Penetration Testing mailing list archives
SUMMARY: Re: Ethical Hacking Training
From: "Andy Cuff [Talisker]" <lists () securitywizardry com>
Date: Sun, 18 Jan 2004 19:46:00 -0000
Hi folks, Wow I was blown away by the response, thank you. I don't know how I got to be updating the ethical hacking course page as I was meant to be doing vulnerability scanners this week and network taps. I'll detail the now 35 courses below, but first want to reply to some of the latter comments regarding the need for such training. I'll return to vulnerability scanners next month as I don't want to flood this list with calls for help for a while and risk annoying you, the members, or the lovely moderator ;o) Ethics of Ethical Hacking Training Firstly, I don't own the term, I also don't particularly like the term, just as I don't like calling my Dyson vacuum cleaner a Hoover, but, hey, I still do. I know of one employer that won't even consider a resume if it has the term ethical hacking within it!! I suspect the term is here to stay. One provider moved away from the term on all their literature, but still referred to it verbally as the Ethical Hacking course because they were losing custom and, as long as the term creates revenue, it won't go anywhere, that isn't to say the term won't lose vogue in the future. (network node IDS anyone?) Usefulness of Ethical Hacking Training This is highly debatable and, I suspect, largely falls to the quality of the course material and the instructor, the latter being the most important (imho). I feel that being self taught through research and practise is a superior method, as you retain the knowledge so much more. However, this can take a great deal of time and effort, and finding an online mentor isn't that easy. Also, having attended a bonafide course a potential employer and customer has some certificate as a starting point to gauge knowledge, though this is also debatable. The hands on course provides you with a set time, achievable goals and an experienced instructor answering your every query. Scope of a Course Identify what you require from the course. I agree with Don Parker, Ethical hacking training isn't going to turn you into a leet haxor, but it will introduce the student to the default lifecycle of a hack and wake them up to some of the tools and skills used. You can't always employ experienced security professionals that are passionate enough to devote their "off time" to improving their skillz. Your employee may be on the periphery of security and may not need to use "ethical hacking" skills day to day, BUT it may be advantageous to understand how to - management for example. I know of a guy that came into IDS administration from a sys admin background and, whilst he made a great IDS manager, attending an ethical hacking course allowed him to hit the ground running in his new role. I attended one last year and thoroughly enjoyed it. Let me explain why I attended; I seem to spend my working life pushing paperwork round a desk and talking about security and IDS, as soon as I finish work I spend about 4 hours on mailing lists and my website, leaving very little time to play with the latest sploit, instead, what little free time I get, I spend with security products. I know of the latest sploit and it's scope, but I don't get to play enough. Attending the course allowed me to catch up in 4 days on many months playing, ok, the first day or so was boring, but I could use that time to explore and learn other stuff. Most important for me is the instructor and understanding how they do things, picking up little tricks and shortcuts and asking them questions. This is what they do for a living (lucky b****rds) (hopefully), as mentioned in some of the replies, check them out fully, the last thing you need is a parrot regurgitating gumpf and being unable to add his/her own experience to the show and answer questions from the students. Courses Available: Apologies for losing Sensepost, though now I can't find any Ernst and Young offerings Salient details of each course at http://www.securitywizardry.com/hacking.htm 7Safe Limited Hacking Insight: Hands-On Hacking Insight 2: Hands-On Hacking Insight For Managers Internet Security Systems, Inc Ethical Hacking / Network Intrusion & Penetration Techniques LEVER Technology Group plc Security Vulnerabilities Assessment: Understanding the Threats MIS Training Institute The Good Guy's Guide to Hacking Networks - ISV Mile2 Certified Ethical Hacker Training (CEH) Advanced Hacking Techniques Covert Hacking ISECOM OSSTMM Professional Security Tester Network Security Corp Advanced Network Attacks & Countermeasures NTG Clarity Networks Inc Advanced Penetration Testing Course Matta Security Limited Applied Hacking & Technical Countermeasures Level 1 Applied Hacking & Countermeasures Level 2 SensePost Applied Hacking Techniques Hacking By Numbers Intense School Certified Ethical Hacker - Professional Hacking Boot Camp @stake Cyber Attacks and Countermeasures ReDvolutiontm Technologies, LLC. Ethical Hacking and Penetration Testing InfoSec Institute Ethical Hacking: Security Testing for Professionals Advanced Ethical Hacking: Expert Penetration Testing BruteForce Security, Inc - US Extreme Hacking Urheberrecht GeNUA mbH GeNULab Ascure N.V Hacking Inside Out Vigilar, Inc Hacking and Assessment Boot Camp Sans Hacker Techniques, Exploits and Incident Handling - Track 4 Learning Tree International Network Vulnerability: Assessment & Defense Core Security Technologies Penetration Test Basic Penetration Test Advanced QinetiQ Security Health Check See Security Technologies Ltd - Israel Hacking Defined Course New Dimensions International The Hacker Phenomenon: Tools and Techniques Canaudit, Inc Ultimate Network Penetration Course Foundstone Ultimate Hacking Ultimate Hacking - Expert Net-Security Training Penetration Testing I hope the above list will be of use to those of you looking for such training, judging by the response and the shear quantity of providers there are many out there looking. Thanks again to all who responded, I was thinking of detailing all the Wireless Security Courses after Network Taps - thoughts?? -andy Talisker Security Tools Directory http://www.securitywizardry.com ----- Original Message ----- From: "Andy Cuff [Talisker]" <lists () securitywizardry com> To: <pen-test () securityfocus com> Sent: Thursday, January 15, 2004 8:15 PM Subject: Ethical Hacking Training
Hi all, I've just been adding a few more ethical hacking training providers to the site at http://www.securitywizardry.com/hacking.htm the site now has details on 23 such courses and their numbers are increasing all the time. I'm looking for articles or advice, not on ethical hacking but what a potential student should look for in such a course and pitfalls to avoid. Apart from "don't bother, buy a book" ;o) I've recently added some new offerings from 7Safe, Net-Security Training
who
used to provide Verisign courses and Lever. The Sensepost site from South Africa seems to be down does anyone know
what
has become of them and whether this is a temporary glitch or if yet
another
provider has gone down the pan? The best I've heard of yet, was the suggestion to hold the course during a Caribbean cruise!! The courses are heavy enough without hangovers and sea sickness to worry about, also imagine justifying it to the boss!! I
didn't
post that one on the site. Any details on other courses that I'm missing are always welcome,
especially
outside the UK or USA which seem to be the most prolific at the moment. take care -andy Talisker Security Tools Directory http://www.securitywizardry.com --------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Ethical Hacking Training Andy Cuff [Talisker] (Jan 15)
- RE: Ethical Hacking Training Rob Shein (Jan 16)
- Re: Ethical Hacking Training Andy Cuff [Talisker] (Jan 16)
- RE: Ethical Hacking Training rob (Jan 18)
- Re: Ethical Hacking Training Jeremiah Cornelius (Jan 18)
- Re: Ethical Hacking Training Andy Cuff [Talisker] (Jan 16)
- SUMMARY: Re: Ethical Hacking Training Andy Cuff [Talisker] (Jan 19)
- <Possible follow-ups>
- RE: Ethical Hacking Training charl van der walt (Jan 16)
- RE: Ethical Hacking Training Teicher, Mark (Mark) (Jan 18)
- Re: Ethical Hacking Training Jimi Thompson (Jan 19)
- Re: Ethical Hacking Training Steve Kemp (Jan 19)
- Re: Ethical Hacking Training Tim Gurney (Jan 20)
- RE: Ethical Hacking Training Rob Shein (Jan 20)
- Re: Ethical Hacking Training Jimi Thompson (Jan 19)
- RE: Ethical Hacking Training Rob Shein (Jan 16)
- RE: Ethical Hacking Training Pete Herzog (Jan 19)
- Re: Ethical Hacking Training Mike Hoskins (Jan 20)