Like last time, I'm looking forward to the next part.

I've been waffling on whither I want to take this course or not. I doubt my skill set is strong enough (lack the programing), but I'm sold. I'm going to take this course next year. (gives me time to learn some perl and python between now and then).

Just as a heads up, you don't have to be a top notch coder for this course.  Some basic scripting is really all that you need.  If you do one of the <language> in 21 days type book you will probably have all that you need.  The course focuses on short scripts that perform very task oriented things so you won't need to deal with any of the really complex programming topics, just the basics like network socket creation and basic functions. 

To be honest, book choice is very personal.  For me, I already know other languages so for the most part I want to reference that tells me functions, parameters, and use cases, but if you don't have very much experience programming then that may not be ideal for you.  I recommend going to a bookstore and flipping through some books starting with the O'Reilly books and find something that feels like you would enjoy going through it.  There are lots of resources online too, you may want to head over to: http://wiki.python.org/moin/BeginnersGuide and just see what you think before opting for a book.  It's all in your learning style.

Awesome Work Ryan you are a true asset to EH-Net!

Regards,

Brian

I contribute this to two things.  As you said, many people are used to being spoon fed material and then being forced to regurgitate that material at a later time.  This course is not about that at all.  This course is about understanding the material, and applying it in context.  So, if people are glancing over the material and then going ok, where in the content can I find out how to hack a redhat box, then they will get very little out of the class.

The second thing is that while people may have learned some of the material from the course, they aren't taking the course as a whole into consideration.  This course is great for talking about looking at all of the resources you have at hand.  After having done the exercises in the class, I can say that if you are blindly trying things, you will never get but a small fraction of the content.  If you are approaching things like the course taught, and going through and doing quality enumeration and mapping, and then doing some basic googling/grepping for what you have found, then things become significantly easier. 

If you are having trouble, I recommend stepping back and re-evaluating your data.  If you don't have full scans/enumeration of the assets in the environment, you need to have an understanding of what you are working with.  Once you know what you are working with, google and grep should get you the rest of the way towards what you need. 

I appreciate your post though, as it outlines why I think this is quality material.  This course is about understanding what is going on, how to use all of the tools at hand to interrogate machines, and then once you have the resources, understand how to apply that information.  By the end of this course, you should be understanding how to apply your skills to different situations and deal with everything from scanning and enumeration to escalation.  I think that is a huge endorsement in that if you pass the exam, it shows you do have an understanding of what is going on, not that you have great memorization skills.