The course materials consist of a 330+ page lab guide, and series of instructional videos to go with each chapter. Within the lab guide you will find a very broad range of topics including Backtrack basics, information gathering techniques, service enumeration, port scanning, arp spoofing, buffer overflow exploitation, Metasploit usage, SSH tunneling, password attacks, physical access attacks, web application attack vectors, and much more. The way the videos are presented make each topic easy to follow. Probably the most important part of the course is the lab itself. You can purchase lab access in increments of 15, 30, 60, or 90 days. I highly recommend doing at least 60 days in the lab. The first week or two you will want to focus on going through the lab guide and videos and only briefly touch the lab for some of the techniques taught in the guide. Once you complete the lab guide jump into the lab and hold on tight because you are in for a lot of pain, agony, reward and great self-satisfaction. During your time in the course make sure to visit the offsec forum and jump in the FreeNode IRC channel #offsec to network with other Offsec students and administrators. Don't hesitate to ask for assistance if you need it but be prepared to receive the notorious "Try Harder" response. The secret to asking for assistance is to have a very specific problem you are trying to solve. Details are very important. Don't just say you can't penetrate a box. Explain in detail the steps you've taken to eliminate every possible exploitation avenue and you may be given a nudge in the right direction. Still, don't expect anyone to hand you anything during the course.
The lab itself is a massive hacking playground. It's setup similar to a standard corporate network. It is divided into four subnets with a few firewalls in between networks. You will find Windows hosts, various Linux flavors, firewalls, and maybe even a Mac! You may even run into some users to interact with. Know that every host CAN be compromised. Some are easy, and some may take weeks of analysis and research. I compromised about 95% of the lab environment. Be prepared to spend hours upon hours of time in the labs as they are very addicting(Hopefully you have a very patient/understanding spouse). Also, make sure to keep really good notes. I used the recommended Keepnote tool in Backtrack to consolidate all my notes and screenshots. Since the lab is so massive it is easy to move on to another target and forget what you have done previously. Part of the course is writing a full penetration test report of the vulnerabilities and how you exploited them. It is not mandatory to do this for the lab but they say it may weigh in your favor during the exam. I recommend doing it. My report ended up around 120 pages. It should come in handy as a reference guide for future pentests.
In order to be successful in PWB one must learn to be extremely resourceful and very creative. You have to be able to look at a system from all angles, each service individually, and then everything as a whole. There are times when a service alone may not be vulnerable to an exploit, but that same service coupled with a secondary mechanism(user action, process, misconfiguration) happening somewhere else may provide an avenue for penetration. You must also not focus on the lab guide alone for this course. It is a great introduction to pentesting but many of the exploitation techniques you will need to learn on your own from other resources. Specifically the topic of privilege escalation was one of the most complicated and tedious things to learn. But don't worry as there are many great resources already available out on the internet detailing this and many of the other techniques you will need to be successful.
To conclude this review I really would like to thank the Offsec team for providing such a great avenue for learning. In my opinion the course and lab are brilliant. If you are interested in security, and want to dive deeper into the world of penetration testing I highly recommend you consider Offensive Security's Pentesting with Backtrack course. Just keep in mind that this course is not for the faint of heart. You will need to dedicate the majority of your free time to the course and labs in order to succeed. But the payoff for your hard work will be great. If you start to get discouraged take a break or move on to another box. Also, don't hesitate to retry exploits as sometimes they have a strange way of failing only occasionally. Above all, remember to always...Try Harder!
Helpful Resources: Research - If you aren't familiar with this word you will be. Google is your friend. Just remember that someone has done this before you and probably posted something about it on the internet somewhere. Go through the Metasploit Unleashed course (it's a free course offered by Offsec... why not take it??) - http://www.offensive-security.com/metasploit-unleashed/Main_Page G0tmi1k Privilege Escalation Guide -http://g0tmi1k.blogspot.com/2011/08/basic-linux-privilege-escalation.html Searchsploit - Search for local exploits within Backtrack - Hacking: The Art of Exploitation - Good source for C exploit development Web Application Hackers Handbook Pauldotcom - They always have great guests and tech segments. |
root@dafthack:~# >
