Penetration Testing mailing list archives
Re: [PEN-TEST] FW: [PEN-TEST] Forensic analisys and related training
From: Eric <eric7095 () AOL COM>
Date: Thu, 19 Oct 2000 00:51:57 -0000
Eric Cole the instructor here, who was grossly mis- represented in this email. In this business you cannot please everyone and fortunately most of the people who take the course thoroughly enjoy it and find it valuable. This previous email is one person's opinion and not the opinion of the masses (based on the reviews and feedback I have received). In terms of out of date, you have to understand the goal of the course. It is to describe and explain exploits so that you can better protect your site. Only by understanding the offense can you build a better defense. Since the class is only 2 days we cannot cover every single exploit, so instead we cover the most popular exploits or the ones that we see most often. This is not just the work of myself but several other security professionals. Yes, some of the exploits have been around, but if they are still being used on a frequent basis, we felt that it was important to cover them. Why cover a brand new exploit, that few people are using to compromise systems. Second we update the course ever couple of months to keep it current as possible. Finally and probably most important is the false statement about l0phtcrack and @stake. Actually I do just the opposite, I give a huge pitch for l0pthcrack when I cover password cracking. A direct quote "for what you get buying a copy of l0phtcrack is the best money you can spend, it is well worth every penny". I just got done teaching this course 2 days ago in Monterey and several students told me about this posting and was laughing about the last statement because I talk very positive about the L0pht and not negative. There are always those that are unhappy and I definetly did something to upset this individual, but overall most people enjoy the course and if you would like additional details, please contact me directly. Eric
I have taken and passed this certification and to be
honest. It is a joke.
The Level two Incident Handling and Hacker Tools
is very out of date and
I was not impressed by the instructor's, Eric Cole,
knowledge on newer hacker
tools. The course focusses mainly on the hacker tool part
and it was amusing to
watch the instructor try to get things to work in front
of the class but
just couldn't half the time. To me it was a big
waste of time and money
I went for the incident response stuff and I got a
lesson in being a script
kiddie. As far as the testing itself goes, also a joke, I did
not even study for
the exam or read their "suggested readings on the
web" and I still passed
the tests, not with 100% mind you, but studying
would have obviously done
it. If you feel like wasting a couple grand to hear about
being a script kiddie
and why you shouldn't trust L0pht/@Stake then this
is the course for you.
If you want to spend some money and actually
learn something useful, look
elsewhere.I can't speak to why you are not able to get the
training, however you
might investigate
http://www.sans.org/giactc/leveltwo.htm. The "Advanced Incident
Handling and Hacker Exploits" web based training
is going to be starting
soon. Here's a short clip from the website: "Advanced Incident Handling and Hacker Exploits
prepares a student to
take on the critical role of an incident handler, and
seeks to identify those
who can take a leadership role in incident handling in
their organization,
their communities, their nations, and globally." I've not taken any of the LevelTwo classes from
SANS, so I can't vouch
for how good this will be. Perhaps someone else in
the list could?
Current thread:
- Re: [PEN-TEST] Datacenter Wiring, (continued)
- Re: [PEN-TEST] Datacenter Wiring Darryl Luff (Oct 19)
- Re: [PEN-TEST] Datacenter Wiring JLJ (Oct 19)
- Re: [PEN-TEST] Datacenter Wiring Tom Litney (Oct 20)
- Re: [PEN-TEST] Datacenter Wiring Drew Simonis (Oct 21)
- Re: [PEN-TEST] Datacenter Wiring McGann, J (Oct 21)
- Re: [PEN-TEST] Datacenter Wiring Lady Sharrow (Oct 24)
- Re: [PEN-TEST] Datacenter Wiring Graham Lewis (Oct 25)
- Re: [PEN-TEST] Datacenter Wiring Jose Nazario (Oct 25)
- Re: [PEN-TEST] Datacenter Wiring van der Kooij, Hugo (Oct 25)
- [PEN-TEST] PEN TEST Price list Erick Arturo Perez Huemer (Oct 24)