Re: CEH training

[Gareth Davies <gareth.davies () mynetsec com>]

Tony Mesenbrink wrote:

> I have heard that the Mile2 course on penetration testing, which is an 
> updated course from the CEH course they teach, is really good. My two 
> cents....
I would agree.

I have taken CEH and have also taught it for Mile2.

They have now stopped offering CEH on the whole, as there are better 
courses coming out

http://www.mile2.com/certified_ethical_hacker_training_v3.html

I personally don't think much of CEH, from what I experienced, the 
slides were pretty good, but out of date, rather 'script kiddy' in 
nature, focusing on tools and not the underlying knowledge required to 
understand the techniques.

They provided no lab-setup or excercises of any type, I basically had to 
make my own labs.

The manual was mostly print-outs of tools readme.txt's. I preferred to 
use Hacking Exposed as the text in the classes, refer to the slides for 
some parts and just ad-hoc the rest and add stuff from HE series.

I think the newer versions have changed, but I don't believe even the 
core idea of it is to make you into a pen-tester, or even give you an 
idea what to do.

The original version of CPTP was very much based on CEH, being one of 
the first instructors, I didn't like, it was very tools oriented and far 
too similar to CEH

http://www.mile2.com/Certified_Penetration_Testing_Professional_CPTP.html

I enforced redevelopment so it looks more at techniques, methodologies 
and a lot more into the whole pen-testing process from information 
gathering and passive fingerprinting, to active info gathering, 
enumeration then sections for Linux, Networks, Windows, Linux, Wireless, 
Databases, Web Applications and so on...

Having taught the first version of CPTP and instigated the redevelopment 
I am much happier with it now, as we are trying to cram a lot into 5 
days still, it's a bit rough in some places, but it will smooth out 
after time. I have taught a similar thing over 5 weeks, and it still 
didn't seem enough.

We are going to start running some mock courses of the latest version in 
the US soon and hope to have it rolled out fully within the next 
quarter. The new version of CPTP outline should be out soon.

http://www.mile2.com/Certified_Penetration_Testing_Professional_CPTP.html

Please note this is the old curriculum, the new one is more like CPTS

http://www.mile2.com/Certified_Pen_Testing_Specialist_CPTS_V3_0.html

Anyway I shall continue pushing it into something I think is decent, as 
there are courses like Security+ which give you the basics and stuff 
like CEH which gives you an insight into 'hacking'.

There isn't much that gives you a good mix of both, and from A-B-C-D how 
to conduct a professional penetration test.

As a few people have mentioned however, these courses are at the deep 
end of the technical scale and your experience will vary hugely 
depending on the instructor you get, if they are a real pen-tester and 
are experience, whichever courseware they deliver, you'll get something 
out of it.

Just my 2 (probably biased) cents.

--
Gareth Davies

Manager - Security Practice

Network Security Solutions MSC Sdn. Bhd.
Suite E-07-21, Block E, Plaza Mont' Kiara, No. 2 Jalan Kiara,
Mont’ Kiara, 50480
Kuala Lumpur, Malaysia 
Phone: +603-6203 5303

www.mynetsec.com