I’m getting on okay, I’ve definitely learned a lot. I still think I struggle with the methodologies and steps. Give me a vulnerable VM and I know pretty much how and where to start. With this you might get 15 or 20 ports open on an individual box and it’s tricky to know when to move on to other avenues of exploration for vulnerabilities. Not to mention the fact it might not be directly exploitable. You might need to compromise another box first which is receiving traffic from the other and you need to tcpdump it to find your route in. It’s definitely eye opening when compared to everything else I’ve learned about pen testing, it’s definitely the closest thing to real world I have ever seen.
Also as I am not a programmer some of the ‘fixing exploit code' sections (especially in C) have been challenging.
EDIT: Bloody autocorrect.