Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: GCIA, GSEC, GCIH, CISSP, CEH ???

From: cwright () bdosyd com au
Date: 20 Dec 2007 22:35:17 -0000
Hi,
The SANS GCIH has much of this. However, if you want a pure Pen Test = course (with all the negatives as well as the 
positives) then SANS have = SEC 560.

If you go to:
http://www.sans.org/tysonscorner08/description.php?tid=3D1717

You will get a description. Ed is finishing up the course material now, = so the course description will flesh out more 
as time passes and before = this starts in the new year. So there is a focused SANS Course.

To take a quote:
"Successful penetration testers don't just throw a bunch of hacks = against an organization and regurgitate the output 
of their tools. = Instead, they need to understand how these tools work in-depth, and = conduct their test in a 
careful, professional manner. This course = explains the inner workings of numerous tools and their use in effective = 
penetration testing. When teaching the class, I particularly enjoy the = numerous hands-on exercises culminated with a 
final pen-testing = extravaganza lab". -Ed Skoudis

There are also specialised Advanced database and web testing courses.

Regards,
Dr Craig Wright (GSE-Compliance)




Craig Wright
Manager of Information Systems

Direct : +61 2 9286 5497
Craig.Wright () bdo com au
+61 417 683 914


-----Original Message-----

From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] = On Behalf Of Walter Cuestas
Sent: Thursday, 20 December 2007 4:21 PM
To: pen-test () securityfocus com
Subject: Re: GCIA, GSEC, GCIH, CISSP, CEH ???

Just to say that every comment about CEH seems to be based on versiones previous to 5 (some comments seems based on 
books from EC Council and 2 others that are so far from current EC Council material).
Today, CEH is the start point and next steps for people who wants to demonstrate their knowledge and expertise, 
thtrough certifications, are ECSA and finally get LPT (if you need this one).

Since the first mail of this thread, I have reviewed every syllabus, exam topics, exam and labs demos, training videos 
and so on.

IMHO, there are just three sources for pen test related certifications
: EC Council, ISECOM and Mile2 (based on CEH).

SANS has a lot of certifications that are good complement for CEH, OPST, OPSA, CPTS and CPTE, but, I can't find an 
specific pen test certification from SANS.

Also, as all of you know, there is no certification neither a set of exams that really demonstrate the actual knowledge 
of people.
These certifications are just a complement for a professional career.

BTW, I have reviewed some of the recommended training based on videos and they seem to be just BackTrack courses.




Regards,


On Dec 19, 2007 11:49 AM, mgk.mailing < mgk.mailing () googlemail com> =

wrote:



wow,

Have been playing with back track for a while but i didnt realise =

they

did certificated courses as well.  Thanks for the info

mgk

Danux wrote:

If you really wanna start understanding how to PenTest you should 
forget CEH its for script kiddies, you MUST try - From BackTrack 
Creators!!! Offensive-Security Courses.

CEH teach you how to use tools but Offensive Security 101 course =

teach

you how to think like a hacker developing your own scripts or 
exploits, and isc2 gives 40 CPE's for that course. Is excellent, =

and

the certification is called OCSP - Offensive Security Certified 
Professional (you can get it after passing a 24 hour real hacking 
test).

Check it out:
http://www.offensive-security.com/offsec101.php

Cheers!!!!!


On Dec 17, 2007 12:44 PM,  <infolookup () gmail com> wrote:


Good day all,

I know this is not really a tech-pentest question however I =

wanted to get some feed back as to what certs/skill set one need to = acquire in order to break into the 
pentest/information = assurance/computer forensics job market.


I am a about to graduate with my BA in computer system next =

semester, and I am tring to get into a security related field, I did = very little vul-testing/pentesting for friends, 
or on a few work servers = and wifi network.


And that was very interesting, but with so many certs and paths =

out there I wanted to know which ones you guys took so I can get an = idea.


Thanks in advance.



Sent via BlackBerry from T-Mobile


=

------------------------------------------------------------------------





This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
=

------------------------------------------------------------------------












=

------------------------------------------------------------------------

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
=

------------------------------------------------------------------------







--
Walter Cuestas





--
Walter Cuestas Agramonte, CEH
Gerente General
Phone :  511-97926168

ASEGURAR, SIMPLIFICAR, ACELERAR
http://www.open-sec.com
http://www.voip-sec.com

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
--------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: