I'm not aspiring to be a pentester and I don't think 542 will help someone go from zero to pro overnight. It does provide good starting foundations though and there was broad coverage on different subject areas and lots of tools. I'd guess that doing PWB would be more "fun," but 542 was a good experience nonetheless. Kevin Johnson brought it all together quite well.
So that said, I have a spare GWAPT practice exam for someone who has never taken a GIAC practice (or real) exam before. I know SANS courses and GIAC certification attempts aren't cheap, so instead of passing it to someone in the SANS Advisory Board or another forum where I've given away practice tests before, I figure I'd give someone here a shot at it. So for a little fun, here are the rules:
- You have never taken a GIAC exam before (I'm relying on your sense of honor here).
- You must send your request to my email address encrypted with my GPG key.
- Determine the OS and its version that my website is running on.
- Determine the RFC1918 address space the server is sitting in.
I'm not inviting a pentest or simulated / real attack, just merely a casual scan and guess-work with your favorite interception proxy (if that's how you roll). No exploits allowed, thank you very much. I haven't patched in seven years (...just kidding). If you can't find the answers, just pat yourself on the back for trying (not as if I could do any better) and email me your encrypted request.
Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/