Kev,

I've heard the argument a few times that you re limited in what you can learn about Linux when running from a live CD.

However as most Linux installs I've done recently involve little more than clicking 'next' until the install starts I can't imagine that you can learn to much from installing the more mainstream distros, even the backtrack hdd install is fairly straightforward.

Whilst you *will* learn a lot building a pentest laptop using damn small linux etc. I don't see too much advantage over using BackTrack et al. from a harddrive install over a live distro.

(as a caveat: I use live distros (BackTrack, Knoppix-STD or Helix depending on situation) for incident handling work for ease, but my usual OS is Linux so I can get my fix there from a learning perspective)

Guys,

hoping one of you experienced people can allay a fear I've got for taking security (or any other) courses.

As I've stated in a couple of threads I intended to study for and hopefully gain my first security cert sometime this year (still not sure which one despite all the advice I've had so far, sorry guys). However I'm concerned about attending a training course and getting left for dead behind a lab full of more experienced people.

From courses you have attended what is the common ability/experience level and spread?

Thanks in advance

For my two cents worth.

I've tried setting up a dual-boot MS-?/Backtrack machine on a number of occasions and never same to get that much benefit from it. If your primarily a windows person than just boot backtrack from the CD.(or other, I personally like knoppix-STD although it doesn't seem to be developed as agressively as BT)

This way you get all your usual OS for day-to-day and your Linux tools when necessary. Only time I would consider running BT in a VM is if your trying to study/experiment during quiet moments at work and still need your primary system for 'work'  .

On the build your own side, again I've tried this several times (actually intend to start again...) Previous attempts have been made using Kubuntu and usually end up with me removing something vital whilst trying to get rid of the fluff I'm not interested in. In an attempt to start small, but still gain the advantages that come from the [k]ubuntu/Debian family I'm intending to start with a base install of Debian and build my system from the commandline with the apt system.

But ChrisG may have just thrown a spanner in my plans as a quick look at the Pentoo site makes me think it may be worth investigating further....

Hi All,

I've just heard back, a recording should be available to those who registered in a few days. Watch your inbox

I was unable to attend this event as it classed with a live BCS event was attending. Hopefully there will be a recording of the presentation released as I was interested before hand (and moreso after reading comments from those that attended).

Unfortunately from previous experience with Core Security they are usually fairly quick to get the recordings out.

If I hear anything else or get a link I will let you all know

Bill,

thank you very much for the advice, it has definitely helped me to better understanding an external view of how others can see the various certs.

As far as personal experience goes, I've said in another thread that I've been interested in computer security from a young age. But wasn't planning on going that route until I ended up in a computer science course at college cause IT clashed with maths (wanted to be an accountant, don't ask why ). Turned out fixing my Dads computer and controlling the Logo turtle from a BBC B Micro actually turned out useful.

I've just graduate University with a 1st class honours degree in computing for industry (embedded processors, real-time systems, robotics, etc.) and have 3 years experience working in a security oriented IT company where I have had the opportunity to influence systems and procedures in place as part of the ISO/IEC 27001 standard certification.

From handling several (becoming numerous) incidents for my employer and clients I know (I think) that I have good ability in this field but would like some formal training and 'pieces of paper' to be able to prove this ability to both my current and future employers.

Sorry for the life story and thanks again for the advice.

I've just found time to watch the linked vid now.

If anyone hasn't had a chance yet (45mins long) I'd highly recommend it.

Thanks for the link

Not sure to be honest.

I still need to take and pass my CCNA exam after attending a week long bootcamp. Stumbling block is the stuff I don't do on a regular basis like frame-relay etc.

Once I've got that out the way I want to start hitting the security training/certs. Can't decide where I want to start, juggling between C|EH, GCIH, OSCP, all depends on funding, timing and time off work. So I'm left learning what I can in my spare time.

Any advice on where to start first? (would like the CISSP, but don't have the required experience yet so that will have to wait)

Cheers BillV,

already got that one, guess I'm good to go....

well done that man!

For those of us still studying to sit the exam, do you have any advice beyond the usual 'study hard and practice'?

Locomotive,

as several people have stated, 'Don't expect to become an expert over night'.

For a real world example, I started getting interested in computer security at around the same age (around the time I first saw the film 'hackers', I'll hide now... ). I've since spent six years studying computer science at college/university. And I mean computer science, we learnt C, assembly, real-time scheduling, sockets, TCP/IP, etc.etc. not a course in HTML design. Following that I've had a security 'related' role for nearly 3 years.

I'm still yet to crack a real system, but I have spent several times incident handling for clients who have had issues or designing evironments to limit the risk/severity of such incidents.

Oh, and I still don't know jack and still have LOADS of stuff I want to learn (it's why I'm here after all).

Basically, keep at it and try not to take shortcuts, there aren't any.... (if I'm wrong can someone let me know )

ccc,

Welcome to the boards.

Haven't come across this one before. Site looks fairly promising I'll need to take a closer look.

Can anyone with first hand experience of this tool eleborate further?

Biotic,
cheers for the links.

I haven't been able to take too close a look yet (no rest for the wicked and all that) But as you say the videos don't seem constrained to the usual 'type nmap to scan host' basics.

If I find anything majorly interesting after a closer look I'll let you all know

I agree with the above definitions of hacking good, cracking bad. I'd also like to ask 'why do you ask?'

Finally, given the nature of this site, I'd guess that most people here will go with 'hacking good' especially in light of the 'useful' section. If your looking for general opinion you may want to try a less biased source.

Rance,

looks quite nice, I'm a php man myself and the tool fits in nicely with a job I've been putting off for a few weeks. I'll have a play and let you know if I find any issues.

Cheers for sharing