Armando:

Hope this message finds you well! I was checking the gold cert and it says that the engagement will include web apps to be tested (I imagine both manually and with other tools or Nessus) - My question is Do you recommend getting back to Coliseum and Hack.me to practice or Hera will provide the full experience of what I should encounter during the test?

Thanks in advance,

Jose

Best of luck!!!! 

Really useful, I'm exploring your site since Monday!!!!! Thanks!!!!

Hey! I checked your website and you have awesome material! One question regarding your pivoting series. if I want to recreate your setup do I have to use a GNS3 setup or can I use, say a 2003 server with RRAS configured to act as a router? I think this tutorials are great to avoid using metasploit for pivoting on the exam, in case you need to pivot, and maybe save the opportunity to use it for a harder machine! Thanks again for your amazing website!

I will!!!!!

Well regarding the material, I was able to get the windows sample on the module plus aditional excercises from Vivek (mini share, FreeSSH, Easy Chat - SEH Based) plus Stephen Bradshaw material on info sec institute. Right now I can do this type of overflows in a really consistent manner plus a few others taken from the exploit DB that are not in the form of tutorials but I was able to adapt them to fit both Vivek and Stephen methodologies.

Hi... can anyone help me out here? For the OSCP exam do you use only the regular overflow or do you need to know SEH stack based overflows???

Thanks in advance

Open a skype account and look for hackingdojo.com - it's the fastest way to get a hold of him, he's online as I'm typing this!

Hi:

I'm currently studying with him. I finished the foundations class and it's really good. His videos have a relaxed tone and the supplemental material is good. I've checked eCPPT and the difference is that they are 80% reading 20% videos from an instructor guiding you. Tom is the oposite. Plus you have a 20+ live targets hacking lab for you to practice at no extra charge. He has a special going on right now with a 50% off the classes. If I were you I'll go for it... Just my 2 cents

His pentest book is also a great tool to have along with the course. He follows a clear methodology that helps you on the real world, it's not just hack this or that. It's: follow this procedure so you can finish your testing with a decent report based on a standard. Highly recommended

Don't subscribe to them!!!! Like it was said before they are a joke and just a spam club. I remember when it was a physical mag with CD's and everything and they were really good. Those days are long gone and about 50% of what they publish is crap and out of the other 50% half of it is decent and half of it you can find on free resources. Stay away from them!!!!!

Real places to go:

Security Aegis, Irongeek, Securitytube, and of course google. catonmat is really good for scripting as I found just yesterday while browsing for a sed tutorial for a lesson on Hacking Dojo.

So save your money for something worth reading!!!!!

Yes you are right!!!! I'll fix the script to comment out the explanation

Nice!!!! Thanks for the links. I also did a search on Lee and found two great videos and one of them is a BASH lesson. Once again thanks for your help  

http://www.irongeek.com/i.php?page=videos/hack3rcon3/09-bash-scripting-101-for-pen-testers-lee-baird

Well things are OK now, I started going through the Myoku videos and here's my first script to automate nslookup and nmap is based on a grep line Tom showed us to clean an nslookup command so you are left with just plain IP's. I thought that this can be saved and used to launch nmap.

With this you can have a folder for every client ant it will automatically save all your data for that client there. I will add new things to run later along the way.

Any opinions are welcome:

--------------------------------------------------------
#!/bin/bash

clear
echo
echo AUTOMATE NSLOOKUP AND NMAP
#++++++++++++++++++++++++++++++++++
# This is a very simple script that let you create a folder to save your scans,
# run a basic nslookup for any domain, grep it and pass it to nmap for a scan.
# All results are saved on text files inside the folder you created for future refrences...
#++++++++++++++++++++++++++++++++++
# Jose Ruiz
# Nov 2012
#++++++++++++++++++++++++++++++++++
echo
echo "++++++++++++++++++++++++++++++"
echo
echo Usage: domain.com
echo
echo "PLEASE CREATE A FOLDER:"
read folder
mkdir /root/$folder
echo
echo "WRITE YOUR DOMAIN:"
read domain
echo
echo "++++++++++++++++++++++++++++++"
echo
nslookup $domain
nslookup $domain | grep "Address" | cut -d":" -f2 | tail -n +2 > /root/$folder/nslookup.txt
echo
echo "++++++++++++++++++++++++++++++"
echo
echo "RUNNING NMAP AGAINST SCANNED IP's... PLEASE WAIT"
nmap -sS -sV -O -Pn -iL /root/$folder/nslookup.txt > /root/$folder/nmap.txt
echo "NMAP SCAN OF" $domain "COMPLETED"
echo "HERE's THE RESULTS OF YOUR SCAN"
cat /root/$folder/nmap.txt
echo
echo "+++++++++++++++++++++++++++++"
echo
echo "THANKS!"

@prats84

You waited a year?!?!?! Wow, my respects to you. You are a very patient man. I think what you are asking is fair due to the fact of the waiting time - Refund in April is 8 months waiting time for a reply....

Once again thanks for posting. I'm supposed to contact Tom's assistant via email to get an update, I will do it today and post later on. Take care!!!!

Great!! Thanks for posting