eth3real you mean hacker challenges like CTF etc?

I am currently building up a 'pentest network' which will hopefully allow people to VPN and do it in a safe environment

I don't like the sound of the "basics" part as I like to learn something new all the time so this isn't a book I will be getting.

@midnight monster, the list of exploit in an up to date copy of Metasploit is huge and will most likely take up more than 1 entire screen, pushing most of the other available exploits out of view.

Try doing a 'msfcli -l | grep linux' which will show all of the linux exploits.

Always remember to Google first before asking questions

Hi,

The got a no in the latest interview I had for a sec position because my web app security skills are not up to par.

So naturally I want to try and improve my chances so have decided to start doing some research on the subject and I have heard great things from the first WAHH (not read) but noticed a second edition was release in September/October time of this year.

Only reviews I have come across are on Amazon but was wandering if there was a EH-net review or what you guys think of the new book.

Regards,
TheXero

A point I forgot to mention, have you ever looked at the De-ICE.net pentest live cd's before?

Hopefully they will help you on your way to getting the correct mindset, but also have a look at some methodologies as well such as the OSSTMM or ISSAF.  They are pretty boring to read, but they will make sure you don't miss anything during a pentest.

Regards,
TheXero

Last January I decided I was going to start PWB roughly in April (this year) so I decided to try and get some experience in developing exploits to try and get me up to speed before starting the course.

When I started the course in April, I realised that I'd already done probably about 80% of the course material on my own for several years and felt that I was at an advantage on the course material, but the lab time is really where the course pays for itself.

With the exploit development module, try to make sure that you know before hand about the CPU registers on the x86 architecture before you start the course and even try developing some exploits.

If you need some help with this I am happy to assist or alternatively you can view the video and write-up hosted on my website at http://www.thexero.co.uk/exploit-development/ or on SecurityTube.net here http://www.securitytube.net/video/2377

Good luck with pwb

Regards,
TheXero

OSCP for the win!

I must admit, I really struggled in the lab.

Sure I easily met all of the prerequisites in terms of technical details, but the try harder bit really got to me.

I initially signed up for the 60 days of lab tme, but no way felt like I could pass the exam so got the 30 day extension.

In the last 10-15 days of time, not exactly sure what happened but I seemed to have alot more ideas and I was popping like 2-3 boxes a day until I began to write up my documentation.

I was spending between 8-10 hours in the lab ever single day and it is extremely tiring, so it is not an easy walk in the park.

I would highly recommend it if you really want to learn some new skills within information security, but honestly you WILL have to try harder to the point where you just want to give up.

Hi n3r,

It wasn't an easy process, but I used this video as a referrance guide http://www.youtube.com/watch?v=9_K4K89QbqM

I originally did it all without metasploit and did everything manually (finding EIP took 4 hours)

My first exploit took a total of 17 days from knowing nothing about it to getting my first exploit reverse shell, so I guess this is like documentation after that initial 17 days of pain back in January 2011 (before I started pwb).

You might find it helpful to also look through the writeup the write-up

Hello fellow eh.netters

I uploaded a new video and write-up to my website the other day to hope to raise the awareness of a how critical a program crash can be.

The video is available both on my website and on Google at http://www.youtube.com/watch?v=tJA4RyAJoU8 and all the files I refer to are included on my website as well as the full write.

On my blog website it can all be found here: http://www.thexero.co.uk/exploit-development/

Hope you enjoy it and hopefully some of you learn something new from this demonstration.

Regards,
TheXero

n3r, I have only really used Python for developing exploits, but with simple conditions you can create a proper "program" using python.

I prefer to use Notepad++ during my exploit development as the syntax highlighting etc comes in very handy so I would recommend that quite alot howerver I'd never done a GUI Python application before but that would be a good thing to pursue

Nice one Jamie.R

 In terms of my childhood, I was pretty much exactly the same as you except I got my first computer at age 4 but didn't really get interested in it until I was about 15.

I enjoyed building things (built myself a home made crystal radio at 9) but never really enjoyed school not because it was learning as I loved that, but it was the lack of experience and always the correct answers are spoon fed rather than actually trying to achieve something.

I'm currently attending interview for my first pentest job and so far my OSCP has been extremely helpful so just waiting to hear the results xD

See if there is some way you can try and break up that wall of text as it can be a little hard to read, but great post

The book itself seems mostly about how to managed a pentest project, but the two courses focus on the methodologies and how to put them into practice.

I wouldn't say it's an overly technical book and it's mainly for managerial type people.

"one point 0" is a great film to watch, and it reminds me of Windows Vista funny enough

From what you put their n3r, only thing you need to make sure you have is determination but the prerequisites for the course are on their site so best answer would be there

Have a look at 'Hacking: The Art of Exploitation' I found that my experience developing a few exploits before I started the course helped me alot in the course by not wasting weeks and weeks on the exploit development modules.

Preestar check out my PenTest video where I attack a client using an outdated version of Internet Explorer in order to compromise the machine and eventually the rest of the network.

~TheXero