eLearn Security opens Hera Labs to all

the_hutch

Hera labs subscriptions are available (starting 27 December) from eLearn Security without required enrollment into the eCPPT training course.

Hera Lab - The most advanced Penetration testing virtual lab

yoshiiaki

Oh wow awesome. I'll have to hop in on that. Planning on taking the course for OSCP soon so this will be great to use a bit before hand and then afterwards to maintain the knowledge as well. Thanks

f0rgiv3n

Ahhh no way! It's like "hackthissite.org" but a real dreamland. This looks AWESOME!

chrisone

ah i thought it was free. Its only free of course enrollment and access is $299.

the_hutch

Yeah, you still have to pay subscription fees. But I've heard that they have way better labs than OffSec. But OffSec has a better training program. The way I see it, get your certification from OffSec and then stay sharp with Hera labs...without having to pay for a sub-par training program and a hardly recognized certification.

chrisone

Thats true, I definitely want to take the OSCP course someday however I want to read a few books on the subject before hand.

I am just finishing "the basics of hacking and pen testing." It is a great primer and refresher for new comers into pen testing. It is very basic but the author get you started in the right path and mind frame.

Then i want to read these books in order before i attempt the OSCP course.
1. BackTrack 4_Assuring Security by Penetration Testing
2. Metasploit The Penetration Tester's Guide
3. Advanced Penetration Testing for Highly-Secured Environments
4. Gray Hat Hacking, 3rd Edition
5. The Web Application Hackers Handbook 2nd Edition
6. Metaspoitable 2 Unleashed Online tutorial.

I also have a mini virtual lab i run on my laptop with hosts to hack including the Metaspoitable 2 VM image to practice on an "unpatched" host. I feel after all this information I should be more than ready to spend money on the OSCP.

the_Grinch

I'd remove any of the Metasploit related books as you aren't allowed to use it in OSCP, I believe.

the_hutch

chrisone wrote: »

Thats true, I definitely want to take the OSCP course someday however I want to read a few books on the subject before hand.

I am just finishing "the basics of hacking and pen testing." It is a great primer and refresher for new comers into pen testing. It is very basic but the author get you started in the right path and mind frame.

Then i want to read these books in order before i attempt the OSCP course.
1. BackTrack 4_Assuring Security by Penetration Testing
2. Metasploit The Penetration Tester's Guide
3. Advanced Penetration Testing for Highly-Secured Environments
4. Gray Hat Hacking, 3rd Edition
5. The Web Application Hackers Handbook 2nd Edition
6. Metaspoitable 2 Unleashed Online tutorial.

I also have a mini virtual lab i run on my laptop with hosts to hack including the Metaspoitable 2 VM image to practice on an "unpatched" host. I feel after all this information I should be more than ready to spend money on the OSCP.

In regard to #1 on the list, Packt Publishing is in the process of developing a low-cost e-learning video series entitled "Backtrack 5: Assuring Security by Penetration Testing"
**Shameless plug...I know**

chrisone

Ah nice! That Video e-learning series will be a nice addition to my study materials. Thanks for the plug hutch.

@Grinch - Metasploit is still a great tool to use in any pen testing job/environment. I still want to be very proficient using it regardless if one cert or another doesn't allow you to use it. With that being said, when I do take the OSCP I will adjust my lab and study habits to not include Metasploit. In the end, I would assume the more tools you have the better equipped you are for the task?

Well i dont want to turn this into a study materials post for OSCP.

Does anyone have any other links or tutorials on virtual labs for pen testing setups? I am interested in anything VM pen testing labs. Currently i run virtual box on my macbook pro retina. I have winxp, win7, 2k3, 2k8, centOS, backtrack5r3, and metaspoitable VM hosts. All hosts are running on an internal network in a sandbox environment except for the BT5r3 host which i need access to the web for research and updates to tools and programs.

the_hutch

chrisone wrote: »

Ah nice! That Video e-learning series will be a nice addition to my study materials. Thanks for the plug hutch.

I say shameless plug because I'll be profiting from purchases. I'm actually the author/producer of the video series, lol. Should be available in about 3 months.

chrisone

hahaha awesome! i look forward to seeing your work my friend!

the_hutch

Chrisone, (a slightly less self-interested plug) the Metasploit PenTester's Guide is by far the best Metasploit tutorial I know of (Some people would recommend Metasploit Unleashed or the SecurityTube videos, but I'd take that book over either...any day). That being said, I believe that the_grinch is correct about not being allowed to use Metasploit in the OSCP exam, at least from what I've heard. I'm planning on starting OSCP in early March (after tax returns come in), so I guess I'll find out then. I do have some video tutorials on my youtube channel that you might be interested in (Justin Hutchens - YouTube), though they don't come close to touching the quality of the work I'm currently doing for Packt. They have forced me to seriously readdress my whole approach to editing and rendering videos...so should be some pretty good stuff.

the_Grinch

Your point about knowing Metasploit is definitely valid. My thought was not to waste the time with the knowledge specifically for OSCP. Also, don't forget SecurityTube has a Metasploit certification.

SecurityTube Metasploit Framework Expert « SecurityTube Trainings

chrisone

Thanks Grinch, i understand your statement was purely on the basis of helping me and others on here to focus on the topics for OSCP. I appreciate it. Thanks for the link as well.

Thanks Hutch! i will subscribe to your channel. You are working on a project with Packt? That sounds awesome !

the_hutch

chrisone wrote: »

Thanks Hutch! i will subscribe to your channel. You are working on a project with Packt? That sounds awesome !

Yeah, the Packt project is the video series that I was referring to before. They are the publishing company that released the book "Backtrack 4: Assuring Security by Penetration Testing" and also the company that contracted me to develop the follow-up video series "Backtrack 5: Assuring Security by Penetration Testing." It really has been an awesome experience so far and I've already made some very solid connections. The lead technical editor for Vivek Ramachandran's Wireless PenTesting book (and editor for Hakin9 IT Security, ExploitMag and PenTest Mag) has already agreed to do a promo article for my video series.

chrisone

Nice! that is impressive! the promo by Vivek sounds awesome! The final product should be amazing and a great support to the pen testing community!