Re: About to start PWB - Any tips?

["fl3xu5" <fl3xu5 () gmail com>]

PWB is very difficult course but it's very awesome and challenging. 


The most important thing is you must know the pentest methodology. Because in the course you have to test every 
machine. 

The course has many exercises lab. And it's really make you "try harder" :)


-----Original Message-----
From: Jonathan Leigh <dantevios () gmail com>
Sender: listbounce () securityfocus com
Date: Wed, 20 Jun 2012 13:02:09 
To: Alex Dolan<dolan.alex () gmail com>
Cc: <security-basics () securityfocus com>
Subject: Re: About to start PWB - Any tips?

I have taken this course and what I have to say about it is be
prepared. This course is difficult and it is meant to be. Do not
expect any help solving anything from anyone. Learn how to do things
manually because using automated tools is not allowed (for the most
part).

The most important advice I have is DO YOUR HOMEWORK. Do the labs.
Hack every machine in the lab and make sure you really know what
you're doing and how to break into them.

There are surprises on the test that you will not anticipate.
Surprises that are not taught in the course material that you will
have to think on your feet to figure out how to solve them. I will not
give away any of the solutions so do not ask for them. Just be
prepared to practice, practice, practice and devote a lot of your time
to doing some hardcore hands on hacking. Myself and another person I
know that is a pentester for a living have both taken the exam and
failed. It is not that we're dumb, it is just that the exam is that
difficult.

I went into this course having done a few capture the flag events and
having a computer science degree where I specialized in computer
security and I thought it would be a cakewalk given the material gone
over in the class. The test is almost as hard as defcon qualifier
puzzles, but not as easy as hack.lu capture the flag puzzles. Don't
underestimate the people at offensive security. If you want a taste
for how devious they can be with their puzzles you can look up the How
Strong is your FU? Competition solutions (I have a post about it on my
blog http://www.dantevios.com) or the hackers for charity event they
did.

I hope that this information helps you realize how serious this course
is and the work that you will have to do in order to earn the PWB
certificate. It is a tough certificate to achieve and I have great
respect for those that have earned it.

On Wed, Jun 20, 2012 at 3:32 AM, Alex Dolan <dolan.alex () gmail com> wrote:
> Hey guys I'm about to embark on the Pentesting With Backtrack course
> and was after any tips any one can give me.
>
> I'm fairly new to hacking and this will be my first training
> experience with it. I'm pretty self-sufficient with Ubuntu and know my
> way around Windows okay. Any areas I should be focusing on and
> brushing up before receiving the study materials?
>
> What do you recommend for hardware? Should I use a laptop and keep the
> same install running with me or will it be fine to move between home
> and work while I'm doing it and using a service like Dropbox to store
> my files and stuff? How much space should I allow for the BT5
> partition?
>
> Thanks for any advice you can give.
>
> -Al
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------



-- 
--
Thank you,
Jon Leigh

==========================================================
GPG/RSA Public Key: http://www.dantevios.com/rsagpg-public-key/
Email: Dantevios () gmail com
Website: http://www.dantevios.com
Facebook: http://www.facebook.com/dantevios
Twitter:http://www.twitter.com/dantevios
Gtalk: Dantevios () gmail com
ICQ: 577683269
AIM: Dantevios
MSN: Dantevios () hotmail com
Yahoo: Dantevios () yahoo com
Skype User: Dantevios
Skype #: 662-524-3653
==========================================================

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------