After hearing and reading so many positive reviews over the past year, I decided to take the plunge. I received my materials late Saturday (08/04) evening, which was technically 08/05 00:00 GMT. So far I have about 8 hours invested into the course and I have enjoyed everything so far. At first, I started reading the modules in order (lab pdf) but then I decided to briefly fly through the entire lab pdf, just to see exactly what I will be learning. Sooo..I've been reading/slighty skimming through the lab for about 4-6 hours and I'm only on module 8, so that should give people an indication to how much material is packed into the lab pdf.

Just like so many people have mentioned, I can get through the first five modules pretty easy (learning backtrack, learning some BASH/python, port scanning, enumeration, etc..)but from module six and on, I know I will have to do A LOT of outside research...which I'm completely fine with. I'm not going to lie, going through the buffer overflow section for the first time was like reading Japanese.

The further I get into the Lab pdf, the more I feel a little overwhelmed. I kind of wish OffSec would give you the choice of going through the PDF and Video's for a week or two, then starting the lab time. The material is totally worth it but I can't help but think I'm losing money by reading, researching, and watching video's..rather than messing with the lab.

My personal goal is to get everything done within 60 lab days and take the test some time after that.

Well I better get back to the pdf. Any comments are welcomed.

I completely agree. I think the key here is your loss = their gain as a lot of people seem to end up buying extensions.

One thing I'd caution you on is to use BOTH the pdf & video - I got hung up in a big way on the buffer overflow section because the pdf skipped over a key component. The video on the other hand covered it correctly.

What other resources did you use to learn buffer overflows?

I have about 5 links but any other suggestions would be nice.

This is also a pretty handy resource, using vulnserver: http://www.backtrack-linux.org/forums/showthread.php?t=203

Yes, great link. I hadn't seen that one before.

Also, I just remember that the Metasploit blog recently started providing these types of tutorials as well: https://community.rapid7.com/community/metasploit/blog/2012/07/05/part-1-metasploit-module-development--the-series

Agree with Agoonie. Just take it one lesson at a time and try not to stress about the stuff that sounds difficult. You can always circle back and deal with that after you've got some momentum.

My advice for learning the buffer overflow is to load the vulnerable software on your own lab machine and practice it there. That's what I did to successfully complete the exercise.

I don't know why every bufferover flow document talking about 32bit OS exploit (EIP, ESP etc..)

I didn't find any single document about 64bit OS exploit (RIP, RSP etc..) Because it has totally different register set..