Penetration Testing mailing list archives
RE: CEH Books
From: "Michelle Duff" <mduff () tampabay rr com>
Date: Mon, 27 Aug 2007 12:52:49 -0400
Excellent point, Jay. I agree whole-heartedly -- having gotten a number of certs in my career: CISSP, CCNP, MCSE and not enough hands-on led to my being viewed w/ general contempt by those who knew their stuff & didn't necessarily have the certs - I was a 'poser' - it stinks to be viewed that way. You must have the hands-on -- read, study, test -- all good. But you must do this stuff - touch it, do it, think it or you'll get the same treatment I did. -----Original Message----- From: Jay [mailto:jay.tomas () infosecguru com] Sent: Monday, August 27, 2007 11:12 AM To: mduff () tampabay rr com; manis () digital39 com; pen-test () securityfocus com Subject: RE: CEH Books <rant> If you could learn to hack/assess from reading a book everyone would do it. Does a carpenter go get a book to learn to swing a hammer.?No he goes out and does it and probably smashes a few knuckles in the process.The most important part of hacking/assessing is opening your mind see where it leads. There is a million ways to check for XSS, CSRF etc. You have to be determined and flexlible. Try things even though it shouldn't work. e.g I was looking for XSS in a input field. Tried all the normal stale "><script>alert('XSS')</script> type syntax. - nadda. Only after I padded it with 20 null characters (%00) on each side it did pop. Reading should give you 'ideas' after that its up to you. CEH is a baseline like most certs. It says I sat through a week of training and then I took a multiple choice test. May mean I know my stuff and want to documnt it to an extent. Or I May be good at tests and dont know sh@t about security.</rant> Jay ----- Original Message ----- From: Michelle Duff [mailto:mduff () tampabay rr com] To: manis () digital39 com,pen-test () securityfocus com Sent: Fri, 24 Aug 2007 01:01:23 -0400 Subject: RE: CEH Books Peter - Sorry, I haven't read those books...when I can't find anyone who's read a study book, I'll check out the reviews on Amazon.com - granted, the reviewers may not always have a clue, but the more the book is reviewed I can get an idea if it's what I need & if it's any good... I've had good results w/ this method. Amazon readers gave Michael Graves' Exam Prep book a good review: http://www.amazon.com/Certified-Ethical-Hacker-Exam-Publishing/dp/0789735318 /ref=sr_1_1/102-9254239-5172111?ie=UTF8&s=books&qid=1187930981&sr=1-1 Amazon readers also gave Kimberly Graves' Review Guide good marks: http://www.amazon.com/CEH-Official-Certified-Ethical-Hacker/dp/0782144373/re f=sr_1_1/102-9254239-5172111?ie=UTF8&s=books&qid=1187931127&sr=1-1 Hopefully, someone here has read the books and can comment on them. Good luck! Michelle -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Peter Manis Sent: Thursday, August 23, 2007 6:09 PM To: pen-test () securityfocus com Subject: CEH Books I found two CEH books on Alibris and I was wondering if anyone had experience with either. Certified Ethical Hacker: Exam 312-50 by Michael Gregg CEH: Official Certified Ethical Hacker Review Guide by Kimbery Graves Thanks, - Pete ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- CEH Books Peter Manis (Aug 23)
- Re: CEH Books guiness . stout (Aug 24)
- Re: CEH Books Peter Manis (Aug 24)
- Re: CEH Books UnODir (Aug 24)
- RE: CEH Books John Babio (Aug 24)
- Re: CEH Books Peter Manis (Aug 24)
- RE: CEH Books John Babio (Aug 24)
- RE: CEH Books Michelle Duff (Aug 24)
- <Possible follow-ups>
- RE: CEH Books Jay (Aug 28)
- RE: CEH Books Michelle Duff (Aug 28)
- Re: CEH Books Peter Manis (Aug 28)
- Re: CEH Books Michelle Duff (Aug 28)
- Re: CEH Books Peter Manis (Aug 28)
- Message not available
- Fwd: CEH Books xelerated (Aug 28)
- Message not available
- Re: CEH Books Peter Manis (Aug 29)
- RE: CEH Books Michelle Duff (Aug 28)
- Re: CEH Books guiness . stout (Aug 24)