Hello Chris,

Don't believe we are similar to OSCP, honestly. Not saying we are better or worse. It's just another (completely) different way of teaching things.



At now I'm not able to give you time lines. The Beginner version of our PTP course will be a never seen course and it is taking its time.
However I believe the web app testing part of our current PTP course is quite a good amount of information!

Check our demo to see your self, it is on Web app testing
Btw Introductory price expires in 12 hours - Regular price will be 449€ ($599)

Not because I wrote it  . But I believe you won't find any better coverage of web app testing in other courses.

Check out our demo, it's on web app testing or ask Jason 

@hayabusa You can sign up for a demo of our course, that is an (almost) full module on SQL Injection including 20 minutes of video training.
Just enter your email on our home page and you will get a user and pass within 1 hour.

Wanted to say that the introductory price ($485)
will expire tomorrow April 30th at 12pm GMT. Regular price will be 449€ ($599)

We really gifted this course that is worth at least three times the current price, but yeah! We will respect our first goal to make great training affordable! Even after the great reviews we are getting

Thank you all.

When you have a budget of approximately 0$ for marketing and promotion,
the only way to be successful is to build something great.
It seems we managed to do it.

Your words will be our proof for the skeptics.
So please, spread the word and be an eLS evangelist.

Thank you very much

@ceh2006 Have you received your coupon?


If you entered your email address *after* our release please contact me back 


Btw, Coupons will be issued until April 30th and they will have to be redeemed within April 30th as well.

I would like to clarify this.

Since this is an online course, granting access "forever" is not possible
The 180 days limit is a way to say: we grant access at least for 180 days, but until we are alive we will always give you access to the course material online (to the version you bought).

The student of the Online version will have the possibility to buy the Offline (on DVD) version at a symbolic price.

@Dark_Knight I understand your point, however this is a completely different kind of course where you don't get the material and go home.

We mind to keep it up to date and add new staff continously. It's kind of a learning as a service although you just pay once and not monthly. And you even pay less than others while having up-to-date contents.

Having people understand our different model will be a tough challenge however we are going to give the students of the "Online" version, the possibility to buy the DVD of the off-line version (that we are preparing) at a symbolic price.


I can assure you that you will be more than satisfied with the current release and that we will come up very soon with the off-line version (that just need some more beurocracy due to the DVD handling).

Anyway, thanks for your feedback

We will launch in 3 hours

Hello everyone,
It's Armando.

Wanted to announce that the Penetration Testing Course - Professional will be launched on April 14th . So just 2 weeks to go. 


I appreciate all the interest in this forum. Please do not hesitate to ask anything about the project in this thread.

If you didn't do it already, make sure to add your email here: http://www.elearnsecurity.com/eh.php - This is a special 5% discount for EH members that will last until the release date.

Finally I want to clear up things about the price: the Professional course will launch at $485. This price will be valid for a couple of weeks before being increased. So, if you're interested, make sure to act fast (you will save quite a lot).


Thank you

P.S. A review from Jason should come soon

OK.
What is the message that you receive in your web browser?

How many people would ever hijack an airplane to hit the most powerful country in the world?

You consider a threat only after you have felt its impact on your skin at least once.

And anyway, terrorism was just an example to say: it's not just about losing your $500 or $1000 laptop or your data. There's more risk involved than you're used to think.

Hi Bill,
it's a pleasure if I can help.

IUSR should definitely not be in the WPG group.
You put Pool identities into WPG.

Let's call IUSR_mysite the anon user and IWAM_mysite the pool identity.

Try this setup:

1. Create IUSR_mysite with a pass

2. Go to your website in IIS and pick this user as the anonymous user.
Make sure to re-insert the password at step 1 into IIS for this user
IUSR should have access to the website folder. IWAM should NOT.

3. Create a IWAM user, say IWAM_mysite and assign a password

4. Create an application pool and use the identity at step 3. Use the password at step 3 (password is not automatically gathered by IIS).

5. Go to the Home Directory of your website and select the created application pool

6. If you use PHP, WPG group should have the rights to read the PHP executable and the php.ini (not IUSR).


Let me know if you can figure out what's wrong from the above.

Hope this helps

@chrisj  Yup.

I would also add Identity theft. Imagine how is it would get for a terrorist to have access to a stolen laptop even for a few hours.

This is going to get even more serious with smartphones that are more and more capable of doing all sorts of things.

Hi chrisj,
Do you have a web server? or a hosting space?

0 cost solution: Write your own (hidden) tool to send the ip address and other information you may require to a specific PHP on the net every connection or every x minutes. (This is easily bypassable, but you would just require the thief to connect to the internet with your laptop once, to get a rough idea of where your laptop is).

This is of course something you can do as a small challenge and it could work well against people not interested in your laptop (someone who just finds it).

Keep in mind that :
1) Police hardly tracks such cases
2) The ip geo location is not reliable

You better full encrypt your hard drive with Truecrypt and watch it constantly.

Thought I could add something to the discussion:

• Check your NetBios shares and null sessions (in the end McKinnon managed to get into Nasa with this). It's something you do from command prompt
• Get USB Firewall utility to stop autoruns on usb dongles
• Get PSI as mentioned by pizza
• Get Sandboxie to run executables which behaviour is unknown, or to run your browser (Hey FF 3.6.2 has some great holes btw)

My 2 cents.

Hi Bill,
What's your setup? IWAM makes me think of IIS 6. Right?

Where are IUSR and IWAM located?
IUSR should be in Users group, while IWAM should ne in IIS_WPG group.

Do you have any ISAPI being loaded by the webserver?