.  He has a cheaper one on SQLi for 400 bucks in January but I wont be able to do OSCE and that, at the same time.  OSCE is hard enough.

I am set for:

OSCE (taking on Christmas day)
CCNA
OSWP (upgrade to version 3)

Still trying to figure out what web application security courses are affordable and still good.

Wouldn't you just setup port mirroring and monitor everything from that port?  You could setup an appliance or a computer with wireshark,tcpdump, dsniff,etc, right?

Congrats everyone! Have fun with the great prizes!  Save time for Turkey Day! 

Play around with msfvenom/encoding and test them out with MSF payloads yourself too.  Big names can be bypassed too.  The only ones I can say stands out are AVG and Kaspersky.  They usually caught the files I created in Metasploit. 

I would agree 100%.  Just be ready to learn everything they teach you and more.  The only thing you can do to prepare is open up Backtrack and take a look at every tool that is there.  Get familiar with most of the tools and look over the PDF.  Also, figure out the best way for you to take notes.  I never knew how important the note taking process would be in a pentest till I took that course.  Lastly, prepare the family. You might be missing sleep some nights. My 2 cents.  Oh yeah, and have fun!

They might be going through with it...?!


http://www.theatlanticwire.com/technology/2011/11/anonymous-going-forward-its-mexican-cartel-leak-after-all/44513/

I have GDict also.  No idea where it is from also.  I just remember trying to have a wordlist for WPA/WPA2 when I found it.  I found a blog with a link for it so hopefully it helps.

http://www.defenceindepth.net/2010/05/password-wordlists-and-dictionaries.html

Also, you may want to consider making your own with cewl if you are using John.  Also, I would suggest looking at Insiderpro.  Those guys are incredible. 

I saw this passed around on Twitter.  Seems like a scary fight to me.  If you fight the gov't, you usually get jail time.  You go against a cartel, you are lucky if you get jail time.