Thanks for sharing! Really really cool stuff! Although I feel google will dominate the world some day lol, which can be a bad thing.

I agree with the others. I don't think I've ever had problems with wireshark in windows or linux. And as chrisj said, you can use aircrack-ng suite and most likely netstumbler to capture packets.

Hey guys, just wondering if any of you are OWASP members and at what chapter? I'm considering joining the NY/NJ Metro chapter, and at $50/year, it's not that bad. I've read through OWASP and I know what they offer for members and what not, but I'm looking to hear from your personal experiences. What are the meetings like? Is it fun? Did you learn alot? Meet a lot of cool people/make friends? Are the speeches and stuff similar to cons like blackhat, defcon, etc.? (I've never been to any of the cons, so I'm just curious)

Another one is : http://google-gruyere.appspot.com/#0__jarlsberg
they renamed jarlsberg to gruyere though, but same thing, just with revisements.

This does not have much to do with learning javascript or actionscript (but the aforementioned site:w3schools is very good) but have you read The Web Application Hacker's Handbook? It's really good and in depth, and you said that you are starting new with webapp testing. Very robust and if you read a chapter at a time and apply what you learned on a vuln site, it really sticks in your head. In your case, maybe you can make mock-up web apps using javascript/actionscript and try and apply what you learned from that chapter in the book. 2 birds, 1 stone lol.

I look forward to reading this! Whenever I get some free time!

To my understanding, there are currently no tools in ArchTrack that isn't listed in Backtrack yet. This project is starting to roll with the community there and I'm sure scripts will be included eventually.

I am not the project lead or anything like that, just thought I would give people a heads up on an alternative if they wanted. I mean, what's linux without choices lol. I certainly do think BT is a great distro, but i feel a little more "free" with archtrack (well arch linux in general, being a minimalist distro) being able to choose the best tools I see fit for my setup. I can even make a fresh install of arch linux choosing important drivers, WM, tools, etc. then use a similar tool to remastersys to make my own personal live-cd/usb.

I just wanted to let people know there are options out there for a more precise toolset. But I certainly do use BT to try out the latest tools to see if I like them or not.

Hey guys what's up. I recently converted to Arch Linux (and it's...AMAZING! But this isn't the thread to blog about how much I love this distro compaired to the others I've used for years) But I came across this community project called ArchTrack. It can be found here:
http://wiki.archlinux.org/index.php/ArchTrack

It's got a decent amount of tools already in the AUR(Arch user repository) and people seem to be taking a liking in helping add more tools. Arch Linux being bleeding edge, I figure it can't be that far behind Backtrack in new tools (except backtrack scripts which have to be ported). There is not yet a live-cd/usb version yet, it's on the roadmap though, but if you have arch linux (I would recommend you try it) you can install these tools on your current arch linux distro.

This just works out for me personally because 1) I enjoy being able to do everything from one OS without a reboot. 2) I can choose the best tools I see fit to help me pentest. I don't need 6 DNS enumeration tools, or 5 different aircrack-ng wrapper tools. I just need the top 2 or 3 tools for each categery/sub-category (information gathering/dns)

Just though I would share this with you and maybe get some of you to join in on the package making fun!

post-script: Although there are meta-packages archtrack(stable) and archtrack-dev(svn,cvs,git,etc.), you can still install the tools individually.

I'm currently taking it, and I find it rather informative with in depth descriptions and good examples of tool usage. I haven't finished all modules yet due to being busy, but the material never expires and you can start the certification process whenever you're ready.

You can also read the review here:
http://www.ethicalhacker.net/content/view/307/24/

Also, there is eLearnSecurity. Web application is one of the three main focuses included in the course (System and Network security is also included). It is pretty in depth and is fairly cheap @ $599 (until the end of July). You also get a discount being an EH-Net member.

W3AF is great. I'm going to be writing a short intro on it and maybe a 10 min video on basic functionality etc.

You can also try w3af. It's a very nice framework for web application testing.

I am not a professional, yet  , but i do the same thing as you. I normally install only the best tools I need that I have tested from BT. I don't need 20 different sub-domain enumerators, or 3-4 different Aircrack GUI front-ends (or any at all lol). So yeah, I test out the tools, and then install the tools I like onto my system,. I only wish I could figure out how to get the tweaks from the BT kernel into my distro.

Post-Script: I do keep a live BT USB that I carry with me at all times. Along with all my other portable apps. Kind of like a samurai carrying around his katana at all times 

Well if you want to organize, maintain and prevent malicious attacks, then I would assume Network Administration would be up your alley. Not only would you setup your organizations infrastructure, but I'm sure you would want to make sure that infrastructure is secure!   Note, I use the term Network Administration loosely here. If you wanted to be more specific, you could says System Administration and Network Administration (the former being and Admin of let's say a Windows Environment, adding users, setting up domains, etc. While the latter being an Admin of Routers, Switches, VPN and more network hardware). Certainly, many of the roles over lap and many employers prefer you know both, but just to be politically correct, they are two different roles.

Sorry if that confused you, but let's get back on track. Network administration seems to be up your alley, protecting from intruders. Now other aspects of security include Managerial roles (where the CISSP would benefit) where you understand security, but don't actually implement it. More or less write security policies that your organization would comply to. There are security researchers(mostly independent work, but some people get lucky and do it for a living) where you look for vulnerabilities and write exploits (for the good of course). You have penetration-tester(sometimes called ethical hackers) Where your services are used to actually attack an organization and provide a report where the weaknesses are. There are auditors (close to penetration testers, but not the same) Where they find ONLY vulnerabilities, but not actually attack them. (the debate as to which is better can be found elsewhere on the forum on the internet)

This is just the beginning, and there is a lot to learn. I hope this helps get you started. Good Luck!

Well, the CISSP is more of a Managerial Cert. The LPT is a continuation of the CEH which is more of a technical cert, more "hands on". If you want to actually be doing the pentesting/hacking/etc. then I would probably suggest, Security+ to get your foot in the door, then take either the CEH, eCPPT(from eLearnSecurity), or OSCP if you think you can handle them. The CCNA is a great start too.

IT Security is pretty broad. Any particular area in security you have in mind? Even the MCITP can be helpful if you want to do network security. MCITP + CCSP would be a pretty good combo for network administration security. So, all in all, the certs depend on what you want to do.