Penetration Testing mailing list archives
Re: LAN pen test
From: Pete Herzog <lists () isecom org>
Date: Sun, 10 Dec 2006 19:40:54 +0100
Hi, mifa () stangercorp com wrote:
I have gone through the eh course and I still do not feel like I can really understand how to pen test.
The problem you have is not one of exploits but one of getting a bad education. The EH course you took apparently did not prepare you for ethical hacking or even to approach testing outside the tools and exploits they showcased. That's a scam if they didn't make clear that the class wasn't a show and shoot tools class. And you should be unhappy about that. What should be "ethical hacking" is a professional course that teaches you the skills and knowledge you need to further improve yourself on top of the how-to and why of your tools. If you don't know how these tools and exploits they showed work then you won't know what to do when they don't work and how to know when they don't work right. Unfortunately, false advertising is a tough thing to chase when it comes to a bad education and it's up to you to prove your discontent is from a poor education. Especially since the title of "Ethical Hacking" is not an official profession so if you choose a class with that in the name then I can assure you that what is in the training can be broad, old, worthless, etc. since they are free to make it up as they want-- it's really just a title. Tools and exploits come and go and the more tools they show you the less time you will have to actually master any of them. I know the OSSTMM Professional Security Tester covers about 12 utilities with real depth in addition to teaching you how to comprehend a test case and ascertain utilities you need when you need them. So basically the internet becomes your toolbox and you find as you need. It's a real foundation. I am sorry that you got shafted by the class because I know they're not cheap. Maybe you can ask to re-take it and this time ask a lot more questions and get deeper into the tools they showcase. Most of all, you can ask the trainer to show you what to do if the box is up to date in its patches. Sincerely, -pete. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- LAN pen test mifa (Dec 05)
- Re: LAN pen test Jerome Athias (Dec 05)
- Re: LAN pen test Krugger (Dec 07)
- RE: LAN pen test Clemens, Dan (Dec 07)
- Re: LAN pen test Cleiton Martins (Dec 05)
- Re: LAN pen test killy (Dec 07)
- Re: LAN pen test Bruno Cesar Moreira de Souza (Dec 07)
- Re: LAN pen test Pete Herzog (Dec 10)
- Re: LAN pen test Christine Kronberg (Dec 11)
- <Possible follow-ups>
- Re: LAN pen test anonymouse (Dec 05)
- Re: LAN pen test Bruno Cesar Moreira de Souza (Dec 07)
- RE: LAN pen test Nelson Brito (Dec 10)
- Re: LAN pen test Krugger (Dec 10)
- Re: LAN pen test Nick (Dec 11)
- RE: LAN pen test mifa (Dec 16)
- Re: LAN pen test Jerome Athias (Dec 05)