You're quite correct: but there is a difference between you asking for a refund (for whatever reason) and you publicly stating that HackingDojo ripped you off.

If that's all there is to it, I'm going to go with yes. It was YOUR decision to sign-up to the course, and YOUR decision not to take the exam. As others have stated, the criteria for moving through the ranks is well publicised and available prior to sign-up.

From my perspective (like yours, purely anecdotal) I'm working through the Shodan material (slower than I'd like) but have had all the support I've requested from the HD team.

I can't comment on OpenVAS too much, got it running in a lab environment but haven't really used in anger.

Placing technical issues to one side, if you're providing a chargeable service some (rightly or wrongly, a debate for another day) will be more comfortable with a service backed up by a commercial organisation; and I have come across a handful of organisations that specifically disallow open source in their environment.

Given the relative low cost of a single Nessus license (compared to other commercial offerings) I'd suggest this may be the way to go in a commercial setting. The cost of a license can quickly be offset by picking up business from clients that otherwise wouldn't consider you.

Answering Don's question direct:

I don't like brain-dump, learning to the exam type activity, but at the same time:

• Those that purely study to pass the exam aren't doing themselves any favours and will quickly get passed by in the industry if they don't learn beyond passing the cert
• Certifications that can be passed purely by brain-dump are intrinsically of less value that those that require more indepth testing and/or practical portions
• Businesses that can't identify paper tigers through either the interview or procurement processes will have issues regardless of what we do as a site.
• Typically members getting involved in these sorts of posts disappear fairly quickly, but there are plenty of examples of those (probably myself included) that have started out that way, but with the help of the community have grown beyond.
  

EH-Net has always (mostly) been a friendly and helpful place to study so I'd be inclined to continue to allow such discussions. The community is good at self-censorship if a member starts asking questions beyond what is deemed 'acceptable'.

From a personal perspective, if I don't agree with a topic, discussion or tone of a post, I just don't reply.

my £0.02....

That explains the confusion, thanks for sourcing the clarification

Personally I think it's a bit of a feedback loop:

• Backtrack is popular because it's a good package, no getting away from that
• Because it's popular (and relatively stable) it's used for a lot of training or self-taught from books/articles
• Because it's used in a lot of training, a lot of people become comfortable/confident with it
• Lots of people using BT, means it becomes more popular
• GOTO top

Hi,

there's many different options to use on a test, for alternative dedicated distros take a look at BlackBuntu or BackBox for example.

Additionally you don't need to use a dedicated pentest distro to perform pentest activities. My main machine is a vanilla Ubuntu (Mint) installation with my preferred tools either installed from repos or compiled from source. Plus I keep a BT VM image handy incase I need to rapidly confirm output from my own system, or access a tool a rarely use.

The main reason for using BackTrack, especially in a training environment is that it ensures that all student system configurations (should) be identical, so effort can be focused on learning the tools and techniques, rather than trying to troubleshoot each student's unique configuration issues.

Ultimately use whatever you feel comfortable, try a few and see what works for you.

If I'm wanting to quickly analyse some JS in the wild I usually turn to Wepawet. I've no affiliation with the service but it couldn't hurt to get in touch with the team there to see if they're willing/able to provide access to some of their samples?

Alternatively, some of Wepawet's reports can be accessed based on md5 hash of the content (I found this report via a quick google search for example). I've not read their Ts&Cs so use at your own risk, but a quick Google Dork of:
is currently returning >15k results

Unfortunately Wepawet's report format only lists the de-obfuscated operations rather than the original source so may not be exactly relevant to your needs, but you could always use the listed report targets to grab any scripts that are still live yourself.

Hope this helps, good luck with your project.

Do you have a direct link for that?

Other than a couple of course samples best I can find is the promotional pricing of $250 for course + cert.

Still looks (and sounds, from those I know working through it) to be well worth the price, but if there's a (legit) free avenue to the material I'd be a fool to part with my cash....

Thanks for the heads up, wasn't aware of this one but looks like an interesting read, and just in time to make a good stocking filler

Show's one of the standard bug-bears with being this side of the pond the though, choice between 20USD or 20GBP. I might have missed something in the world of FX, but the exchange rate isn't 1:1.....

Thanks for sharing the advice; and perfect timing, been meaning to look at improving data retention/destruction provisions, this should be a great foundation.

With regard to destroying data once report is in client possession, how do you handle client's losing/forgetting the report and then claiming you didn't fulfil contract if you can't provide deliverables down the line? It's the biggest argument I've encountered against destruction of data. I'm assuming project sign-off etc, but curious to know if there are other options I've not thought of.

And I'll apologise now, but I will be stealing Resume Generation Event for future use

I've spent the last week working with SET for an engagement with great success. Can't wait to get my hands on a newer version to test improvements.

If you're reading this, thanks to David and the rest of the TrustedSec guys for continuing to release awesome tools. It's greatly appreciated.

It could just be PR spin, but GoDaddy CEO stating that this was an internal failure, not the result of a malicious third party.

Personally I'm inclined to accept this as truth, if you wanted to spin your way out a problem 'them pesky hackers did it' probably carries more acceptance from the masses than 'we screwed up'.

Ref: GoDaddy Release

I've seen more production systems experience downtime because something broke/failed or someone messed up than I have caused by malicious actions of a third party.

I've heard (unsubstantiated) reports that the issue can be traced back to an outage/attack within GoDaddy's DNS infrastructure. Assuming that's the case (I'm not a GoDaddy customer or have any inside knowledge) I came across this article today that indicates that GoDaddy's DNS infrastructure isn't as resilient as it could be.

Whether this has any impact on the outage or not, it is an indication that weaknesses were/are present within the hosting infrastructure for GoDaddy. (although recent comments on the article suggest that it may not be as simple as initial research suggests, pinch of salt required.....)