RE: CEH training

["Tim Singletary" <Tim () active-defense com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Each and everyone of these course have their good points and bad. I
have been teaching and writing security related course's for 6 years
now as an independent consultant/instructor. I have taught both the
"Official" CEH course and the Infosec course, and will sum up my
experiences, if you have a good solid understanding of security and
want to walk away from the course with skills that will help you
perform a methodical pen test then the Infosec version is better, if
you are a beginner in the security realm then the "Official" EC
Council may be better as it is more into terms and tools that are out
there.

I will reiterate though that no matter whose version of the CEH you
take the instructor is the biggest part of the equation. A good
instructor can take bad courseware and make it a valuable learning
experience. And the same, a bad instructor can take good courseware
and make it a terrible learning experience. 


 
Timothy Singletary
CISSP,CISM,CEI,CEH,Security+,CTT+,MCP
Tim () active-defense com

- -----Original Message-----
From: Torig [mailto:torig () gov-fbi net] 
Sent: Wednesday, June 22, 2005 1:56 PM
To: glemmon () onealwebster com
Cc: pen-test () securityfocus com
Subject: RE: CEH training

Hello Gregory,

I went through the CEH self-study guide (v3) a few months back and
noticed the same short-comings as were mentioned before on the list.
However, in all fairness, the exam had _little_ to do with the actual
courseware.
This might sound negative, but actually in this case turned out to be
a very nice surprise. Where I found the study guide to be lacking
technical depth and methodologies, I was asked to interprete tools
output and more on the exam.
Unfortunately, I cannot be any more specific than this - off or on
list.

Also, keep in mind their course seems to have undergone a major
update (v4 has been released, and they supplement their pen testing
track with E|CSA (Ec-council certified security analyst) for which
the course is mandatory.
And the summum should be the workshop one has to attend before being
able to call himself the LPT (licensed penetration tester).

Unfortunately, I haven't seen the CSA nor the LPT courseware, so
can't comment on it, but it certainly looks likee they are doing a
lot of effort !

As a side-question:
I'm attending the Advanced Ethical Hacking: Expert Penetration
Testing course, given by Jack Koziol (author of the Shellcoders'
Handbook) this summer.
What helped me in choosing InfoSecInstitute is that the course runs
from
8-5 and from 18 - 22.30 you can exercise (through CTF's in the lab),
which gives a very good amount of hands-on experience for a week's
worth of training ;-) Does any one on the list have experience with
this course ? Did you like it?
Were the CTF exercises any good/representative of a real-world
situation ?

Thanks,
Kind regards,

Roger 'Torig' Sels


On Wed, June 22, 2005 8:30 pm, glemmon () onealwebster com said:
>  Thank you all for your comments, suggestions and recommendations. 
> This is my take away from your feedback: The CEH cert needs some 
> improvement, in that it is 1) very Tools oriented 2) more windows
> than  *nix oriented (not necessarily a bad thing considering the
> average  Windows Admin is light years behind the average *nix Admin
> in general  network and sys know how) 3) Good training is very
> dependent on the  Instructor you get (this is probably the issue in
> a lot of cases not  just CEH cert/training).
>
> A lot of you that responded seem to have overlooked a minor detail 
> though
> - I
> need something (training offering) preferably in an online format,
> I  will not be able to travel for another two months project
> completion  deadlines.
>
> I have looked at the SANS@Home course "Hacker Techniques, Exploits
> &  Incident Handling" Instructor - Ed Skoudis and that is what I am
> leaning towards enrolling in. I also looked at ISECOM, Learn
> Security  Online, SensePost and Foundstone. All are impressive in
> their 
> syllabus/course outline and I know from reading some of the books
> from  the Hacking Exposed series as well as other general reading
> that these  institutions and their instructors are held in high
> esteem in the  Infosec World, well with the exception of the Learn
> Security Online  establishment. I could not get enough background
> information from  their website about them.
>
> I really appreciate all the feed back, and you guys please keep up
> the  great work of community building and knowledge sharing. I hope
> to be  making my contribution to this list in a little while as a
> pen-tester  :-)!!!
>
> Gregory
>
>
> -----Original Message-----
> From: Zuromski, Brian [mailto:brzurom () tycho ncsc mil]
> Sent: Wednesday, June 22, 2005 9:08 AM
> To: 'pen-test () securityfocus com'
> Cc: 'Richard Zaluski'
> Subject: RE: CEH training
>
>    I actually attended a CEH workshop.  Although it was only a
> sales  pitch into what the class would be about we actually got to
> keep the class book. It doesn't really teach the theory in
> hacking....although they have a  short section on what is a hacker
> and what keeps someone 'ethical'.   Then they proceed to show you
> how to use 5000 different WINDOZE apps  that constitute hacking
> into networks and systems 'ethically' of 
> course.  I just thought it was more for windows people who are
> curious  and want to know how to enumerate targets. (IMHO it is
> just 
> information you could get elsewhere) I thought it was too dependant
> on  tools, and not strong on actually how to collect information
> manually.  If they would introduce linux into the class then I
> would absolutely  get the CEH cert as everyone knows most windows
> tools are based off of  $nix tools that have been around and you
> have to know what your doing  when you use the $nix tools forcing
> more theory and know how into the  class that could help people
> understand across the board.....
>     I will say this, the instructor who did this (Don), was
> extremely  knowledgeable and knows the unix/windoze/network side of
> things, so if  you get a good instructor it might pay off on the
> way the apps are  working to collect information and enumerate
> targets....and that is  what you need to be a pen-tester!
>
>
>
> -----Original Message-----
> From: Richard Zaluski [mailto:rzaluski () ivolution ca]
> Sent: Saturday, June 18, 2005 7:33 PM
> To: glemmon () onealwebster com; pen-test () securityfocus com
> Subject: RE: CEH training
>
>
> The issue we find with these courses is that they tend to be 
> encyclopedic in nature.  They teach you how to 'hack a box' rather 
> then provide you with the skills a professional security tester
> needs. 
>
> iVOLUTION currently has two Penetration Courses that we teach at
> IBM,  its security staff and worldwide partners. Our classes are
> based upon  the skills you need to become an efficient and
> resourceful security  professional
>
> There are a few good courses out there that deal with Penetration 
> Testing, not just ours. I would look for classes that deal 
> specifically with Pen Testing rather than 'hacking'
>
> There is much more to being a pen tester than hacking. It's knowing
>  the tools, techniques, methodologies and resources as well as 
> understanding how to research exploits and properly assess networks
>  and target systems. This is in conjunction with understanding the 
> legalisms associated with testing that varies greatly in different 
> countries, states, provinces and regions.
>
> As for online courses of this nature, I have not seen one as yet
> but I  do understand time is an issue in your case.
>
> Regards,
>
> Richard Zaluski
> CISO, Security and Infrastructure Services iVOLUTION  Technologies 
> Incorporated
> 905.309.1911
> 866.601.4678
> www.ivolution.ca
> rzaluski () ivolution ca
>
>
> Key fingerprint = DB39 7FC3 1F5D AD94 85DD  78B0 774D 5DE5 B011
> BD8C 
> ====================================================================
> == CONFIDENTIALITY
> NOTICE: This email message, including any attachments, is for the
> sole  use of the intended recipient(s) and may contain confidential
> and  privileged information. If you are not the intended recipient,
> please  contact the sender. Any unauthorized review, use,
> disclosure, or 
> distribution is prohibited.
> ====================================================================
> =- ----Original
> Message-----
> From: glemmon () onealwebster com [mailto:glemmon () onealwebster com]
> Sent: Tuesday, June 21, 2005 2:35 PM
> To: pen-test () securityfocus com
> Subject: CEH training
>
> Hi all,
>
> I am looking at getting some training to start my official journey 
> down the path as a Security Penetration Tester - and was wondering 
> about the views on taking the Intense School's CEH boot Camp. Has 
> anyone on/from the list attended their course and have and 
> feedback/recommendations? My background is predominantly Windows,
> but  I am fairly functional with Linux.
> I am more interested in online courses right now though only
> because I  am currently involved in some projects that require me
> to be available  for my office = over the next couple of months.
> Any constructive 
> feedback is more than = welcome.
> Thanks
>
>
> Gregory Lemmon, MCP, Security+
> I.T. Manager


- --
When did I first realize I was God ?
Well, I was praying. And suddenly, I realized I was talking to
myself.




-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQrq98Kzt/Qm0dOI3EQL1EACcCyQ3tLC45hnF1pzf/spvN3XElZIAoIPu
TqEHwWrVtSab5BstBCTugmQG
=jt8K
-----END PGP SIGNATURE-----