Penetration Testing mailing list archives
Re: CEH training
From: D K <dwarkeeper () gmail com>
Date: Wed, 22 Jun 2005 17:24:39 -0700
Securitycompass is teaching a class in upcoming HackInTheBox.org on it, I have heard good things about it, my friend took their course and it was pretty good. I have seen the content as well and looks good. I would definately suggest contacting them to see if they have any upcoming public classes. dk. On 6/22/05, Richard Zaluski <rzaluski () ivolution ca> wrote:
Regarding "tools" and windows, most of the security tools that run on Windows are simply ported over from the *nix world. They run much better and often times allow much more flexibility in their use due to the way Windows and *nix operates and interacts with them. Its much better, in my opinion to run a tool on its native operating system. I have seen nmap for example running on MS 2000 professional completely lag behind the *nix version. Richard Zaluski CISO, Security and Infrastructure Services iVOLUTION Technologies Incorporated 905.309.1911 866.601.4678 www.ivolution.ca rzaluski () ivolution ca Key fingerprint = DB39 7FC3 1F5D AD94 85DD 78B0 774D 5DE5 B011 BD8C ======================================================================= CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient, please contact the sender. Any unauthorized review, use, disclosure, or distribution is prohibited. ======================================================================= -----Original Message----- From: glemmon () onealwebster com [mailto:glemmon () onealwebster com] Sent: Wednesday, June 22, 2005 2:30 PM To: brzurom () tycho ncsc mil; pen-test () securityfocus com Cc: rzaluski () ivolution ca Subject: RE: CEH training Thank you all for your comments, suggestions and recommendations. This is my take away from your feedback: The CEH cert needs some improvement, in that it is 1) very Tools oriented 2) more windows than *nix oriented (not necessarily a bad thing considering the average Windows Admin is light years behind the average *nix Admin in general network and sys know how) 3) Good training is very dependent on the Instructor you get (this is probably the issue in a lot of cases not just CEH cert/training). A lot of you that responded seem to have overlooked a minor detail though - I need something (training offering) preferably in an online format, I will not be able to travel for another two months project completion deadlines. I have looked at the SANS@Home course "Hacker Techniques, Exploits & Incident Handling" Instructor - Ed Skoudis and that is what I am leaning towards enrolling in. I also looked at ISECOM, Learn Security Online, SensePost and Foundstone. All are impressive in their syllabus/course outline and I know from reading some of the books from the Hacking Exposed series as well as other general reading that these institutions and their instructors are held in high esteem in the Infosec World, well with the exception of the Learn Security Online establishment. I could not get enough background information from their website about them. I really appreciate all the feed back, and you guys please keep up the great work of community building and knowledge sharing. I hope to be making my contribution to this list in a little while as a pen-tester :-)!!! Gregory -----Original Message----- From: Zuromski, Brian [mailto:brzurom () tycho ncsc mil] Sent: Wednesday, June 22, 2005 9:08 AM To: 'pen-test () securityfocus com' Cc: 'Richard Zaluski' Subject: RE: CEH training I actually attended a CEH workshop. Although it was only a sales pitch into what the class would be about we actually got to keep the class book. It doesn't really teach the theory in hacking....although they have a short section on what is a hacker and what keeps someone 'ethical'. Then they proceed to show you how to use 5000 different WINDOZE apps that constitute hacking into networks and systems 'ethically' of course. I just thought it was more for windows people who are curious and want to know how to enumerate targets. (IMHO it is just information you could get elsewhere) I thought it was too dependant on tools, and not strong on actually how to collect information manually. If they would introduce linux into the class then I would absolutely get the CEH cert as everyone knows most windows tools are based off of $nix tools that have been around and you have to know what your doing when you use the $nix tools forcing more theory and know how into the class that could help people understand across the board..... I will say this, the instructor who did this (Don), was extremely knowledgeable and knows the unix/windoze/network side of things, so if you get a good instructor it might pay off on the way the apps are working to collect information and enumerate targets....and that is what you need to be a pen-tester! -----Original Message----- From: Richard Zaluski [mailto:rzaluski () ivolution ca] Sent: Saturday, June 18, 2005 7:33 PM To: glemmon () onealwebster com; pen-test () securityfocus com Subject: RE: CEH training The issue we find with these courses is that they tend to be encyclopedic in nature. They teach you how to 'hack a box' rather then provide you with the skills a professional security tester needs. iVOLUTION currently has two Penetration Courses that we teach at IBM, its security staff and worldwide partners. Our classes are based upon the skills you need to become an efficient and resourceful security professional There are a few good courses out there that deal with Penetration Testing, not just ours. I would look for classes that deal specifically with Pen Testing rather than 'hacking' There is much more to being a pen tester than hacking. It's knowing the tools, techniques, methodologies and resources as well as understanding how to research exploits and properly assess networks and target systems. This is in conjunction with understanding the legalisms associated with testing that varies greatly in different countries, states, provinces and regions. As for online courses of this nature, I have not seen one as yet but I do understand time is an issue in your case. Regards, Richard Zaluski CISO, Security and Infrastructure Services iVOLUTION Technologies Incorporated 905.309.1911 866.601.4678 www.ivolution.ca rzaluski () ivolution ca Key fingerprint = DB39 7FC3 1F5D AD94 85DD 78B0 774D 5DE5 B011 BD8C ======================================================================= CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient, please contact the sender. Any unauthorized review, use, disclosure, or distribution is prohibited. ======================================================================= -----Original Message----- From: glemmon () onealwebster com [mailto:glemmon () onealwebster com] Sent: Tuesday, June 21, 2005 2:35 PM To: pen-test () securityfocus com Subject: CEH training Hi all, I am looking at getting some training to start my official journey down = the path as a Security Penetration Tester - and was wondering about the = views on taking the Intense School's CEH boot Camp. Has anyone on/from the list attended their course and have and feedback/recommendations? My = background is predominantly Windows, but I am fairly functional with Linux. I am more interested in online courses right now though only because I am = currently involved in some projects that require me to be available for my office = over the next couple of months. Any constructive feedback is more than = welcome. Thanks Gregory Lemmon, MCP, Security+ I.T. Manager
Current thread:
- RE: CEH training, (continued)
- RE: CEH training Chuck McWhirter (Jun 21)
- Re: CEH training ilaiy (Jun 22)
- RE: CEH training Drage, Nick (Jun 22)
- RE: CEH training Tim Singletary (Jun 22)
- Re: CEH training Michael Hammer (Jun 22)
- RE: CEH training Tony Mesenbrink (Jun 22)
- Re: CEH training Gareth Davies (Jun 23)
- RE: CEH training Tim Singletary (Jun 22)
- RE: CEH training Zuromski, Brian (Jun 22)
- RE: CEH training glemmon (Jun 22)
- RE: CEH training Richard Zaluski (Jun 22)
- Re: CEH training D K (Jun 22)
- Re: CEH training Pete Herzog (Jun 23)
- RE: CEH training Richard Zaluski (Jun 23)
- RE: CEH training Richard Zaluski (Jun 22)
- RE: CEH training Torig (Jun 22)
- RE: CEH training Tim Singletary (Jun 23)
- RE: CEH training Chuck McWhirter (Jun 21)
- RE: CEH training glemmon (Jun 24)
- RE: Sample pent test agreement evb (Jun 26)
- RE: Sample pent test agreement Erin Carroll (Jun 26)
- RE: Sample pent test agreement Irene Abezgauz (Jun 26)
- RE: Sample pent test agreement random (Jun 27)
- Re: Sample pent test agreement Pete Herzog (Jun 30)
- RE: Sample pent test agreement evb (Jun 26)