Cheap option:

Use the adhesive velcro and stick it to the top device in the rack.  Won't slide off easily and not too hard to return to original condition.  ~$1-2.  A little ghetto, but it works in a pinch.

No, if you are using pre-compiled word lists, then it is a dictionary attack.  A true brute-force will just start slamming characters through, exhausting all possibilities along the way.

http://www.attackvector.org/files/thelist.txt.bz2

This is a reasonable list that is comprised of several other lists and de-duped, etc.

Hey may be trying to establish a baseline or inventory scan rather than building a list of vulnerabilities.  That being said, if it is the case, it may be better to run netstat, mbsa, etc. instead, using psexec if needed.

If you are seriously going to try to scan 65k UDP ports, that scan is gonna take a good while.

Totally forgot about Yersinia, thanks Ziggy!

I am not aware of any automated tools, but you might be able to find a scapy program/python script to generate the qtags to inject in the header.  Many switches do not verify tagged vlans and will rely on the header info to properly "route" them.

That was a great score, man.  Congrats.

I'll go ahead and say it again...certifications will land you an interview, experience will land the job, all other things being equal.

I went ahead and got the $78 package because it indicated that updates would be provided for the first year, whereas the lesser packages required a $30/quarter subscription service for updates to the materials.  I missed that the first time through.  Now, whether or not the updates (or the toolset) is really worth $20, time will tell.  Thanks for pointing out the site, now I just need more time to look at it.

It looks like the premium package ($78) lists e-books, but you said you gets lots of books with $58 package.  Trying to figure out what benefit the extra $20 is other than a suite of tools (don't need them anyway).  Looks like a good deal and it is hard not to get $60-$80 value.

It means it was patched such that null user sessions have very limited rights.  You should look for other methods of penetration.

I won't ask where the slides came from but if you procured them from anywhere but SANS directly you may be in troubled water (they are non-transferable licenses for the original owner/user)...but 2006 slide deck is getting long in the tooth.  There would be a lot of newer information as the course has been retooled at least twice in that time span.  It is not too difficult of a test, though.  I took the class in 2007 and the test a couple of years later and passed with no problem.

503 would not be very good for a newbie at all.  The 504 course is a relatively tame starter course, but I would strongly recomment 401 as your first course, especially if you are new to security.  Let's try, though, not to make this another "my certification can beat up your certification" type of feud guys.

IMHO,

CISSP is a better cert if you work on the theoretical and policy side of security.

GSEC is better if you are a practitioner.

However, has stated before, CISSP will likely be more successful in job hunting and getting past HR.

Conrats guys.