EvilZone

This is likely deadish, but anyhow..

Not only do you need 900 pages to cover web exploitation, but I also think they're not nearly enough.
For instance, the book merely touched on silverlight, Java applets, ActiveX controls and Flash objects. To reverse engineer native code, you need to know assembly, how to use ollydbg and IDA pro, how to beat obfuscation, etc... 1000 pages wouldn't be enough.
Web exploitation is way more complex than what you think, IMHO.

Directly from the book:

You have no idea what I think. Silverlight, ActiveX and Flash objects should not be considered a web exploitation subject unless the vector has to do with the regular web browser issues like xss / open redirection and such via a flash object and in that case it's not a flash vulnerability, but a problem related to the actionscript script. ActiveX, Flash or Java are usually binary exploitation with a remote vector e.g. a web browser with a plugin to handle the mentioned technologies. Web exploitation should consists of programming or logical errors related to the application running on a webservert or how the browser handle or are expected to handle HTML and Javascript. Getting RCE on Apache is not considered web hacking.

Generalising and even providing more specific / advanced examples of OWASP top 10 does not require 900 pages. Teaching stuff like abusing application logic to e.g. bypass security functionality or leaking information is not possible in a general way as it requires specific knowledge of the application.

I've read books about more theoretical stuff like discrete mathematics, computer architecture or data structures and algorithms, but I have to agree with the others, this topic needs hands on experience. From a hiring POV I've been to too many job interviews with people claiming to know simple stuff like in web exploitation, but when asked to coin poc's they fail.

but now becoming a good penetration tester is my main goal in life

I feel sad reading this... OT: If reading is your thing go a head and read 900 pages. Remember that most American publishers pay by the page. You don't need 900 pages to cover web exploitation and you could do just fine with less. The entire Windows Internals are covered by just over 1400 pages in Windows Internals part 1 and 2, it's *slightly* more complex.

The problem with books about exploitation vectors is how fast they are out dated. It's a 900 page book from 3 years ago. That aside it sounds like you have decided and likely already reading, I wish you the best and hope you will get the information needed.

Patch Tuesday November from Microsoft included a patch for for the Schannel package, with high likelyhood for RCE and marked as critical by Microsoft. The vulnerability was found during internal audit.

Anyone know of any exploits out for this issue yet - I'm talking private disclosed exploits, nothing seems to be in the wild yet.

Edit: Adding reference https://technet.microsoft.com/en-us/library/security/ms14-066.aspx

I do Python. Perl is just ridiculous.

You can't just use any proxy as the proxy have to be on the white list. If you can make facebook load content from sources you decide you're in luck, but i doubt this is possible. I don't use facebook and have very little knowledge of the whole app thing they do, but I doubt they would allow you to do any kind of proxy-related service.

if visited-ip in whitelist:
 continue
else:
 charge

Data sent to or from you to a white listed IP e.g. facebook will not be charged. Unless you control the white list or can use the white listed IPs to act as proxies you are out of luck.

You can't fool your provider wrt. what IP you connect to otherwise they would not be able to serve your request.

What is language? Language is a way to represent and communicate abstract thought. Without a definition of the structure it means nothing.

I agree, but not sure about the definition is correct.

Binary has structure - as does language. Putting a random string of 1's and 0's would equate to a random string of characters. A random string of alpabetical characters does not equal a language either. If there is meaning behind a string of binary and there is a structure that is communicating a clear instruction or concept or whatever - then it is no different than a language.

Putting a random string of 1's and 0's would not equate a string of characters, without first agreeing on what represents a character. Are we strictly speaking ASCII and expect the binary dataset to be byte sized? If so we are making assumptions of certain structural requirements are met.

The only difference is the character set. Binary uses 1/0, English uses a-z, chinese uses... whatever.

No. The English language can be represented as data via a-z as we have agreed upon the meaning of this data. a-z can be represented as decimal values by the definition of ascii value as well and these decimal values can be represented in any base. This does not make a-z characters a language, but  by arranging them using certain structure and rules they can be arranged to represent the English language. So binary data can represent a language by certain rules, so can any data representation as long as this is commonly agreed upon.

If i decide that the characters tyurgh that conceptually means "add" and other people in my community agree as such, this is language representing a specific concept.

If we decide that 0100 = "add" and tell the computer how to use this concept to further our goals - it is still language.

But if thats not enough - I'll also point out that binary does not merely represent data. It represents instructions as well. Instructions by definition are a form of communication. Communication requires language.

Given this binary string:
0b01000001010000010100000101000001
We interpret this as many different things neither of which are correct, just different interpretations based on defined rules.
"0x41414141"
"AAAA"
"inc ecx inc ecx inc ecx inc ecx"
"65 65 65 65"
1 99 0 0 1 99 1 99 0 0 1 99 1 99 0 0 1 99 1 99 0 0 1 99.

Yes the last one if one I made up, but it isn't incorrect. Binary is a way of representing data in a very pure form, but that does not make it a language.