Re: Pen test courses

[oherrera <oherrera () prodigy net mx>]

There are a lot of good (or acceptable) penetration testing
training courses around and I'm sure that by the time this
mail reaches the server others will have allready commented
something about them.

Still I would recommend that you build your own training lab
(If you could spend a hub and a few old machines with
different O.S. that might suffice, for a start...).

In most (if not all) training courses that I'm aware of, you
end up with machines and software that rea ready to go...
all has been tested before and if something fails it is
usually because the teachers didn't do their job very well,
but you won't learn how to deal with tunning code yourself
there.

Most of the time exploits that you intend to run after just
downloading them from the Internet won't compile or won't
work the first time, and there is a lot to learn by reading
and fixing the code yourself (I've seen both mastepieces of
code and really horrible programming abortions).

Also, I believe this is the way to go if you start writing
your own tools and exploits to grow your pentest kit.

My .2 cents...

Omar Herrera

> Hi,
> could you recommend me some valuable PenTest training ?
> I know already how to use nmap, ping/traceroute, nessus,
> hping, nemesis, tcpdump/ethereal, ettercap, I know how to
> do passive fingerprint of OS, use various honeypots etc.
> etc.  However, there is always something new to learn, I'm
> sure. I did some research of available training courses on
> the Internet and I'm not sure which could be valuable to
> me, as I do not need to spend time learning 'nmap -vv -sS
> -P0 x.x.x.x'. Besides programming skills and researching
> new vurneabilities (and keep running on learing track), is
> there any good training out there ? Thanks a lot
>
> Petr Ruzicka
>
> ----------------------------------------------------------
> ----------------- *** Wireless LAN Policies for Security &
> Management - NEW White Paper *** Just like wired networks,
> wireless LANs require network security policies  that are
> enforced to protect WLANs from known vulnerabilities and
> threats.  Learn to design, implement and enforce WLAN
> security policies to lockdown enterprise WLANs.
> To get your FREE white paper visit us at:
> http://www.securityfocus.com/AirDefense-pen-test
> ----------------------------------------------------------
> ------------------

---------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-pen-test
----------------------------------------------------------------------------