Why is everyone saying BackTrack is outdated? It's based off an LTS version of Ubuntu and is still completely supported: https://wiki.ubuntu.com/LTS

it's based off of 10.04 (lucid) which while in theory is still LTS but does not get nearly as much attention as other releases and BT uses different repos then normal lucid for most of it's programs which have out dated versions (with the exception of firefox and a few others) and they slapped on a kernel version that is no where near what lucid was designed to work with.

Are you crazy? It's never a good idea to run as root the hole point of sudo/levels of privilege is to allow for "security in layers" so that way if they compromise the signed in user an attacker does not have free reign of the system they have to find a way to escalate privileges. And it does not matter if it's a forensics boot or not backtrack still is based off of an outdated platform.

this is probably the best progressive lock out there http://learnlockpicking.com/

Like the guy above said the best way to get good really fast at lock picking is to get a progressive lock and practice. Lock your self in a room (no pun intended) for a day or so and do nothing but pick locks. And be sure to change up the configuration of the practice lock you are using, switch pins based on weight, size and type until you can pick anything that's thrown at you.

But to be honest use specific VMs are better and more cost efficient. Assuming your virtualization software is up to date its really unlikely that malware will "jump the petri dish" as it where. Also Backtrack 5 runs as root on a outdated version of ubuntu with tons of after market modifications i would not use it to do banking under most circumstances

he forgot to mention the tin foil hats and vpn chaining

for practicing and learning SQL injection i reccomend this lab on a LAMP server: https://github.com/Audi-1/sqli-labs  and if you get stuck the developer of these labs has video tutorials on Security Tube

Against a modern IDS i am not so sure they would not notice and do you really want to risk ending a pen test during the recon phase, because you got caught? I would rather deal with a slightly slow stealthy scan then a fast loud and noticeable scan.

I would have made it multi-threaded, but the thing with brute forcing DNS is it's noisy-ish, not as noisy as a Zone-transfer but even a half-assed IDS would pick up multi-threaded DNS brute force. also in my Experience python does not do multi-threading well.

here is a new tool i made for network recon. Basically it brute forces subdomains like any DNS analysis tool would but what makes dns2geoip.py different is the fact that it then geolocates the subdomains it finds and outputs their location to a kml file that is compatible with Google earth. This tool is ideal for wireless penetration tests where you want to know what services they run in house and which services they run out of a data center, but it is useful for scoping a normal network penetration test too.

https://github.com/thsle3p/code-for-pentesting

Has anyone found any good IIS/ASP/MSSQL hackme labs, I tried the Foundstone "hacme" series but am wondering if anyone knows any others.

i found a book on exploiting these systems:http://tinyurl.com/cq6r869

Don't get the H it does not support 802.11N or many advanced features that is why the Hakshop no longer sells it they now sell the NHA which is far superior DO NOT I REPEAT DO NOT GET the H

the  Alfa AWUS036H has the shitty reltek chipset and can not do 802.11N so go for the  Alfa AWUS036NHA and the hakshop no longer sells the  Alfa AWUS036H they sell the NHA so regardless of what vivek will tell you it is shit go for the NHA

Mdk3 will suit your needs if scripted, or you can look into http://openwips-ng.org/index.html however it is immature at  this time.