Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: CEH training

From: "Thomas Brennan" <tbrennan () datasafeservices com>
Date: Wed, 29 Jun 2005 14:21:10 -0400
As a Authorized Training Center for EC-Council for the "Ethical Hacker
Class" I wanted to add my two cents to the thread.

1. EC-Council material is "baseline" for competence in the space and a
good course for the infosec professional that seeks knowledge on
methods/methodology etc.   After delivery of the course materials that
will satisfy the Thompson Prometric exam and combined with EXCELLENT
materials of ISECOM - OSSTMM Open Source Security Testing Methodology
Manual (www.isecom.org/osstmm) as well as the OWASP (www.owasp.org)
including the Top 10 and WebHacking Tutorials such as Webgoat and add in
some NIST 800 Series and you could have a very rich and content filled
course that can fill up 10-15hr days for the hardcore. 

2. Speaking to the point of the instructor -- in instructor led training
this will make or break the course. If this guy is a d$ck or does not
explain but reads the book that's a problem.  It is important to have a
well respected, technical trainer that can deliver the course to the
students and also has field time in front of clients and doing
assessments so when the students take the practical exam/Prometric
muli-choice they can say... WOW I learned something.

3. A missed point many times is the class size and students.  If the
individual is seeking hands-on training.... Really seeking training is
always a welcome student.  There is always those that attend a company
paid course with little desire to "learn" show up late, leave early and
in some cases have to be asked to leave due to being a distraction to
the others in the room.

So what I want to get across is all of the above is important in
training. There are some really good firms providing training as well as
some really good books. But as you know just because someone has a
Drivers License (Passes some certification) this alone does not make the
a good driver right... Ask my wife she's horrible ;) or having a M.D.
after your name does not mean patients will not die. Certs raise the bar
- read the book, attend the CON's stay current with the industry as
course materials gets outdated VERY quickly.... 

Methodology does not we're still breaking things using the same old
white board and markers as we have for years...

Finally, if anyone is interested in using the OWASP WebGoat WebHacking
Tutorial LIVE (Thanks to Aspect Security/Jeff William) it is now LIVE on
our public site along with our instructors bio's visit
www.datasafeservices.com for more details.

Semper Fi,

Thomas Brennan, CISSP, C|EH, MCSA, CFSO
Data Safe Services (SDVOSB)
Website: www.datasafeservices.com
Main: 1-888-663-0079


-----Original Message-----
From: glemmon () onealwebster com [mailto:glemmon () onealwebster com] 
Sent: Friday, June 24, 2005 4:29 PM
To: a2zpensec () gmail com; pen-test () securityfocus com
Subject: RE: CEH training

FCH,

It is pretty much up to you as to which training option you decide to
use.

From the feedback I got and I guess like any other learning process much

depends on the instructor you get: their own level of knowledge and
experience, your willingness to learn (and aptitude for the subject
area). I only named Intense School because I saw that they had an online
option, which is one of the very MAJOR factors for me right now. There
are a lot of books out there that will help you along the way and the
OSSTMM document by ISECOM is very well written, I cannot believe I did
not take the time to read it before now. I am not sure if there is an
equivalent course manual for the CEH that you can just purchase and go
through, the course materials used by the organisations that offer the
course seem to be a customised product done by the particular
institution. 

You can check out the various institutions though a lot of them have
their course outline that you can download and go over, just remember as
I have learnt from this very topic a good course outline does not
guarantee a good instructor or learning experience. I guess what I am
saying is you must do some checking on your own, and ultimately make
your own decision it is your money and time that will be invested.


Gregory


-----Original Message-----
From: NativePenSec [mailto:a2zpensec () gmail com]
Sent: Friday, June 24, 2005 11:26 AM
To: pen-test () securityfocus com
Subject: Re: CEH training

Ok...my take is that the official EC Council courseware is NOT the one
to use to study for the CEH exam, RIGHT??  If so, what are the
alternatives.  I do have a home network ( a linux box, xp, 2k and cisco
router) and have been doing inhouse hacking (if you will). I downloaded
the exam objects and have been learning towards these objectives.

So....should I use the official EC Council courseware or do an intense
school route??

Thanks!
-FCH 

 

On 6/23/05, Tim Singletary <Tim () active-defense com> wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ralph/Gregory
    The Infosec Institute is an authorized EC Council training and 
testing center and they DO NOT use the "stock" EC Council courseware.

But to put it simple Greg was asking for opinions and this has turned 
into a mass marketing campaign. Looking back through this thread every



person that teaches the CEH has piped in and said "theirs" was the 
best.

Two things, first Gregory was asking for an honest, unbiased, 
reference to the CEH, second these forums were designed to promote 
learning and cohesion among fellow pen-testers, not a forum for mass 
marketing.



Timothy Singletary
CISSP,CISM,CEI,CEH,Security+,CTT+,MCP
315.601.0953 Cell
Tim () active-defense com

- -----Original Message-----
From: Ralph Echemendia [mailto:ralph.echemendia () gmail com]
Sent: Thursday, June 23, 2005 10:44 AM
To: glemmon () onealwebster com
Cc: pen-test () securityfocus com
Subject: Re: CEH training

Hey Gregory,

Being the Information Security Testing Product Line Manager and lead 
instructor / researcher here at Intense School I of course somewhat 
biased, but will try to be honest in my response to this matter.

I always see a great deal of questions regarding our content and the 
CEH. I also used to teach the OPST and the real issue surrounding 
these "hacking" certifications is industry-wide approval and market 
penetration. When it comes to a world-wide cert. that has achieved 
this, it is the CEH.

To clarify, Intense School has lead the growth of the CEH in the US 
more so than any other training provider with a very high pass rate.
With that said we are also the only authorized testing provider who 
does NOT use the official CEH Curriculum. Why you may ask?
The answer is simple, quality and hands-on education. The curriculum 
provided by EC-Council for this course (while good for some) is more 
like a book than a class and the nature of the hand-on experience is 
almost non-existant.

Therefor we created a course that met our expectations, which is to 
exceed our students needs.

Our (current) courseware was developed by Clement Dupuis and John 
Nunez. I have to tell you that in my many years and having written, 
seen and taught many "Hacking" classes, John and Clement did an great 
job, with any curriculum in IT updates are mandatory.

This class certainly prepares you for the CEH, and to be honest many 
other similar certification, but is written to do more than just that.

We are continually working to offer our students the most "Intense"
training experience. In fact we are the ONLY ones to my knowledge who 
offer the same quality and hands-on training ONLINE.
http://www.intenseschool.com/bootcamps/liveonline/default.asp

If ANY of you have any questions, comments or concerns feel free to 
contact me.

Again Thank YOU and have a GREAT class, whichever you choose.

Highest Regards,

Ralph Echemendia, OPST, CEH, ECSA
Lead Instructor / ISPLM
Intense School
http://www.intenseschool.com/
8211 W. Broward Blvd., #210
Ft. Lauderdale, FL 33324
954-650-2870 (cell)
954-370-3326 (fax)
PGP Key: 1C94771AFEB42824
Fingerprint: C2FC 9594 E39F FEF2 2B8E  E0AF 1C94 771A FEB4 2824

Voted 2004 Windows IT Pro Magazine Readers' Choice winners in the 
category of Training and Certification for:
"Best Boot Camp"
"Best Instructor-Led Training"
"Best Computer-Based Training"
"Best Web-Based Training"

On Jun 21, 2005, at 2:34 PM, glemmon () onealwebster com wrote:


Hi all,

I am looking at getting some training to start my official journey 
down = the path as a Security Penetration Tester - and was wondering



about the = views on taking the Intense School's CEH boot Camp. Has 
anyone on/from the list attended their course and have and 
feedback/recommendations? My = background is predominantly Windows, 
but I am fairly functional with Linux. I am more interested in 
online  courses right now though only because I am = currently 
involved in  some projects that require me to be available for my 
office = over the  next couple of months. Any constructive feedback 
is more than = welcome.
Thanks


Gregory Lemmon, MCP, Security+
I.T. Manager





-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQrt13azt/Qm0dOI3EQL3TQCeMxBl6kIXSo8Nt0dtTEFqs1ESsuAAoMyn
NNObr2RQgcfUuPWgQ9WQzFnR
=3u4h
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: