Penetration Testing mailing list archives

Re: CEH program and Sybex Study Guide

From: "Bandar Alharbi" <bandar.malharbi () gmail com>
Date: Wed, 28 Sep 2011 03:37:35 +0000

Hello Alberto,

I think what Mr.Clement has said is golden! 

I just want to add something to the discussion: please have a look at the backtrack certification path. It has been 
gaining more reputation over the last year; and it is what you are really looking for. 

http://www.backtrack-linux.org/information-security-training/offensive-security/


Best luck!

Bandar
-----Original Message-----
From: Clement Dupuis <clement.dupuis () gmail com>
Sender: listbounce () securityfocus com
Date: Mon, 26 Sep 2011 10:16:25 
To: <drmarkabaiter () gmail com>
Cc: <pen-test () securityfocus com>
Subject: Re: CEH program and Sybex Study Guide

Good day Alberto,

Your Security+ class was probably the best start you could have done.
 However, it seems that you waiting a bit long to continue your
learning quest.   But it is better late than never.  You must have a
passion to get into security testing, you must have the desire to
learn on a day to day basis.  It is NOT an 8 to 4 job.

To become a good tester you must have knowledge of at least Operating
Systems of different types,   good grasp on networking and bit level
knowledge of ICMP, UDP, and TCP as a starter.   If you wish to get
into Database testing then you must learn a whole lot about DB and how
they work.   Some coding experience would help as well.

Security testing is very large as a profession, you might want to
identify your niche at one point.    This is where the CEH will give
you a teaser of different aspect of Security Testing and maybe point
you in a direction that you like.

The book you mention below is obsolete and was built for the CEH
Version 6.   The next thing you might want to look at when you buy a
book is WHO wrote it,  are they well known penetration testers,  how
much practical experience does the author and technical editors have
in security testing,  do they perform tests for a living?    In the
case of the Sybex book I think a lot of practical experience doing
tests was missing from the people who worked on this book.     It will
not help you much with today's exam and version 7 of the CEH.   The
book has a minimalistic approach and not an holistic approach that's
for sure.

Take care

Clement











On Sat, Sep 24, 2011 at 15:01, Alberto Medina <amedinaj () gmail com> wrote:


Hi all,
I know maybe in this list you have talk a lot about CEH program, but I want to know what do you really think about 
this program (CEH)? Is this really useful to start in information security? And what do you think about the Sybex 
Study Guide, by "Kimberly Grave"?
I do this question because a couple of years ago I took the CompTIA Security+ exam and passed it, but I wanna to 
continue the preparation in the field of information security and Ethical hacking, and someone recommended me the 
"Certified Ethical Hacker" certification as a good way to continue the path, so a bought the Sybex Study Guide for 
the exam, but I don't see a lot of difference between the content of Security+ program and this one, I thought I'd 
find the CEH deeper in the subject than Security+ program.
In fact, I found this Sybex guide is not very actual, there's not any mention to Windows 7 or even Vista, the tools 
mentioned are kind of old, in the "cracking password" section they don't talk about rainbow tables, only a littler 
mention; in the "backdoor" sections she (the author) recommend adding an additional hard disk to the computer and 
boot from there for protection using the backdoor she mention, or buy a Windows netbook, but it's not better using a 
VM in for testing?
Anyway, I just want to know what you think about this program? If not, what do you recommend for continue the path to 
Ethical Hacking and Information Security.

Thank you and best regards,
Alberto Medina

(Excuse my English :) )


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

CEH program and Sybex Study Guide Alberto Medina (Sep 25)
- Re: CEH program and Sybex Study Guide Clement Dupuis (Sep 27)
  - Re: CEH program and Sybex Study Guide Bandar Alharbi (Sep 27)
- Re: CEH program and Sybex Study Guide Michael Richard (Sep 29)
  - RES: CEH program and Sybex Study Guide Fabio Nascimento de Mello (Sep 30)
  - Re: CEH program and Sybex Study Guide Robert Musser (Sep 30)