Penetration Testing mailing list archives
Re: OPST vs CEH
From: "Patrick Prue" <pprue () cogeco ca>
Date: Wed, 11 Feb 2004 23:06:50 -0500
I do have to agree with Brian on the one point Track 4 is not intended to teach pen-testing. I do hold the GCIH certification and have for a number of years now the main focus of the materials taught and the certification as I view it is more leaning towards the whole incident handling cycle , having the knowledge of the hacker techniques and exploits makes you a better incident handler when it comes down to looking at the root cause of the compromise in the first place. The certification process can be very rigourus and challenging at times . And as I see the original question poised I guess the whole intent is what exactly are you hoping to get out of it . The OPST certification seems alot more centered around the whole methodology of Pen Testing and how to perform it . Seemingly if this methodology was performed by many pen testers they should each turn out a very similar result and report when drawing up the final reports. Just my 2 cents.. Patrick Prue GCIH ----- Original Message ----- From: "Bartholomew, Brian J" <BartholomewBJ () state gov> To: <pen-test () securityfocus com> Sent: Monday, February 09, 2004 7:14 AM Subject: RE: OPST vs CEH
Actually I did not, due to the fact that Track 4 was useless. I do
however
have a great respect for people who have taken the GIAC Certs as they are very difficult (especially the GCIA). But, as for the material covered,
and
the way it was taught, SANS Track 4 is NOT a good course to take to learn the basics behind pen testing. The question was asked about which to take...OPST or CEH (not GCIH). The answer I gave described the courses I had been through, including Track 4 and an "opinion" as to which of the classes were better. Also I would have to say that you are in the same boat as I sir since you
do
not carry the GCIH. So, your defense on that specific Track has as much credibility as mine if we are going off of "certifications" as you hinted
in
the previous email. I was in your shoes about a year ago and thought SANS was the greatest thing since sliced bread, until I took Track 4. The difference between Track 3 (your certification) and Track 4 (the one we
are
discussing) is too large to quantify. So, as stated in my last email, I suggest you take my advice and not waste your, or your company's money on SANS Track 4. Take the time and try to attend one of the OSTMM specific courses as they are much, much better. Good day to you. Brian J. Bartholomew US Department of State Bureau of Diplomatic Security DS/SI/ACD SA-20 Special Programs Ph: 571-345-2598 Cell: 202-369-6349 1801 North Lynn St. Arlington, VA 22201 -----Original Message----- From: Don Parker [mailto:dparker () rigelksecurity com] Sent: Monday, February 09, 2004 2:31 AM To: Bartholomew, Brian J; 'pen-test () securityfocus com' Subject: RE: OPST vs CEH Hello Brian, did you actually bother to certify after taking whatever SANS training it was that you took? The SANS training is among the best out there, however the challenge starts when you do the certification process. This has not only a
difficult
"practical" portion, but also two demanding exams. From what I have seen of the OSTMM and the CEH neither one of them measure up. The OSTMM does seem to offer business training as well though in addition to the other obvious training. Though I would say that
is
best left to a place which actually specializes in business training such as a college. Cheers ------------------------------------------- Don Parker, GCIA Intrusion Detection Specialist Rigel Kent Security & Advisory Services Inc www.rigelksecurity.com ph :613.249.8340 fax:613.249.8319 -------------------------------------------- On Feb 6 , "Bartholomew, Brian J" <BartholomewBJ () state gov> wrote: I have taken the CEH but not the OPST. The CEH is kinda simplistic, and pretty easy to pass. I have not taken the OPST, however, I have heard
that
it is much more in depth and more difficult to pass. I do think the course designed with the CEH exam (I took one through
Intense
school) is one of the better courses I have taken (in comparison with Foundstone, SANS, etc.). Those "other" courses are too mainstream and
none
of them speak of the OSTMM except for the CEH oriented classes. To sum it up...If you are looking for letters after your name and a good base to start with, go for the CEH (it can't hurt). If you want to take a more detailed, OSTMM sponsored test, take the OPST. What the hell, take both if you really like a challenge :) Brian J. Bartholomew Bureau of Diplomatic Security DS/SI/ACD SA-20 Special Programs Ph: 571-345-2598 Cell: 202-369-6349 1801 North Lynn St. Arlington, VA 22201 -----Original Message----- From: circut () hackthisbox org [mailto:circut () hackthisbox org] Sent: Friday, February 06, 2004 11:01 AM To: kenzo Cc: pen-test () securityfocus com Subject: Re: OPST vs CEH I've taken the CEH class. It's pretty good, but it focuses more on hacking windows then it does linux or unix. The instructor and environment was good though. They don't really talk too much in depth about buffer overflows or privledge escalation on linux. But I think the class was worth it. NEver taken any of those other tests. -circut On Wed, 4 Feb 2004, kenzo wrote:I'm thinking about taking one of these certs. OPST (OSSTMM PROFESSIONAL SECURITY TESTER) or CEH (certified ethical hacker) I've read about the two, and they seem to be kind of the same thing. I know that some people in here were talking about the opst, but whataboutthe ceh? Has anyone taking the CEH or both? Please let me know. thanks.--------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--
--------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--
--------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--
--------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--
--------------------------------------------------------------------------
-
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php --------------------------------------------------------------------------
--
--------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
Current thread:
- Re: OPST vs CEH, (continued)
- Re: OPST vs CEH circut (Feb 06)
- RE: OPST vs CEH Matthew Stein (Feb 06)
- RE: OPST vs CEH Bartholomew, Brian J (Feb 06)
- RE: Learning vs. Play Time Robert E. Lee (Feb 07)
- RE: Learning vs. Play Time Clement Dupuis (Feb 12)
- RE: Learning vs. Play Time Robert E. Lee (Feb 07)
- RE: OPST vs CEH Don Parker (Feb 07)
- Re: OPST vs CEH Ben Nelson (Feb 11)
- RE: OPST vs CEH Bartholomew, Brian J (Feb 11)
- RE: OPST vs CEH wjnorth (Feb 12)
- credentials & experience (was: Re: OPST vs CEH Meritt James (Feb 16)
- Re: OPST vs CEH Patrick Prue (Feb 13)
- RE: OPST vs CEH Pete Herzog (Feb 16)
- RE: OPST vs CEH wjnorth (Feb 12)
- RE: OPST vs CEH Don Parker (Feb 12)
- RE: OPST vs CEH Don Parker (Feb 13)
- RE: OPST vs CEH wjnorth (Feb 16)