I can't make it, but if you run in to anyone still using WEP, please slap them for me.   

Haven't read it, don't know anything about it, it just popped up on my radar today, but thought it might be a good post for the "i want to be a 1337 h4x0r, where do i start?" crowd...

http://www.net-security.org/review.php?id=254

Right here: http://www.google.com


Here's one list: http://sectools.org/ - I'd use the tool I listed above to find more.

Via Packetstorm: Changes: Increased performance using gzip encoding, hundreds of bugs fixed, enhanced embedded bug report system added and more.

Here: http://packetstormsecurity.org/files/106830/w3af-1.1.tar.bz2 (this is the info page, not a download link)

or Here: http://sourceforge.net/projects/w3af/files/w3af/

PS. If you look at your books, you'll notice, that while there are slide indexes,  there are no page numbers actually indexed.  There are also no "topic headers" at the tops of the pages like you'd find in a normal tech book.  Sure, the slides have headers, but the one in front of me right now says "conditional statements".  Am I looking at javascript stuff? Python? Ruby? Am I answering a question on writing code, or poking at source?  The slide header doesn't do much to tell me where I am in the book as far as topic goes, so you'd have to fumble through more pages to figure out what toping you're reading.  etc... I think you get my point. 

I would tag the books, regardless... unless you have eidetic memory or something.  here's why; if I remember right, it's a 90 minute, 75 question exam.  That gives you a smidge over 1 minute a question.  If you have to refer to your books, do you want to be frantically thumbing through pages trying to find a specific piece of information?  Next thing you know, you spent five minutes looking up a topic... 

Tagging your books is a common "open book exam" practice.  You could go without doing it, but why?  Sure it takes some time, but it also assures a better chance at passing the exam. While you're tagging, it also gives you the opportunity to review the material as well (i'm tagging and highlighting my books at the same time), which is never a bad thing.

Just my couple of pennies.

I've been trying to get my books tagged before I jumped in to one of my practice exams.  Figured I'd tag first, take a practice test, then adjust as necessary... then hopefully use the second practice exam to make sure I get 100%!

don't know if you have access to the practice exams. I bundled my exam cost with my sec542 class, and the two practice exams showed up in my SANS portal... if you do have them available, you can run through one and see where the focus is.

Mythologies?!  Totally wrong forum!   

I want to back track a little on my previous reply.  I don't want to say the CEH is worthless, there ARE some underlying topics that would be good for the absolute BEGINNER.  I just don't think the name and cert jive with what the material has to offer.  I think I'd call the course "Foundations of Ethical Hacking" or something like that.  You're not going to come away with a CEH cert and get right in to a pro pen test job, the course just doesn't give you those skills.

Is this a print mag, or online only?  Any subscribers here?  Worth it?  Kind of a steep price for an online magazine...

I haven't read the replies here, but, I'll give my take on CEH.  No offense to anyone that has one, but I found it to be a pretty good waste of time.  Now, I took the v3 or v4 CEH exam, but I found it to be one of those silly memorization tests.

What port does this backdoor run on?
What flag do you use in nmap to perform an OS fingerprit scan?

Seems to be a serious abundance of these types of questions, where I wanted to answer "google" or "that's what --help is for".  I feel like these exams are fairly worthless, especially for what you pay.  You might get SOME decent knowledge about actual "ethical hacking", but it's sparse compared to the menial flags and stuff you have to memorize.

I was excited when I first passed the exam, but quickly realized I wouldn't be paying to take it again.  The CPE system was not in place after I took my initial exam, so I would have had to take the exam again... won't waste my time.

Try to find something that's more hands-on, and actually gives you practical skills for penetrating apps and networks.  Memorizing a bunch of ports isn't going to get you there.

IMHO, YMMV, ICUP, etc...

You need to turn off the "Loopback only" proxy listener option in Burp, then you can point any remote device at the burp proxy IP/port, and it'll work just like any other proxy.  Burp defaults to "loopback only" (ie local local machine interface) so the proxy does not accept remote incoming connections from random machines.

My first time trying to get Shmoo tix... and... what a craptastic system.  Doesn't help with the limited ticket numbers, but seriously...

I've been working on some of my own specific, broken down word lists.  These are really designed for brute force questions, such as "what was your first pets name" or "where did you go to school"... feel free to have at them...

http://stormthe.net/wordlists/

I'm working through "Coding for Penetration Testers" right now.  Only got it last week, so I haven't read the book in depth yet, however:

Pros: Touches many languages, gives a lot of examples of coding, well, pen test tools, so it gets in to a lot of the socket stuff, remote calls, etc.

Cons: It only *briefly* touches on all the languages.  If you want an in-depth programming guide for a particular language, this isn't it.  If you want to learn the language, I'd probably suggest an O'Reilly book, such as this one: http://shop.oreilly.com/product/9780596158118.do