Penetration Testing mailing list archives
Re: CEH training
From: Gareth Davies <gareth.davies () mynetsec com>
Date: Thu, 23 Jun 2005 12:57:01 +0800
Tony Mesenbrink wrote:
I have heard that the Mile2 course on penetration testing, which is an updated course from the CEH course they teach, is really good. My two cents....
I would agree. I have taken CEH and have also taught it for Mile2.They have now stopped offering CEH on the whole, as there are better courses coming out
http://www.mile2.com/certified_ethical_hacker_training_v3.htmlI personally don't think much of CEH, from what I experienced, the slides were pretty good, but out of date, rather 'script kiddy' in nature, focusing on tools and not the underlying knowledge required to understand the techniques.
They provided no lab-setup or excercises of any type, I basically had to make my own labs.
The manual was mostly print-outs of tools readme.txt's. I preferred to use Hacking Exposed as the text in the classes, refer to the slides for some parts and just ad-hoc the rest and add stuff from HE series.
I think the newer versions have changed, but I don't believe even the core idea of it is to make you into a pen-tester, or even give you an idea what to do.
The original version of CPTP was very much based on CEH, being one of the first instructors, I didn't like, it was very tools oriented and far too similar to CEH
http://www.mile2.com/Certified_Penetration_Testing_Professional_CPTP.htmlI enforced redevelopment so it looks more at techniques, methodologies and a lot more into the whole pen-testing process from information gathering and passive fingerprinting, to active info gathering, enumeration then sections for Linux, Networks, Windows, Linux, Wireless, Databases, Web Applications and so on...
Having taught the first version of CPTP and instigated the redevelopment I am much happier with it now, as we are trying to cram a lot into 5 days still, it's a bit rough in some places, but it will smooth out after time. I have taught a similar thing over 5 weeks, and it still didn't seem enough.
We are going to start running some mock courses of the latest version in the US soon and hope to have it rolled out fully within the next quarter. The new version of CPTP outline should be out soon.
http://www.mile2.com/Certified_Penetration_Testing_Professional_CPTP.html Please note this is the old curriculum, the new one is more like CPTS http://www.mile2.com/Certified_Pen_Testing_Specialist_CPTS_V3_0.htmlAnyway I shall continue pushing it into something I think is decent, as there are courses like Security+ which give you the basics and stuff like CEH which gives you an insight into 'hacking'.
There isn't much that gives you a good mix of both, and from A-B-C-D how to conduct a professional penetration test.
As a few people have mentioned however, these courses are at the deep end of the technical scale and your experience will vary hugely depending on the instructor you get, if they are a real pen-tester and are experience, whichever courseware they deliver, you'll get something out of it.
Just my 2 (probably biased) cents. -- Gareth Davies Manager - Security Practice Network Security Solutions MSC Sdn. Bhd. Suite E-07-21, Block E, Plaza Mont' Kiara, No. 2 Jalan Kiara, Mont’ Kiara, 50480Kuala Lumpur, Malaysia Phone: +603-6203 5303
www.mynetsec.com
Current thread:
- Re: CEH training, (continued)
- Re: CEH training NativePenSec (Jun 24)
- RE: CEH training Michael Mooney (Jun 21)
- Re: CEH training xyberpix (Jun 23)
- CEH training Lim Kah Wee (Jun 21)
- RE: CEH training Chuck McWhirter (Jun 21)
- Re: CEH training ilaiy (Jun 22)
- RE: CEH training Drage, Nick (Jun 22)
- RE: CEH training Tim Singletary (Jun 22)
- Re: CEH training Michael Hammer (Jun 22)
- RE: CEH training Tony Mesenbrink (Jun 22)
- Re: CEH training Gareth Davies (Jun 23)
- RE: CEH training Tim Singletary (Jun 22)
- RE: CEH training Zuromski, Brian (Jun 22)
- RE: CEH training glemmon (Jun 22)
- RE: CEH training Richard Zaluski (Jun 22)
- Re: CEH training D K (Jun 22)
- Re: CEH training Pete Herzog (Jun 23)
- RE: CEH training Richard Zaluski (Jun 23)
- RE: CEH training Richard Zaluski (Jun 22)
- RE: CEH training Torig (Jun 22)
- RE: CEH training Tim Singletary (Jun 23)
- RE: CEH training glemmon (Jun 24)
- RE: Sample pent test agreement evb (Jun 26)