I am far behind on reading blogs; Twitter is impossible to keep track of, my inbox is overflowing and I have not been posting to my blog very much.
Why is that, you ask?
When I published my most recent post,
I was enthusiastic about the material, and that has remained. It is
very well presented and the exercises are interesting enough to be
challenging, yet not too simple. With a little guidance, I have been
coding up buffer overflow exploits, messing around with Metasploit, and I was even able to give Core Impact a spin. Of course, all of it in the virtual security lab that comes standard with the class.
While the name of the class is Pentesting with BackTrack, very little (if any) of the material is specific to BackTrack. Yes, it is true that several tools are discussed, but just as with the SANS
classes, the tools are only introduced after a basic understanding of
the technique that is implemented through those tools has been
My opinion remains unchanged: Pentesting with BackTrack
is highly recommended for any information security professional with
basic technical knowledge and a desire to keep his skill set up-to-date.