Unless the material has changed since I did offsec, you will need python for some of the fuzzing/BO modules/challenges, so spend time going through the (good) introduction videos and lab notes.

Don't worry about it too much though, if you can understand the code enough to edit the examples to suit your purpose it should be sufficient. If you've already got a good handle on the bash side you should be fine.

Good luck with the course.

From my own experience, try not to get too worried about the buffer overflow section. If it only seems like Japanese you're probably doing alright . After a couple of run throughs and the hands-on examples everything starts making sense.

When I did the final challenge (and (hopefully) without giving too much away from my own challanges) I finished one section, sat back in the chair with a grin on my face, and the question of 'did I really just do that' going through my mind.

The material is tough, but you should get there in the end. Although I do agree with you re: offsetting courseware/lab time, I took an extension to get more time in the labs (partly for extra practice, and partly just because the labs are FUN).

Hi Sam,

I know a few that went through the Northumbria Uni course (unfortunately I graduated before this course was available), some mixed opinions, but it should provide a good foundation. If you're staying local to the NE, let me know and I can make some introductions/suggestions to the local IT scene if of interest.

Degree aside, I'd definitely take a look at the OSCP course as it provides a good technical foundation across most common tools and attack vectors. After that, the TigerScheme QSTM can build on the basics, whilst providing an accreditation which is valued by employers/clients within the UK market.

Good look going forwards.
Andrew

When working in a lab, try to ignore that your machines (and the publicly provided targets like De-ICE) are using rfc1918 address space. This is merely for convenience, if you needed public hosting and IP space for a test environment the costs would skyrocket. And it's obviously not sensible to host vulnerable systems on public facing networks.

Using De-ICE as an example, the server is built as a (poorly protected) public facing system. It's not uncommon for public systems to have the same ports and services exposed to the wider world, rather than locking down administrative ports for example.

Without more info, I'll come to the vendors defence on this one. Just because a PoC and detailed analysis isn't released doesn't mean end users (who probably wouldn't understand a PoC anyway) can't be provided with information sufficient to tell them why a patch is required.

Microsoft (et al.) security bulletins will detail the scope of the effective issue, but rarely provide enough technical information to allow a third party to replicate the issue with further debugging, analysis and reversing.

Do you wait or research every update to your own systems before applying? Or accept that the vendor is (supposedly) fixing an identified issue?

Steve, PM sent, didn't want forum post to turn into a (biased) advert

Easiest way to start a test environment is to get a virtualisation playground (either dedicated box, or just from your main machine) and attack some vulnerable virtual systems.

Depending on your needs Samurai WTF contains some vulnerable web applications (including DVWA which you mention), and all the tools needed to attack them, all in one handy package.

For more information, take a look at section 2 of Metasploit Unleased (and Metasploit Unleashed in it's entirety) and/or Rapid7's article on how to setup a test lab. Both of which also link to some good additional resources for acquiring and setting up intentionally vulnerable targets.

HTH, happy hacking

Bridging should work, but beware that this now means your virtual environment is now connected to your LAN. Any attacks, malware, etc that you unleash could hit your production systems and beyond.

This can get particular interesting if you're experimenting with layer2 attacks for the first time, not that I have first hand experience of course...... *whistles*

It's a little dated and doesn't still match my current setup (I need to spend more time in the lab), but I covered my VMWare network set-up some time ago. Hopefully it will help give you some ideas/pointers.

[blog post] Virtual Lab Network

Interesting position to find yourself in, and in some ways I feel for the vendors position as well.

Its not unusual for security professionals to enter into NDA when dealing with a client, and in some cases the vendor can't be 'totally' responsible if users don't update their own systems (but imo it should provide default, auto update facility for a device which is essentially set and forget for most).

Ultimately, I'd say the decision is yours alone, with no real right or wrong answer. Training is expensive, and security practitioners deserve to be paid for their skills and effort. On the other hand it is likely (no offense intended) that other parties are either already aware of the weakness or will be in the future, however I'd also suggest that users that don't apply vendor supplied updates, probably arent reading through the infosec community looking for vulnerabilities in their network either.

If I was in your shoes? You've found a flaw, the vendor has resolved the issue. Hard work is done, time to get paid.

(and if this wasn't the ethical hacker network, I'd int out that coincidences happen, and it's not impossible for an unrelated third party to reverse a patch, identify the flaw fixed and release......)

If you want an authorized target to test against, try nmap's own scanme.nmap.org.

Provides a good opportunity to get used to nmap's options different results you can get from different parameters and scripts.

I actually had this conversation with SKy when considering switching to them myself. I was informed that authorized testing was 'probably' okay, but from their legal and contractual obligations 'anything' identified as malicious is a violation of contact and potentially result in loss of service.

From my knowledge of the ISP market in the UK ( and to a lesser extent, further afield) I'd be surprised if they had monitoring on the connections to this degree (or at least don't act on the information) and any investigation into violation of AUP is likely reactive, if and when a complaint is received. The price point of broadband in the UK doesn't make it cost effective for ISPs to be that proactive.

That said, the information that I received from them meant I personally went elsewhere for my network connection. Personally I don't want to have to explain to a client I can't fulfil a contract as agreed because my ISP has cut me off. You're 'probably' safe performing scans over Sky, but if your performing business level assessments and services, then you should be utilizing a business grade connection, the price difference isn't too extreme.

Hope this helps, (and let me know if you need a good business ISP )

Seems like a fairly poor excuse to me, but if that is their stance then potentially you've had a lucky escape. As much as you want the job in infosec, the company that you end up working for has to give back in return for your work. If they rejected you based on not being loyal before they offer you a job? Something isn't right somewhere.

From my own experience (UK) there are pentest jobs out there, but most are looking for people who are already experienced (standard catch22 scenario).

Hope things get better going forward, keep the faith

Hey, welcome 

Good career path? Depends on how much you want it. Infosec can be a great career IF you enjoy it enough to be willing to put the required work in without coming to hate the job. Unfortunately I can't really help you too much there, only you can truely answer.

I'm from the wrongside of the pond to give a US answer to what you should study but EthicalHack3r/Ryan Dewhurst (also UK based) has just posted about his experiences of 'ethical hacking' degree courses. Hopefully will help you.

Finally just learn everything you can, about everything you can whilst you're young and enjoy the learning; and try not to get too focused on where you want to be. At you age I was intending to be an accountant beancounter.

Hope this helps

Might be overkill depending on circumstance, but I have a personal server running dokuwiki.

Works perfectly for me needs and can access from anywhere. Plus if/when you need to collaborate/expand just allow another access and all previous info can be shared.

I find the Kindle great for fiction books, but for technical books I've found it unworkable where formatting and/or illustrations are important.

YMMV, but I'm sticking to dead tree versions of technical resources for the time being.