Penetration Testing mailing list archives
RE: CEH training
From: "Thomas Brennan" <tbrennan () datasafeservices com>
Date: Wed, 29 Jun 2005 14:21:10 -0400
As a Authorized Training Center for EC-Council for the "Ethical Hacker Class" I wanted to add my two cents to the thread. 1. EC-Council material is "baseline" for competence in the space and a good course for the infosec professional that seeks knowledge on methods/methodology etc. After delivery of the course materials that will satisfy the Thompson Prometric exam and combined with EXCELLENT materials of ISECOM - OSSTMM Open Source Security Testing Methodology Manual (www.isecom.org/osstmm) as well as the OWASP (www.owasp.org) including the Top 10 and WebHacking Tutorials such as Webgoat and add in some NIST 800 Series and you could have a very rich and content filled course that can fill up 10-15hr days for the hardcore. 2. Speaking to the point of the instructor -- in instructor led training this will make or break the course. If this guy is a d$ck or does not explain but reads the book that's a problem. It is important to have a well respected, technical trainer that can deliver the course to the students and also has field time in front of clients and doing assessments so when the students take the practical exam/Prometric muli-choice they can say... WOW I learned something. 3. A missed point many times is the class size and students. If the individual is seeking hands-on training.... Really seeking training is always a welcome student. There is always those that attend a company paid course with little desire to "learn" show up late, leave early and in some cases have to be asked to leave due to being a distraction to the others in the room. So what I want to get across is all of the above is important in training. There are some really good firms providing training as well as some really good books. But as you know just because someone has a Drivers License (Passes some certification) this alone does not make the a good driver right... Ask my wife she's horrible ;) or having a M.D. after your name does not mean patients will not die. Certs raise the bar - read the book, attend the CON's stay current with the industry as course materials gets outdated VERY quickly.... Methodology does not we're still breaking things using the same old white board and markers as we have for years... Finally, if anyone is interested in using the OWASP WebGoat WebHacking Tutorial LIVE (Thanks to Aspect Security/Jeff William) it is now LIVE on our public site along with our instructors bio's visit www.datasafeservices.com for more details. Semper Fi, Thomas Brennan, CISSP, C|EH, MCSA, CFSO Data Safe Services (SDVOSB) Website: www.datasafeservices.com Main: 1-888-663-0079 -----Original Message----- From: glemmon () onealwebster com [mailto:glemmon () onealwebster com] Sent: Friday, June 24, 2005 4:29 PM To: a2zpensec () gmail com; pen-test () securityfocus com Subject: RE: CEH training FCH, It is pretty much up to you as to which training option you decide to use.
From the feedback I got and I guess like any other learning process much
depends on the instructor you get: their own level of knowledge and experience, your willingness to learn (and aptitude for the subject area). I only named Intense School because I saw that they had an online option, which is one of the very MAJOR factors for me right now. There are a lot of books out there that will help you along the way and the OSSTMM document by ISECOM is very well written, I cannot believe I did not take the time to read it before now. I am not sure if there is an equivalent course manual for the CEH that you can just purchase and go through, the course materials used by the organisations that offer the course seem to be a customised product done by the particular institution. You can check out the various institutions though a lot of them have their course outline that you can download and go over, just remember as I have learnt from this very topic a good course outline does not guarantee a good instructor or learning experience. I guess what I am saying is you must do some checking on your own, and ultimately make your own decision it is your money and time that will be invested. Gregory -----Original Message----- From: NativePenSec [mailto:a2zpensec () gmail com] Sent: Friday, June 24, 2005 11:26 AM To: pen-test () securityfocus com Subject: Re: CEH training Ok...my take is that the official EC Council courseware is NOT the one to use to study for the CEH exam, RIGHT?? If so, what are the alternatives. I do have a home network ( a linux box, xp, 2k and cisco router) and have been doing inhouse hacking (if you will). I downloaded the exam objects and have been learning towards these objectives. So....should I use the official EC Council courseware or do an intense school route?? Thanks! -FCH On 6/23/05, Tim Singletary <Tim () active-defense com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ralph/Gregory The Infosec Institute is an authorized EC Council training and testing center and they DO NOT use the "stock" EC Council courseware. But to put it simple Greg was asking for opinions and this has turned into a mass marketing campaign. Looking back through this thread every
person that teaches the CEH has piped in and said "theirs" was the best. Two things, first Gregory was asking for an honest, unbiased, reference to the CEH, second these forums were designed to promote learning and cohesion among fellow pen-testers, not a forum for mass marketing. Timothy Singletary CISSP,CISM,CEI,CEH,Security+,CTT+,MCP 315.601.0953 Cell Tim () active-defense com - -----Original Message----- From: Ralph Echemendia [mailto:ralph.echemendia () gmail com] Sent: Thursday, June 23, 2005 10:44 AM To: glemmon () onealwebster com Cc: pen-test () securityfocus com Subject: Re: CEH training Hey Gregory, Being the Information Security Testing Product Line Manager and lead instructor / researcher here at Intense School I of course somewhat biased, but will try to be honest in my response to this matter. I always see a great deal of questions regarding our content and the CEH. I also used to teach the OPST and the real issue surrounding these "hacking" certifications is industry-wide approval and market penetration. When it comes to a world-wide cert. that has achieved this, it is the CEH. To clarify, Intense School has lead the growth of the CEH in the US more so than any other training provider with a very high pass rate. With that said we are also the only authorized testing provider who does NOT use the official CEH Curriculum. Why you may ask? The answer is simple, quality and hands-on education. The curriculum provided by EC-Council for this course (while good for some) is more like a book than a class and the nature of the hand-on experience is almost non-existant. Therefor we created a course that met our expectations, which is to exceed our students needs. Our (current) courseware was developed by Clement Dupuis and John Nunez. I have to tell you that in my many years and having written, seen and taught many "Hacking" classes, John and Clement did an great job, with any curriculum in IT updates are mandatory. This class certainly prepares you for the CEH, and to be honest many other similar certification, but is written to do more than just that. We are continually working to offer our students the most "Intense" training experience. In fact we are the ONLY ones to my knowledge who offer the same quality and hands-on training ONLINE. http://www.intenseschool.com/bootcamps/liveonline/default.asp If ANY of you have any questions, comments or concerns feel free to contact me. Again Thank YOU and have a GREAT class, whichever you choose. Highest Regards, Ralph Echemendia, OPST, CEH, ECSA Lead Instructor / ISPLM Intense School http://www.intenseschool.com/ 8211 W. Broward Blvd., #210 Ft. Lauderdale, FL 33324 954-650-2870 (cell) 954-370-3326 (fax) PGP Key: 1C94771AFEB42824 Fingerprint: C2FC 9594 E39F FEF2 2B8E E0AF 1C94 771A FEB4 2824 Voted 2004 Windows IT Pro Magazine Readers' Choice winners in the category of Training and Certification for: "Best Boot Camp" "Best Instructor-Led Training" "Best Computer-Based Training" "Best Web-Based Training" On Jun 21, 2005, at 2:34 PM, glemmon () onealwebster com wrote:Hi all, I am looking at getting some training to start my official journey down = the path as a Security Penetration Tester - and was wondering
about the = views on taking the Intense School's CEH boot Camp. Has anyone on/from the list attended their course and have and feedback/recommendations? My = background is predominantly Windows, but I am fairly functional with Linux. I am more interested in online courses right now though only because I am = currently involved in some projects that require me to be available for my office = over the next couple of months. Any constructive feedback is more than = welcome. Thanks Gregory Lemmon, MCP, Security+ I.T. Manager-----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQrt13azt/Qm0dOI3EQL3TQCeMxBl6kIXSo8Nt0dtTEFqs1ESsuAAoMyn NNObr2RQgcfUuPWgQ9WQzFnR =3u4h -----END PGP SIGNATURE-----
Current thread:
- RE: Sample pent test agreement, (continued)
- RE: Sample pent test agreement Erin Carroll (Jun 26)
- RE: Sample pent test agreement Irene Abezgauz (Jun 26)
- RE: Sample pent test agreement random (Jun 27)
- Re: Sample pent test agreement Pete Herzog (Jun 30)
- RE: Sample pent test agreement Password Crackers, Inc. (Jun 27)
- Skill set ? prdp (Jun 30)
- Re: Skill set ? plug (Jun 30)
- Re: CEH training Antivirus Taneja (Jun 26)
- Re: CEH training Abhijayendra Singh (Jun 27)
- Re: CEH training ctg (Jun 30)
- RE: CEH training Erin Carroll (Jun 30)