''Yes, it is Cyberspace, here no one can assure 100% Security but it doesn't mean that you can ignore the security holes.  Godzilla the hacker who breached the Pakistani Government websites few months ago has claimed to have identified multiple security flaws in EC-Council website(eccouncil.org).''

http://www.ehackingnews.com/2013/05/ec-council-hacked-by-godzilla-for.html

Got this in my mailbox yesterday:

In conjunction with the launch, EC-Council has prepared a complimentary First Look session for cyber professionals to test drive the program. Details below:

CEHv8 First Look (Open to the public)

   Date    :    May 8th, 2013
   Time    :    New York 10am / Singapore 10pm / London 3pm / Dubai 6pm / India 7.30pm / Singapore 10pm / Korea 11pm
   Duration    :    2 hours
   Speaker    :    Haja Mohideen,
EC-Council Co-Founder and Vice President (Technology)

More info:
https://www.eccouncil.org/courses/new_release/certified_ethical_hacker_v8.aspx

nice, thanks for sharing!

remember that when using this for a pentest that there is no way you can guarantee that the gathered information is not gathered/stored by 3rd parties (in this case yougetsignal). In this case i recommend to do these checks from your own systems...

when using for your own fun and profit, who cares 

great news! now i just have to choose which one i will be taking a swing at somewhere around fall...

i have it already sitting on my HTPC, now i just have to find the time to watch it

NICE! congrats man, way to go on sticking on it for so long and still manage to get the energy on giving it another go.

thanks guys!

i used non official courseware to study for the exam, also did a lot or extending research on the topics at hand, which helped me alot to prepare for the exam.

I am not going to upgrade my certifications to LPT. I simply refuse to pay for being able to put the title behind my name which has no additional value to my knowledge.

I'm thinking of going after eCPPT at the end of the year or something. I really like to get my hands dirty again after a 100% theoretical course.

I know ECSA is not required by many jobs but that is not the reason i take these courses. I do it 100% for myself to gain knowledge and the reason i want to get certified is i see it as my reward/confirmation that i understand the material. and i simply like torturing myself  

Hi all,

Just a quick post to let you know i haven't forgot about you all 

Passed my ECSA last week, by self study. Now its time for a little break and focus on some upcoming conferences, after that i will start looking for something new.

Oh still reading the forums, just not enough time to contribute

Probably known to several of you, but looking at the new submissions after a few days will definitely take the edge off when you are stuck during a pentest:

http://securityreactions.tumblr.com/

(also a "just-really-busy-but-i-still-check-in-from-time-to-time-post)

WOW, now this is just plain cool! this is in the top 3 of best giveaways, no doubt! Good luck everyone!

:kuch:ftp://ftp.halifax.rwth-aachen.de/backtrack/:kuch:
(was available before the torrents, i installed it in a VM, seems legit...)

Hey, perhaps a little bit late, but good luck! any update on how it went? i'm guessing you are sleeping it off right now, hehe...

i'm missing two things here:

along with alle the theoretical knowledge you can gain from the above mentioned sources (books and what not) spending time behind the keyboard just doing it (for example, configure windows security wise, fiddle with permissions for users on linux) gives you a great understanding on how the things work you want to break. also read material at exploit-db and securityfocus, even if you do not understand it (yet).

practice practice practice (practice makes perfect they say)...use hackme's/challenge websites to learn more about "real life" examples.

Congratulations! Have fun with this one, its a great prize!

I am not familiar with WebInspect, but i use burp pro every day, and the more i rely on it, the more features i discover (even after multiple years of use).

It is so much more than only a proxy. You can actively or passively scan webapplications, compare requests, use the intruder to perform brute forcing, it even has a compare function for sessions to check for randomness in the received session identifier. Heck, it even helps you spider the website, and if you use the active scanner it will find sql injections, xss, path traversals etc. so you can even use it as an automated tool.