Forum Replies Created
February 26, 2013 at 7:01 pm #52110
Enjoy the course.
February 24, 2013 at 10:11 pm #51939
I 3rd (or 4th) what ajohnson said…a password attack shouldn’t be your primary vector. Personally speaking, in the lab and on the exam, I didn’t put much effort into password cracking/guessing other than the obvious ones (username, defaults, etc). I felt that there were more direct/less random ways to get into the machines.
February 24, 2013 at 3:14 pm #51937
I’m registered to retake the test next Sunday.
February 19, 2013 at 4:01 am #51936
Thanks for the encouragement, azmatt!
The course has well been worth it and I have learned a lot. I highly recommend the course and good luck to you when you start.
February 18, 2013 at 9:18 pm #51934
Thanks for the advice and encouragement, ajohnson and H1t M0nk3y.
February 18, 2013 at 4:36 pm #51931
February 18, 2013 at 4:36 pm #51930
When I was doing the lab, I had pretty good luck with the RockYou wordlist found here: http://www.skullsecurity.org/wiki/index.php/Passwords
However, it is a huge list and it’s unlikely you’ll be able to use it all in the limited time you have for the exam. Better to start off with a smaller list – like the one you created as you were going through the machines in the lab.
Thanks for your repsonse, superkojiman. I will give that a try in the lab and work on a smaller list.
February 18, 2013 at 12:13 am #51796
November 9, 2012 at 3:50 pm #49471
Thanks for posting this, Jamie.R! This was just what I needed.
November 9, 2012 at 3:04 pm #50780
Congrats on passing the exam, DragonGorge! Your review was good, honest and in depth. I am going currently through the PWB course myself and plan to take the exam within the next 30 days.
Don’t let this discourage you if you want to be a pen tester. I am a pen tester/consultant and in my opinion there are things in the course that are more difficult from real world pen testing. This course will have you better prepared than someone that hasn’t taken this course. I have taken the Foundstone Ultimate Hacking course in 2004 and the Certified Ethical Hacker course in 2010. Those courses were good for teaching you how to use the tools, but didn’t teach you how to be a pen tester. This course does a better job.
In the real world, you can use vulnerability scanners and you have unlimited use of Metasploit, but knowing how to get by without that luxury is one of the good points of the PWB course. In actual pen tests, you don’t have time to do everything manually and this is where vulnerability scanners such as Nessus is a time saver. My point is, don’t let this discourage you from starting a career as a pen tester.
Thanks for sharing your review.
November 8, 2012 at 6:15 pm #48584
Catalyst256, congrats again! I follow you on Twitter. Awesome blog by the way.
November 8, 2012 at 6:13 pm #48087
I’m taking the PWB course. I need to “try harder” to finish the course. I started in April with 90 days lab time and I have been extended my lab time each month. On a positive note, I am a pen tester and started in March and the experience is helping with the PWB course, especially report writing. Prior to my pen testing job, I worked as an application security analyst. My experience prior to becoming a pen tester was vulnerability scanning and didn’t have any hacking experience outside of some courses I have taken over the years. I will probably have to extend my lab time once more, but it will be the last.