SUMMARY: Re: Ethical Hacking Training

["Andy Cuff [Talisker]" <lists () securitywizardry com>]

Hi folks,
Wow I was blown away by the response, thank you.  I don't know how I got to
be updating the ethical hacking course page as I was meant to be doing
vulnerability scanners this week and network taps.  I'll detail the now 35
courses below, but
first want to reply to some of the latter comments regarding the need for
such training.  I'll return to vulnerability scanners next month as I don't
want to flood this list with calls for help for a while and risk annoying
you, the members, or the lovely moderator ;o)

Ethics of Ethical Hacking Training
Firstly, I don't own the term, I also don't particularly like the term, just
as I don't like calling my Dyson vacuum cleaner a Hoover, but, hey, I still
do.  I know of one employer that won't even consider a resume if it has the
term ethical hacking within it!!  I suspect the term is here to stay.  One
provider moved away from the term on all their literature, but still
referred to it verbally as the Ethical Hacking course because they were
losing custom and, as long as the term creates revenue, it won't go
anywhere, that isn't to say the term won't lose vogue in the future.
(network node IDS anyone?)

Usefulness of Ethical Hacking Training
This is highly debatable and, I suspect, largely falls to the quality of the
course material and the instructor, the latter being the most important
(imho).  I feel that being self taught through research and practise is a
superior method, as you retain the knowledge so much more.  However, this
can take a great deal of time and effort, and finding an online mentor isn't
that easy. Also, having attended a bonafide course a potential employer and
customer has some certificate as a starting point to gauge knowledge, though
this is also debatable.  The hands on course provides you with a set time,
achievable goals and an experienced instructor answering your every query.

Scope of a Course
Identify what you require from the course.  I agree with Don Parker, Ethical
hacking training isn't
going to turn you into a leet haxor, but it will introduce the student to
the default lifecycle of a hack and wake them up to some of the tools and
skills used.  You can't always employ experienced security professionals
that are passionate enough to devote their "off time" to improving their
skillz.  Your employee may be on the periphery of security and may not need
to use "ethical hacking" skills day to day, BUT it may be advantageous to
understand how to - management for example.

I know of a guy that came into IDS administration from a sys admin
background and, whilst he made a great IDS manager, attending an ethical
hacking course allowed him to hit the ground running in his new role.

I attended one last year and thoroughly enjoyed it.  Let me explain why I
attended; I seem to spend my working life pushing paperwork round a desk and
talking about security and IDS, as soon as I finish work I spend about 4
hours on
mailing lists and my website, leaving very little time to play with the
latest sploit, instead, what little free time I get, I spend with security
products.  I know of the latest sploit and it's scope, but I don't get to
play enough.  Attending the course allowed me to catch up in 4 days on many
months playing, ok, the first day or so was boring, but I could use that
time to explore and learn other stuff.  Most important for me is the
instructor and understanding how they do things, picking up little tricks
and shortcuts and asking them questions.  This is what they do for a living
(lucky b****rds) (hopefully), as mentioned in some of the replies, check
them out fully, the last thing you need is a parrot regurgitating gumpf and
being unable to add his/her own experience to the show and answer questions
from the students.

Courses Available:
Apologies for losing Sensepost, though now I can't find any Ernst and Young
offerings
Salient details of each course at
http://www.securitywizardry.com/hacking.htm

7Safe Limited
 Hacking Insight: Hands-On
 Hacking Insight 2: Hands-On
 Hacking Insight For Managers

Internet Security Systems, Inc
 Ethical Hacking / Network Intrusion & Penetration Techniques

LEVER Technology Group plc
 Security Vulnerabilities Assessment: Understanding the Threats

MIS Training Institute
 The Good Guy's Guide to Hacking Networks - ISV

Mile2
 Certified Ethical Hacker Training (CEH)
 Advanced Hacking Techniques
 Covert Hacking

ISECOM
 OSSTMM Professional Security Tester

Network Security Corp
 Advanced Network Attacks & Countermeasures

NTG Clarity Networks Inc
 Advanced Penetration Testing Course

Matta Security Limited
 Applied Hacking & Technical Countermeasures Level 1
 Applied Hacking & Countermeasures Level 2

SensePost
 Applied Hacking Techniques
 Hacking By Numbers

Intense School
 Certified Ethical Hacker  - Professional Hacking Boot Camp

@stake
 Cyber Attacks and Countermeasures

ReDvolutiontm Technologies, LLC.
 Ethical Hacking and Penetration Testing

InfoSec Institute
 Ethical Hacking: Security Testing for Professionals
 Advanced Ethical Hacking: Expert Penetration Testing

BruteForce Security, Inc - US
 Extreme Hacking

Urheberrecht GeNUA mbH
 GeNULab

Ascure N.V
 Hacking Inside Out

Vigilar, Inc
 Hacking and Assessment Boot Camp

Sans
 Hacker Techniques, Exploits and Incident Handling - Track 4

Learning Tree International
 Network Vulnerability: Assessment & Defense

Core Security Technologies
 Penetration Test Basic
 Penetration Test Advanced

QinetiQ
 Security Health Check

See Security Technologies Ltd - Israel
 Hacking Defined Course

New Dimensions International
 The Hacker Phenomenon: Tools and Techniques

Canaudit, Inc
 Ultimate Network Penetration Course

Foundstone
 Ultimate Hacking
 Ultimate Hacking - Expert

Net-Security Training
 Penetration Testing

I hope the above list will be of use to those of you looking for such
training, judging by the response and the shear quantity of providers there
are many out there looking.

Thanks again to all who responded, I was thinking of detailing all the
Wireless Security Courses after Network Taps - thoughts??

-andy
Talisker Security Tools Directory
http://www.securitywizardry.com
----- Original Message ----- 
From: "Andy Cuff [Talisker]" <lists () securitywizardry com>
To: <pen-test () securityfocus com>
Sent: Thursday, January 15, 2004 8:15 PM
Subject: Ethical Hacking Training


> Hi all,
> I've just been adding a few more ethical hacking training providers to the
> site at  http://www.securitywizardry.com/hacking.htm the site now has
> details on 23 such courses and their numbers are increasing all the time.
>
> I'm looking for articles or advice, not on ethical hacking but what a
> potential student should look for in such a course and pitfalls to avoid.
> Apart from "don't bother, buy a book" ;o)
>
> I've recently added some new offerings from 7Safe, Net-Security Training
who
> used to provide Verisign courses and Lever.
>
> The Sensepost site from South Africa seems to be down does anyone know
what
> has become of them and whether this is a temporary glitch or if yet
another
> provider has gone down the pan?
>
> The best I've heard of yet, was the suggestion to hold the course during a
> Caribbean cruise!! The courses are heavy enough without hangovers and sea
> sickness to worry about, also imagine justifying it to the boss!!  I
didn't
> post that one on the site.
>
> Any details on other courses that I'm missing are always welcome,
especially
> outside the UK or USA which seem to be the most prolific at the moment.
>
> take care
> -andy
> Talisker Security Tools Directory
> http://www.securitywizardry.com
>
>
> --------------------------------------------------------------------------
-
> --------------------------------------------------------------------------
--
>


---------------------------------------------------------------------------
----------------------------------------------------------------------------