Re: [PEN-TEST] FW: [PEN-TEST] Forensic analisys and related training

[Eric <eric7095 () AOL COM>]

Eric Cole the instructor here, who was grossly mis-
represented in this email.  In this business you 
cannot please everyone and fortunately most of the 
people who take the course thoroughly enjoy it and 
find it valuable.  This previous email is one person's 
opinion and not the opinion of the masses (based on 
the reviews and feedback I have received).

In terms of out of date, you have to understand the 
goal of the course.  It is to describe and explain 
exploits so that you can better protect your site.  Only 
by understanding the offense can you build a better 
defense.  Since the class is only 2 days we cannot 
cover every single exploit, so instead we cover the 
most popular exploits or the ones that we see most 
often.  This is not just the work of myself but several 
other security professionals.  Yes, some of the 
exploits have been around, but if they are still being 
used on a frequent basis, we felt that it was important 
to cover them.  Why cover a brand new exploit, that 
few people are using to compromise systems.  
Second we update the course ever couple of months 
to keep it current as possible.

Finally and probably most important is the false 
statement about l0phtcrack and @stake.  Actually I 
do just the opposite, I give a huge pitch for l0pthcrack 
when I cover password cracking.  A direct quote "for 
what you get buying a copy of l0phtcrack is the best 
money you can spend, it is well worth every penny".  I 
just got done teaching this course 2 days ago in 
Monterey and several students told me about this 
posting and was laughing about the last statement 
because I talk very positive about the L0pht and not 
negative.

There are always those that are unhappy and I 
definetly did something to upset this individual, but 
overall most people enjoy the course and if you would 
like additional details, please contact me directly.

Eric



> I have taken and passed this certification and to be 
honest.  It is a joke.
>  The Level two Incident Handling and Hacker Tools 
is very out of date and
> I was not impressed by the instructor's, Eric Cole, 
knowledge on newer hacker
> tools.
>
> The course focusses mainly on the hacker tool part 
and it was amusing to
> watch the instructor try to get things to work in front 
of the class but
> just couldn't half the time.  To me it was a big 
waste of time and money
> I went for the incident response stuff and I got a 
lesson in being a script
> kiddie.
>
> As far as the testing itself goes, also a joke, I did 
not even study for
> the exam or read their "suggested readings on the 
web" and I still passed
> the tests, not with 100% mind you, but studying 
would have obviously done
> it.
>
> If you feel like wasting a couple grand to hear about 
being a script kiddie
> and why you shouldn't trust L0pht/@Stake then this 
is the course for you.
>  If you want to spend some money and actually 
learn something useful, look
> elsewhere.
>
> > I can't speak to why you are not able to get the 
training, however you
> > might
> > investigate 
http://www.sans.org/giactc/leveltwo.htm. 
The "Advanced Incident
> > Handling and Hacker Exploits" web based training 
is going to be starting
> > soon.
> >
> > Here's a short clip from the website:
> > "Advanced Incident Handling and Hacker Exploits 
prepares a student to
> > take
> > on the critical role of an incident handler, and 
seeks to identify those
> > who
> > can take a leadership role in incident handling in 
their organization,
> > their
> > communities, their nations, and globally."
> >
> > I've not taken any of the LevelTwo classes from 
SANS, so I can't vouch
> > for
> > how good this will be. Perhaps someone else in 
the list could?
> >