KrisTeason

If you are new to programming, I would start with Python -> C -> ASM. Perl may not be necessary here. You should take a look at some of the courses Vivek has at Pentester Academy. There’s still promotional pricing available for a limited time. He has some ASM Material on there that is solid. In addition to Pentester Academy, Cybrary is a Library…[Read more]

Congrats SephStorm!

Very well deserved. You’ve won 2 of the 4 giveaways for 2014 🙂

You took SEC560 few weeks back and have your next SANS course picked out.

Which one will you be taking on next?

This looks vulnerable. How does the user’s input make it over to the $cmd variable? via a $_POST parameter? Try manipulating the request with a proxy and see if you can change it’s value to get a command executed. If you can break out of the quote, you can append (with &&) additional commands that can get executed.

This video will…[Read more]

There’s a WAPTX review up from the PrimalSecurity Team.

The Christmas coupon code is, ELS-XMAS-2014. You can get their full Penetration Testing Student v2 course for $49 when checking out with it.

Did anyone sign up for WAPTX? How do you like the content? If you missed the chance to enroll, eLearnSecurity currently has an all-access pass offer going through this month:
https://www.elearnsecurity.com/offers/all_access.php

For $3999 you can get access to all 9 of their courses (elite version). Insane deal!

A few differences that I noticed between PWB v3 and PWK:
-Ncat was introduced
–PBNJ has been removed
–Unicorn scan has been removed
-Module 5 on ARP Spoofing has been removed. Off Sec students won’t be performing ARP Spoofing in the labs.
-Some more useful information was added in under the Buffer Overflow Section of the course.
-PWK gets into…[Read more]

Quick summary of yesterday’s webinar.
eLearnSecurity released their new Web Application Penetration Testing eXtreme course along with their new eWPTX Certification. Here is a look at the Syllabus.

Through and up to November 30th, you can use the coupon code: WAPTX-NEW-30 during checkout to receive a 30% discount on the course. You’ll also be…[Read more]

Look into:

The Basics of Web Hacking: Tools and Techniques to Attack the Web (Great introductory book)

Web Penetration Testing with Kali Linux

The Web Application Hackers Handbook, 2nd Edition

Hey SephStorm,

You are allowed to use Metasploit in the PWK Lab Environment. There are remote exploits out there that you can also pull down, compile and run. The course does a fine job teaching you how to compile/cross compile/port exploits and presents numerous ways how to get root. People out there have also coded their own point and click…[Read more]

Hi mosunit90,

Welcome! PWK doesn’t go too far into Web Application Attacks. They saved their real content for their AWAE Course. To get an idea of what to look forward to check out their course syllabus (Check out Section 13). The OffSec guys developed a custom web app for you to play around with that’s provided on the Lab Machine your given…[Read more]

Hey bahr,

Great to see another programmer on here interested in penetration testing. While everyone is saying go for it, I was looking at your background along with how much time you have to study throughout the week. 2 hours each day throughout the week is going to be hard to progress in the lab environment.

I don’t look at PWK as an…[Read more]

Hey SephStorm,

I’m going to +1 Hayabusa here regarding indexing your materials. Everything on the GPEN Examination is straight out of the text books. While it’s not incredibly hands-on, be sure to be able to recognize the output of various tools (like how do scans appear while sniffing with TCP Dump, etc). Be comfortable with commands to…[Read more]

Recently took the eWPT exam. Waiting on the results. The course content and labs are great. Plan on going through the Practical Web Defense material soon here.

The GPEN has more recognition over eLearnSecurity’s Certifications. Offensive Security’s courses are great and people have respect for OSCPs and OSCEs.

Having recently taken the eCPPT Gold Examination, eLS has really stepped up their Examination Challenge from their Silver Exam. Not only have they made it more hands-on, but they test you on more…[Read more]

GWAPT
OSWE if OffSec plans on releasing an Advanced Web Attacks Online.

Considering WGU for my Bachelors. If I attend, I’ll be after the
OCJA, CIW Database Design Specialist, CIW Javascript Specialist, CCENT or CCNA Certifications.

Fell short of my 2013 goals. Can only move forward.

Great work ! Congrats!

Hello,

If you managed to own all of the machines in the lab, your well prepared for the examination. The report is sent in after the examination challenge is taken.

Version 3 of Pentesting with BackTrack has been out since March 2010 (I know, I was one of the 1st people to enroll). After going through the course and finishing up about June 2010,…[Read more]

Congrats! What Certification is on your radar next?

1. With EH-NET all the way!
2. Not too extensively. Less than a handful of times a year am I messaging users.
3. Possible
4. I could also help you test.
5. Like a couple of the other members, I’ve been a consistent long-term member. I would love a moderator opportunity as long as we do not discount moderators winning the fabulous prizes.
6. Not my…[Read more]