Well If you dont have a IT back ground, I would say start right there, start with taking apart a PC and know the differnt components, then move on to networking, try to master the art of computer networking and the different ways computers are connected. I guess those are the first steps

VJ

Is anyone attending SANS CDI in washington DC ?

Great webcast guys, finally got it it . Now that I have listened to it, I have new tools to play around with.

Kevin - I was just browsing through the samurai CD and could not see BeEF on it. As there plans to put it there ?

Thanks

VJ

That would definitely help.

I think I should post the difference between the various CERTs mentioned here (CEH, OSCP,GPEN) as i have archived them.

CEH - I would rate this as 5 on a scale of 10. The reasons being its very heavy on tools. It tests the individual on the theoretical knowledge of tools and its options. If you memorize the function of the various tools and the options available you are golden. But achieving CEH does not proof that the holder has practical knowledge. I would place CEH at  entry level of the Pen testing / Ethical Hacking cert.

OSCP - This is great course though the lecture portion of it is only 7 hrs but the labs are just amazing. Its a tough course and assumes prior knowledge of a lots of important concepts to get the maximum out of this course. Its more on practical side and if you are going for cert challenge you better be good at networking concepts and windows/linux command line. Still this course does not deal with business aspects of the Pen Test. But its a great valve for the money.

GPEN - Amazing course, very well structured, covers the business aspects and methodologies of Pen test which I believe no other course/cert talks about. In my opinion this is very important  because you could be very good technically but if you cant deal with the business side, you will not be able to provide the true value of the services you have provided. It is very balanced on tools, concepts and labs. Does not Deal with with lots of tools but the tools discussed there are in depth providing deep insights and tips and tricks from trenches on using them. The philosophy of this course is different, in that it focuses on developing the skills on tools and tricks which are natively available on the OSs, with a rationale that when you are performing a Pen Test you most likely have the liberty to install tools on the Target.

Just my 2 cents.

Thanks
VJ

Its a amazing course I am sure you will learn a lot.

VJ

I think to use this tool and servify an executable you would need some sort of user access on the machine. I work with a very large environment (10,000 +) users and have not seen many users who would wanna play with this kinda tool. Agreed there are always a few who are smarter than others but hey thats why we follow the concept of "Defense in Depth". rather than "Security by obscurity"

VJ

Togg,

Welcome to the forum, and thanks for the post. I am sure you will hear a lots of good feedback about work, which is great and sure has made to one of the top Pen testing methodologies and is mentioned in a few course wares.

I  have had glanced thought it but have never used it exclusively. I will look into it in more detail and if I have i will let you know,

Thanks

VJ

hey Welcome to the forum, you will find a lots of friendly and helpful people here. Please feel free to ask questions and try to be specific to get answers

VJ

Nice post and a very handy list

Thanks

As far as i know GCEH was renamed to GPEN. but I could be wrong

Finally I passed the GPEN exam last week. All I can say is .. between CEH and GPEN, those who have CEH and going for GPEN, there is no comparison it is a tough exam.

VJ

I use BT 3 running on a VM most of the time

VJ

I don't think it will be frown upon if you let it expire in a few yrs time if your job requirements don't require it. I had a few of CISCO certs which i let expire because it was not part of my job. I don't even mention them anymore. Always put the relevant certs on the resume according to job requirements.

VJ

Looks like you are on the right path, but i will just alter the list slight just based on my experience to

CCNA
Sec+
Some sort of Microsoft cert
Linus+ RH
GSEC
OSCP

I moved the CCNA up because u need to have good understanding of networking before you dive into INFOSEc, the Microsoft cert is there because no matter how much you hate it still have a major share of the targets in pen testing and you should know about them. GSec if you can afford to do is a great security cert and training.

Hope this helps

VJ