Thanks for your comments ajohnson, I appreciate it.
I just finished watching the first 5 videos of SecurityTube on Assembly for Hackers. I will watch the rest probably tomorrow. I speak and understand completely Hindi English now fluently ! :-) Great work from that guy, he's awesome and a good teacher.
No problem. It's funny how quickly you can adapt to a strong accept. As with Vivek, a good friend/ex-coworker of mine was from Colombia and had a very strong accent. I could barely understand him for the first couple days we worked together, and then I just suddenly stopped noticing it.
WAHH2 is a great book, good choice. If you're looking for a bit more in-depth read on SQLi, consider
http://www.amazon.com/Injection-Attacks-Defense-Justin-Clarke/dp/1597494240 as well (no rush, it'll take you awhile to get through WAHH2; save that for a rainy day). Syngress also has an entire book dedicated to XSS, but I haven't had a chance to go through it yet.
I know that the 30 days to finish the lab isn't going to work. It will be a 90 day walk for me, that's for sure.
Yea, 30 days is a really aggressive schedule. You need to space out all the frustration, so you don't get an aneurysm
My question is: Are the offensive books on Amazon are worth it ?
That totally depends on the book.
Metasploit: The Penetration Tester's Guide
That's a very good book, especially for someone with little-to-no Metasploit experience. Also, it'd be hard to go wrong with Dave Kennedy and all the OffSec guys (along with a stamp of approval from HD Moore). Sil wrote a review not too long ago (
http://www.ethicalhacker.net/content/view/418/2/). Remember that Security Tube also has a Metasploit series, and there's always Offensive Security's free course as well:
http://www.offensive-security.com/metasploit-unleashed/Main_PageMetasploit Penetration Testing Cookbook
I don't have any experience with this one, and it seems to overlap a lot with the previous resource. I'd start with the other one and the free course and see if you feel like you need another written resource beyond that.
Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
This book actually looks like it has decent content, but the title is ridiculously embellished. That's unfortunate. Just glancing at the ToC shows that about half the content is basic material that you'd probably find in most penetration testing resources. It's probably got a few chapters that would stand out and be worth a cheap used price, but $60 seems pretty steep.
The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy
I'd drop this one off your list of potentials. It's probably a fine book for what it is, but I don't think it's going to teach you anything you're not covering elsewhere.
If that wasn't enough, Tom from Hacking Dojo also has a book that, in addition to generation penetration testing techniques, also covers some business and project management information. This isn't as exciting as popping a box, but it's important information for aspiring professionals:
http://www.amazon.com/Professional-Penetration-Testing-Creating-Learning/dp/1597494259/ref=sr_1_1?ie=UTF8&qid=1345319341&sr=8-1&keywords=professional+penetrationThis one also covers a lot of general tools and techniques and may be worth a look:
http://www.amazon.com/Penetration-Testers-Source-Toolkit-Third/dp/1597496278/ref=sr_1_1?s=books&ie=UTF8&qid=1345319091&sr=1-1&keywords=open+source+penetrationYou're on your own as far as all those go. Just go with what looks interesting to you. You'll find that you're going to have diminishing returns with each resource you use. You may find the first book you read to be 95% new and exciting, but your fifth or sixth book may fall to 15-20%. You'll probably get something out of any resource you go through, but you need to determine if that's going to be the best use of time and money.
OSCP - Offensive Security Certified Professional : Failed my first attempt at the OSCP exam
