Can you define for us 'beginner in pentesting"?

What do you know of any specific programming languages, assembly?  Do you have reasonable understanding of buffers and sockets, as they relate to programming and networking?  How well do you understand networking, in general and the OSI model? 

Need to understand where your strengths are, and what you feel you're capable of and WANT to learn / know.

Hi there,

I attended SANS 560 recently (May 2010).
Before enrolling I noticed the NOTE below about the course, saying that it is a pretty technical one.  I have never had a chance to go to any SANS course before, so I really can't tell how it compares to others.

I have to say that I had problems keeping up with the course, not because I’m not technical enough, but because of the speed of it - lots of material, the instructor didn't stop talking one second, and my brain works in a particular way that goes against that, when I find something that interest me, I want to fully understand it before I move on.

Just to give you an example, when the instructor talked about Pen Testing methodologies, I was familiar with one he mentioned, but not with the others, so I wanted to read the descriptions in the text book, by the time I finished, the instructor was well into the next section of the course.  Basically I was playing catch up sometimes. But that is just me.

If you are asking which course to go to, I say 560, because I understand that it covers most of the material in 504 (overlap). These courses are very expensive, so there is no point attending 504 now, and later on 560, which will be mostly a repetition. Of course, if your employer is paying for the training, I guess it is a different scenario.

Just to give you some info about me, I work in Network Security and use some of these tools on a daily basis, but some were new to me.  I’m very strong in Windows, weaker in Unix. I have a few certifications as well.  The most technical course I have taken was "Oracle University" PL/SQL for Oracle 8, back in 1999, and I really got some grey hairs because of it, it was very difficult for me at the time. In comparison, SANS 560 was a very satisfying course.

As you can see, “technical course” or a “challenging course” depends on your own technical skills and where you are in your career. 


Marcos
in Toronto



SOURCE: http://www.sans.org/security-training/network-penetration-testing-ethical-hacking-937-mid

Heh... sil, that's a novel idea to slow him down...

I jot notes, as sil noted, but I also tend to throw my ipod recorder next to me, or record with my laptop webcam, to review and re-jot notes at the hotel at night, etc, when I take these courses.  Sometimes, it helps to be able to review again, when I can pause it, etc.