Had a similar experience.
I joined for pay monthly. The guy took the first months money and just   emailed me to get my background. Once sent my information got no reply for the course timings and after getting tired of chasing him for couple weeks I started requesting  for refunds. Till this date there has been no emails from him and He has blocked me on Skype etc.

 The amount wasnt as big as yours but its some money that I will never see it back.

Strongly agree with you. Its not just limited to Penetration Testing but also to the Infosec education being offered.

Apart from the being good at the skills you are offering, one major think is marketing. Security being a tough competition, as many skilled people offering their service, marketing is a Big Must. There must be something to make you stand out shining from the competition.
I would spend majority of my capital 'initially' in marketing, because only when you sell u earn and u learn.

 Start with 'FREE' we all love it when its free. Look at everything around as case study,

 Metasploit- Started as free (still community version is free) but then added certain Pro products which make a 'buck'

 SecurityTube- Started as providing infosec education at no cost and still does provide a huge set of topics for free. Once successful started infosec certifications at a low price, again making a buck.

All those guys might have not started the project to make money initially but we all know how over the years some of free products have developed into industry must haves.


 

 Always plan long term and always innovate.


Just my 2cents.

I have attached some notes which were given to me by a colleague and i have added a bit to it while I am trying to learn assembly.


let me know if you find these useful. 

Sites affected due to Internet Registry admin error or the registry iteself got hacked?

http://www.theregister.co.uk/2012/10/10/google_and_yahoo_ie_hit_by_domain_hijack/

 A brief forensics by sophos
 http://nakedsecurity.sophos.com/2012/10/09/google-disappears-for-irish-internet-users-but-was-it-a-nameserver-hack-or-admin-screwup/


This is a big issue if as such the Ireland Registry got hacked.
Does anyone have more information on this?

Would this be a social engineering attack or really a loop hole in the registry infrastructure?

Once you read a little basic of python. You can enrol for Securitytube python scripting expert course.. its about $250 and the course starts from basic and goes advanced; course is aimed to target ethical hacking/networking aspects of python.


http://securitytube-training.com/certifications/securitytube-python-scripting-expert/

As per the faq on the offsec webiste you need knowledge of TCP/IP, networking and linux skills.
The course itself says you do not have to be a programmer.
A bit of scripting/programming does make life easier.

Thanks for posting the links.
I felt the document was a summary for a bunch of tools in the market.

I could not really understand the TOR via the VPN. Guess will do some digging around.

Thanks again.

Thanks for clarification.

Thanks.. really cool.

I am keen to read it but the site needs a paid subscription and hence would skip it...

Not really a fan of live bruteforce attack.
issue with live attach is most apps would suspend the user account if multiple failed attempts in short time.
Some apps/services could also suspend a IP and log it the admin.

Everything would have good and bad to it.

The Actualtest or any such are there to facilitate studies and knowledge but yes people to abuse these things as making only source for their knowledge.

We all have been through certifications and have met different individuals. You know it yourself doing these sort of things could get you a certificate, a job but how successful do these guys get in their journey???

Having such links in this forum or any other forums could be fine accroding to me as its on people how they want to use it.
 How many people here would be using the Ethical Hacking knowledge shared here to do the Blackhat Stuff.
 Should we stop sharing the hacking, security knowledge?

I have taken the course but never got enuf time to practice and finish the course.

There are heaps of articles for PWB in this forum as well as wide internet. I think PWB is one of the most grilling and most hands on pentesting course+labs out in market. The one think is that you need time in your hands if you havent had much of experience with networks and systems. It gets to thinking and at times gets you frustrated when cant get a system, but once you get a root even for the easiest box u will just love the feeling


Also the help from the IRC #offsec guys is just awesome.

Recently I have been having issues cracking some of the hashes.
After about a 4 days running a attack found the hash and as such was a german word written in english.

So I have started to make list of some comman words in couple languages like german, french and adding complexity to them... and creating a list.

Anyone got some better solutions