I am very happy for you xXxKrisxXx!!!

Go to sleep and give us your feedback once you're rested!

I just bought another 30 days. I really want to hack all machines and finish all "Doing the Extra Mile" exercises.

xXxKrisxXx, how did it go?

Hey,

I've got some updates on this. I finally went visiting the school yesterday and met with the IT teacher and the school principal. It went surprisingly well! I kind of "connected" with the guy and the principal was happy when I talked about the disclaimer form.

The club will start around the end of September since the classes are virtually over for the summer. We will:

1) Have the students and their parents signed a disclaimer form.
2) We have a lab with about 30 computers, disconnected from the school network. Students will also be able to bring a laptop if they want to.
3) We will use Backtrack 4 in VMPlayer (Windows XP being the Host OS)
4) We have a projector and many switches, routers and other network equipments

So, all seems to look good now!

Does anyone have a disclaimer form I could adapt to the school?

Thanks!

Thanks awesec, I am waiting for my new assignment and if it involves Oracle, I will probably buy one of them...

And I should ask: Who's playing poker? 

Good luck xXxKrisxXx and keep us posted!!!

I am still thinking... How many machines have you hacked in the lab so far? I will spend the next week getting access to as many servers as I can. I also need to finish some exercises, although I have already completed the hardest ones.

I had only bad luck with the course so far. I registered for PWB v2, 60 days of lab only to learn 8 days after that version 3 was going to be released. I then paid to upgrade to v3. A few days after starting it, I got divorced... So I didn't study for something like 45 days! I bought an extra 30 days and I am at the end of it.  

All that to say I have paid the course more than twice now and I feel like taking a break!!!  

Anyway, good luck xXxKrisxXx and keep us posted!!

I took 60 days, but I couldn't work everyday...

Hi,

I am "done" with the PWB v3 course. I have watched all the videos and done the vast majority of the exercises. I understand everything I have studied.

I have played in the lab and hacked several machines (about 30% of them). Should I penetrate all machines in the lab before taking the OSCP challenge? I am running out of time and I don't want to pay to extend my lab time...

With 8 days left in the lab and a busy schedule, I was thinking of finalizing the exercises and challenge the certification right after. Does it sound right?

I know it all depends on what experience I have, but did you feel the exercises prepared you well for the certification?

Thanks

If I may...

I worked 3 years developing Dashboards. I have been an assistant-director at one point in my life and I am a project manager (ok, so much for the big head! ).

What they want to see is a status report easy to understand, maximum 3 pages. You need these 5 things, in that order:

1) Executive summary (Green, Yellow or Red with a 2 line description of the current situation)
2) Accomplishments (What you team has accomplished since the last report)
3) Risks and mitigation strategies (What are you afraid of but didn't happen yet)
4) Issues and actions (What is wrong, currently)
5) Next Steps (what are you planning to do next)

I am telling you, they want these things more than a bunch of graphs.

You provide the facts and they make decisions. You propose and they chose.

Anyway, better than a dashboard if you want my opinion.

Another question, do they have security-related Performance Indicators to report on? If it is the case, you may want to have a graph or two about them...

I should add for those who never went to DefCon that the "pre-conference" on Thursday afternoon is quite good too. So to me, it really is a 4 day event.

Honestly, I am expecting to meet one or two people from this forum.

Some of you helped me so much, I feel like paying some beers... 

Thanks xXxKrisxXx,

I will give it a try tonight in my lab.

It's funny, the thread's title is "Who's going to DefCon" and all I got so far, is who's NOT going! 

In a lab, I have 2 servers with Oracle 10g installed on.

I want to check if they are both secure, but I don't know how I should proceed with the pentest. I know I need the SID along with a tool to make a connection to the database.

So far, all that I found on the internet was pretty old, using tools in backtrack 2 or talking about Oracle 9i or older.

Anyone knowing about tools or a useful link on that topic?

I haven't received anything yet but theu told me I should have to wait about 60 days. It's been around 60 days since I last received their email, so I will contact them soon and let you know the results...