I finally had a chance to dive in to Gray Hat hacking here recently, and it's not quite what I thought it was going to be.  I need something heavily focused on actual net pen testing, and this one falls flat in the middle where it delves off in to programming, reverse engineering, malware analysis, etc.

So, if you had to rescue one net pen book from your burning home, which one would it be? 

Thanks!

The infosec community is tight, and even more so here, because we're so focused. Being a member of this forum has paid dividends time and time again. This time, a fine gentleman (hah!  ) who I will let remain nameless unless he wants to come out of the woodwork, answered a post I left up only briefly looking for work.

Well, I'm pleased to say that that was such a fantastic lead (and i was talking to five or six companies), that I turned in my badge today after 10 years with a huge company that I've just come to be miserable at... after accepting a very exciting offer generated from this lead. It's a small outfit (so far nobody i've talked to has heard of it), but they seem to be doing it right, and growing fast.

Point of that is, I probably wouldn't have heard about the opportunity if I was just using the standard search channels. The realization just hit me that i didn't touch a job board or a recruiter this entire search cycle... all social media. Quite different from the search of 10 years ago.

Anyway, thanks once again Don for providing a fantastic resource for our community, and to my new co-worker for the hookup!

Everyone have a great weekend, and groovy vibes to all! 

I was kind of looking to SANS Sec 642 to get more in depth with web services, but the syllabus looks pretty lean for that topic still.

I has a sad... but congrats to the winners, what a great prize month!

It was hard to find everyone without EH.net shirts.

We should actually schedule a meet-and-greet for the next one of these instead of the random "we'll try to get together in the madness" madness...

I've got some specialized wordlists here: http://stormthe.net/wordlists

Thanks guys... been getting nice feedback from the post, maybe i'll have to do an "Advanced Burp" series...

I dunno about the first being easiest... took me two years to get that one up!

To pile on top of what everyone else said, if you find old app files, like login.php.bak, guess what, you can download that file and get the raw PHP code, which may contain sql connection credentials, code level notes like:

/* if a user puts in special characters, they can access resources they shouldn't. will fix soon */

All sorts of goodies... This could give you all sorts of juicy tidbits of info for further attacks.

Ladies and gentlemen, I am so proud to announce to you my first ever official info-sec related stand alone blog post!   Seriously, I've had this domain sitting around for a couple of years just for this purpose. Finally a) had some extra time and b) had something neat to share.  So, enjoy!

http://www.stormthe.net/?p=14

ahh yeah, that does make it a little tougher. if it makes you feel any better (i'm not sure how), i got mine sold!

Are you on the twitters? I think I just got mine gone...

I had someone ready to go, but i was waiting to get a link for denied-cfp ticket purchases, in the meantime they managed to get one last week when they did a release of 70.

the title says it all...

Well crap... i was out-bribed in the beard competition at Defcon. Let's hope it's not a pattern...