The upgrade went fine but my first clue something was wrong was the fact that I couldn't adjust my screen resolution (Windows Host, Backtrack Guest). I could set it to stretch but that looks funky. I then noticed that I couldn't paste copy/paste to/from the Host/Guest. I don't know why some people have a problem and other don't but of the links below, only the last one resulted in a fix for me.

http://top-hat-sec.com/forum/index.php?topic=292.0
http://www.ehacking.net/2012/03/backtrack-5-r2-virtualbox-guest.html
http://blog.thireus.com/

You can also try out Practical Packet Analysis By Chris Sanders if you're looking for some high level info. Don't get the first edition though - the second Ed is pretty good.

FYI - if you're upgrading from BT1 to BT2 on a VirtualBox machine I recommend first making a clone or snapshot. There appears to be an issue in this setup with the virtualbox guest additions. I ended up having to upgrade virtualbox from .8 to .10 AND running some compile/link options to get the guest additions to build and install correctly. This is required if you want to do cross copy/pasting between host/guest and adaptive screen setting. Other than that I think R2 is working well, I'm anxious to try out the new tools.

Personally, I think it's worth the effort get a unit that is on the list instead of getting a list of units and seeing if each one is or isn't supported. If you want to eliminate the risk/headache of getting a card that isn't supported, find some way to get the Alfa AWUS036H. Yes, it only supports b/g protocols but it's been proven to work well with Backtrack (or the other way around). That's why most beginners get it.

I was going to get the AWUS036HNR which supports N protocol but I'd read that the driver didn't support injection, which I think is pretty important. But it's a relatively new card and I didn't want to take the chance that it wouldn't work or had bugs. I especially didn't want to waste time searching/waiting for drivers/help if it didn't. So I got the AWUS036H.

It really comes down to what you're willing to accept. If you want to be assured of the unit working with Backtrack 5 right out of the box, get the Alfa. Mine did. If you're willing to accept some risk of a) having to download/install drivers b) searching help forums when it doesn't work c) wait for new drivers or bug fixes for existing drivers d) writing your own, then take a shot with a different unit.

You're looking for a model which backtrack can support right? That is, a card that has drivers that are included in Backtrack? As I said, Vivek specifically mentioned the DWA 125 in his book so I assumed it meant that drivers for that unit came with BT5. However, looking at the list in the site below, I don't see it so I'm not sure what to make of that. Like cd1zz, I have the Alfa.

Here is a list of working cards for BT5:
http://www.backtrack-linux.org/wiki/index.php/Wireless_Drivers#Tested_and_working_cards

I tried this at home with a spare Linksys router - it was scarily easy. What made it worse was that the Linksys lets you think you've turned WPS without really doing so. That is, I turned WPS off, ran Reaver, and it still cracked my WPS PIN and WPA2 password in under 3 hours.

In my limited experience, Reaver is easier to use and more successful than cracking WEP with no client attached (which I've been unsuccessful in even though my target router is just in the next room.) And Reaver v1.4 comes with a tool called wash that allows you to scan your local area for WPS enabled routers. There wasn't a single router in my local area with WPS off.

One thing I found though was running Reaver caused a DoS on my primary wi-fi router, even though I'd turned the txpower way down. The significant other was not pleased.

You might want to check the Hardware Compatibility List (HCL) on the Backtrack website for cards that are P&P ready with BT5.

I know that Vivek Ramachandran recommends the Alfa card in his BT5 Wireless Pentesting for Beginners guide, but he specifically referred to the D-Link DWA-125 as an alternate so you might be safe going that route.

If it were me, I'd take the v7. Unless I was an accomplished pentester with years of experience, I wouldn't want to chance it.

You already know how the info v7 covered could be characterized as a mile wide & a foot deep. I personally wouldn't want to take the chance that v8 maybe went 2 feet deep and I wasted my money on v7 training that didn't quite cover it v8.

I thought the All-In-One was excellent and a great companion to the EC Council material, although it did fall a little short in covering several sections: Wireless, Trojans, & Web hacking.

I actually appreciated where the author gave pen testing advice instead of just teaching to the test. For one, there's an awful lot of dated material in the ECC package and the All-in-one author pointed out these areas.

Unfortunately, I'm not sure how the information in the book will be relevant to the v8 test, which is a shame.

I was at a Starbucks the other day and thought of this thread. Some kids had been outside doing chalk art and I thought back to my CEH training and thought, "Well whatdya know, War Chalking!"

But you're absolutely right, some of these certs seem to think they're being paid by the weight of the book.

At the risk of being laughed off these boards...if you're a true beginner, some of the Head First books are pretty good. I've used a couple of them and have been generally satisfied. They cover the very basics, in some cases introducing the reader to variables, loops, conditional statements, etc. Plus they give you more or less real world exercises to do. Again, not for the experienced programmer but pretty good for the beginner.

Anyone else have any experience with the Alfa AWUS036NHR card? I was about to get it when I read that it's not plug & play with BT 5 (and manual driver installs were a pain) + something about it not capable of monitor mode while in N. I'm debating on whether or not go ahead and get it or stick with the old one (b/g only).

Anyone know if R2 will have the drivers for the Alfa AWUS036NHR (b/g/n) wireless adapter? I've looked for a list of what's in R2 but I can only find the blanket statements.

Great writeup. Regarding the above - are the objectives for each exercise clearly defined? I've seen some labs where the goals are somewhat ambiguous but the answer is not.

As much as I've griped about EC Council training, I personally think any training where you learn something/anything from is valuable to some degree. I guess if you can say, "I learned something" it's not a complete waste. Now whether or not learning that DES encryption uses 56 bits is worth $1000, well that's a matter for debate. What the CEH gave me was not the ability to pen test or hack but the broad knowledge of what's out there and to a small degree, how to defend against it. Because of CEH I can say that I know *of* SQL injection, XSS, buffer overflows, sniffing, etc. I would imagine that most of the entry level security courses would be the same. Now it's up to me to develop that high level knowledge into a true skill.

It seems to me that any training you recieve is obsolete the moment you've completed it. Like a new car, by the time you hang that certificate on the wall its value has already depreciated significantly. This field, like any other technological one, is constantly evolving and I think it falls upon the W/B/G Hat to keep up with the latest techniques.

Like you though, I've been feeling overwhelmed by what I don't know. I get this feeling that what separates the White Hat from the script kiddie is indepth knowledge of: SQL, Java, Javascript, Perl, Python, Backtrack, Metasploit, and the list goes on and on. I think ajohnson said it best, the guys that are true masters at this stuff live and breath it. While I'm playing a computer game (not WoW) or watching Big Bang Theory or Netflix movies, these guys are perusing the forums and security news, et al. I'm just not sure I'm ready to devote my life to this stuff, especially since it's not my profession but more of a hobby and something that might distinguish me during a layoff period.