If you use Damn Vulnerable Web App (DVWA), don't forget to add the Web Services (DVWS) module: http://dvws.secureideas.net/downloads/index.html

I'll post later after there are some more details, but there appears to be a CTF event (ghost in the shellcode).  There might be some pre-assessment required to get a spot, but at the very least I want to put together a team.  Keep it in mind if that's an activity you're interested in, and look for my post!

I know tix still need to be got (a feat all its own), but who is planning on going?  A get-together might be in order.  Given it'll be the dead of winter, might just stay in the hotel, but we can figure it out. 

Folks,

I'm about to get involved in some interdependent pen tests.  I'm getting a contract together, but I also need to get this E&O insurance.  If anyone has any guidelines about what to "shop" for, and what I might expect to pay, I'd certainly appreciate it.

Thanks, and Groovy vibes to all! 

My brain has been tossing around building something like this for a while... they saved me a lot of work.  Even had a name... PeTRA (Pen Test Reporting Application)...  Haven't looked at this one yet, but I know it's something that's "needed"... I hope it matures well.

http://www.ossams.com/

Ahhh gotcha.  Well, I think my answer still stands... 

Oh, and UltimateLAMP: http://www.metasploit.com/about/how-do-i-use-it/test-lab.jsp

Dude... WebGoat or DVWA.  Free.

Been a while since i messed with SNMP, but try replacing your 1 at the end of your command with a .

If you file a complaint with facebook, it's highly unlikely that they're going to turn around and tell the other person who you are.

Your other option is lawyers and subpenas for IP logs from Facebook and ISPs.  If this is a threatening harassment situation, you may want to contact law enforcement.

That would be the official, responsible way to start dealing with a "gossiper" on a site like that... why would you need another way?

This sounds like a matter that Facebook should address, you should contact them.

I hope so too... it's only our nation's security we're talking about here!

There are a lot of tools, the most common being the lock pick, of which there are many and the tension rod, also several to choose from.  The next most common and recent is the bump key and hammer, then there's jigglers and shims and tubular picks.

Something good to start with would be this: http://www.lockpicks.com/brockhage-lock-pick-set-b230.aspx

(i'd also get one of these for starters: http://www.lockpicks.com/longtwistwrench.aspx)

I've got this kit: http://toool.us/equipment.html The only benefit of that over the other one above is that is has a mix of thick and thin picks, and it has the twist tension rod.  But I don't know if that justifies the cost difference.  That site has a lot of cool stuff, look around.  That vice I mentioned earlier is here: http://www.lockpickersmall.com/universal-practice-lock-stand.html

Now, I'd be remiss if I didn't share the lockpicking rules.

1. Do not pick locks which you do not own.

2. Do not pick locks which you rely on.

That's it.  And I can personally attest to rule number two.   

If you're looking for something to practice against, check out WebGoat or DVWA.  Both are intentionally insecure apps.  WebGoat has built in "lessons", and DVWA will give you three difficulty levels.  These will give you a ton of exercises to work on...

(Keep in mind that any machine you run these on instantly becomes vulnerable, take care.)