Penetration Testing mailing list archives
Re: CEH Books
From: "Peter Manis" <manis () digital39 com>
Date: Mon, 27 Aug 2007 13:19:22 -0400
I agree as well, which is one reason I picked the OSCP before the CEH. To pass the OSCP I need to actually perform an attack on a machine. Of course this is not equal to real world experience, but as a start towards moving to security I felt HR may look at my resume and have interest in hiring me as an entry level tester because I have proven I can apply the knowledge I have learned vs just memorizing nmap switches and port numbers (not that the exam doesn't cover more). When I watched a few videos of CEH and read through the material on the exam it seemed the CEH was more like the first few classes at med school (from what I've heard), you have to memorize a bunch of names, functions, and instruments, but it isn't until later that you get to break out the tools and apply that knowledge. - Pete On 8/27/07, Michelle Duff <mduff () tampabay rr com> wrote:
Excellent point, Jay. I agree whole-heartedly -- having gotten a number of certs in my career: CISSP, CCNP, MCSE and not enough hands-on led to my being viewed w/ general contempt by those who knew their stuff & didn't necessarily have the certs - I was a 'poser' - it stinks to be viewed that way. You must have the hands-on -- read, study, test -- all good. But you must do this stuff - touch it, do it, think it or you'll get the same treatment I did. -----Original Message----- From: Jay [mailto:jay.tomas () infosecguru com] Sent: Monday, August 27, 2007 11:12 AM To: mduff () tampabay rr com; manis () digital39 com; pen-test () securityfocus com Subject: RE: CEH Books <rant> If you could learn to hack/assess from reading a book everyone would do it. Does a carpenter go get a book to learn to swing a hammer.?No he goes out and does it and probably smashes a few knuckles in the process.The most important part of hacking/assessing is opening your mind see where it leads. There is a million ways to check for XSS, CSRF etc. You have to be determined and flexlible. Try things even though it shouldn't work. e.g I was looking for XSS in a input field. Tried all the normal stale "><script>alert('XSS')</script> type syntax. - nadda. Only after I padded it with 20 null characters (%00) on each side it did pop. Reading should give you 'ideas' after that its up to you. CEH is a baseline like most certs. It says I sat through a week of training and then I took a multiple choice test. May mean I know my stuff and want to documnt it to an extent. Or I May be good at tests and dont know sh@t about security.</rant> Jay ----- Original Message ----- From: Michelle Duff [mailto:mduff () tampabay rr com] To: manis () digital39 com,pen-test () securityfocus com Sent: Fri, 24 Aug 2007 01:01:23 -0400 Subject: RE: CEH Books Peter - Sorry, I haven't read those books...when I can't find anyone who's read a study book, I'll check out the reviews on Amazon.com - granted, the reviewers may not always have a clue, but the more the book is reviewed I can get an idea if it's what I need & if it's any good... I've had good results w/ this method. Amazon readers gave Michael Graves' Exam Prep book a good review: http://www.amazon.com/Certified-Ethical-Hacker-Exam-Publishing/dp/0789735318 /ref=sr_1_1/102-9254239-5172111?ie=UTF8&s=books&qid=1187930981&sr=1-1 Amazon readers also gave Kimberly Graves' Review Guide good marks: http://www.amazon.com/CEH-Official-Certified-Ethical-Hacker/dp/0782144373/re f=sr_1_1/102-9254239-5172111?ie=UTF8&s=books&qid=1187931127&sr=1-1 Hopefully, someone here has read the books and can comment on them. Good luck! Michelle -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Peter Manis Sent: Thursday, August 23, 2007 6:09 PM To: pen-test () securityfocus com Subject: CEH Books I found two CEH books on Alibris and I was wondering if anyone had experience with either. Certified Ethical Hacker: Exam 312-50 by Michael Gregg CEH: Official Certified Ethical Hacker Review Guide by Kimbery Graves Thanks, - Pete ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- CEH Books Peter Manis (Aug 23)
- Re: CEH Books guiness . stout (Aug 24)
- Re: CEH Books Peter Manis (Aug 24)
- Re: CEH Books UnODir (Aug 24)
- RE: CEH Books John Babio (Aug 24)
- Re: CEH Books Peter Manis (Aug 24)
- RE: CEH Books John Babio (Aug 24)
- RE: CEH Books Michelle Duff (Aug 24)
- <Possible follow-ups>
- RE: CEH Books Jay (Aug 28)
- RE: CEH Books Michelle Duff (Aug 28)
- Re: CEH Books Peter Manis (Aug 28)
- Re: CEH Books Michelle Duff (Aug 28)
- Re: CEH Books Peter Manis (Aug 28)
- Message not available
- Fwd: CEH Books xelerated (Aug 28)
- Message not available
- Re: CEH Books Peter Manis (Aug 29)
- RE: CEH Books Michelle Duff (Aug 28)
- Re: CEH Books guiness . stout (Aug 24)