Notes from VeriSign Applied Hacking Class

["mad hack" <madhack () antionline org>]

Hi, all -

Just finished a 5-day Applied Hakcing class with VeriSign. Here is my two cents.  I have to say that this is only my 
exprience and comments.

The instructor: 
My instructor is a very talenetd young man and was familiar with the hacking underground community. He is also a very 
good communicator, not the hacker/geek type you would think.

The Lab:
The lab is composed of laptops equipped with wireless LAN card. One wireless access point and one router are used to 
complete the user network.  Two target servers are available for hacking. Some other servers are used by the 
instructor. The challenge is to get ROOT and Admin on these two boxes before the end of the week. 

The material:
The course breaks down to different hacking domains and inlcudes illustration of exploits and tools used. Lab practice 
provides hands-on exercise to replicate the hacks. Well organized.

Many people think VeriSign course is less technical or weaker compared to the others.  I only had the chance to browse 
through E&Y course hand-out. Seems E&Y material is more organized and formal.  E&Y hand-outs also provides a lot more 
technical details of how comamnds, tools are executed and what to expect for the output. The veriSign course is more 
higher level - the instrtuctor mentioned to me that he is more concerned for the students to have an idea of how hacks 
occur and how countermeasures are developped. 


One more thing of my observation: 

What you would get from the class depends on not only materials offerred but also you classmates. My classmates 
inlcudes two NT admin, One Unix admin, One Network admin, two managers, one IS auditor, and one security auditor. In 
this case, most people are new to security prospect of the networks and are more interested in high level knowledge - 
how hackers work, how networks are compromised, and how to prevent the hacks - educational approach. The instructor 
opted to satisfied this kind of need.  

On the other hand, my discussion with instructor over the breaks are more into technical details and hacking 
approaches. I was impressed and learned a lot. Basically I was hacking away while others were listening to teh 
high-level stuff. Class breaks gave me chances to re-cap with the instructor and discuss the hacks I tried.

I wish I had being in a more technical group for this class - The instructor mentioned some of his classes got into 
"hacking wars' among the students and the instructor - the high-level preaching was not necesary since most of them are 
security consultants. In that case, the instructor opted to dig deeper into technical details.

Hope this helps for those seeking hacking class info.

By the way - the instructor in my class will be in London later this month to teach Applied Hacking class.

 
> From: "Talisker" <Talisker () networkintrusion co uk>
> To: "stanley chen" <madhack () antionline org>
> SUBJECTDate: Tue, 12 Jun 2001 18:36:28 +0100
>
> Stanley
>
> Thanks a lot for the reply, I eagerly await your verdict
>
> Take Care
> Andy
> http://www.networkintrusion.co.uk
> Talisker's Network Security Tools List
>
> Security Tools Notification
> http://groups.yahoo.com/group/security-tools/join
> ----- Original Message -----
> From: "stanley chen" <madhack () antionline org>
> To: <PEN-TEST () securityfocus com>
> Cc: <Talisker () networkintrusion co uk>
> Sent: Tuesday, June 12, 2001 3:46 AM
> Subject: Ethical Hacking Class
>
>
> > There are four vendors for this type of courses:
> >
> > Extreme Hacking from E&Y
> > Ultimate Hacking from Found Stones
> > Ethical Hacking from ISS
> > Applied Hacking from VeriSign
> >
> > Our company brought the E&Y course in house this spring. Very good.
> >
> > Today actually is my first day at the VeriSign class - lab starts
> tomorrow.  Will keep you posted.
> > ------------------------------------------------------------
> > Email account furnished courtesy of AntiOnline - http://www.AntiOnline.com
> > AntiOnline - The Internet's Information Security Super Center!


------------------------------------------------------------
Email account furnished courtesy of AntiOnline - http://www.AntiOnline.com
AntiOnline - The Internet's Information Security Super Center!