Re: CEH Books

["Michelle Duff" <mduff () tampabay rr com>]

Good luck with the job search, Peter - would love to hear how it turns out 
for you.

Thanks for the OSCP info -- I'd heard of it, but didn't know what the 
training was like - good to get the skinny on a course.

I took the CEH course from InfoSec Institute - it was a bootcamp thing. 
Typical bootcamp mode of learning - quick & dirty.
We did do capture the flag stuff which was lots of fun, but it always came 
at the end of a 11 hour day of studies geared towards getting us to pass the 
CEH exam. Now I'm home playing w/ the VMware environment trying to recreate 
similar capture the flag sessions.


----- Original Message ----- 
From: "Peter Manis" <manis () digital39 com>
To: "Michelle Duff" <mduff () tampabay rr com>
Cc: "Jay" <jay.tomas () infosecguru com>; <pen-test () securityfocus com>
Sent: Monday, August 27, 2007 1:19 PM
Subject: Re: CEH Books


> I agree as well, which is one reason I picked the OSCP before the CEH.
> To pass the OSCP I need to actually perform an attack on a machine.
> Of course this is not equal to real world experience, but as a start
> towards moving to security I felt HR may look at my resume and have
> interest in hiring me as an entry level tester because I have proven I
> can apply the knowledge I have learned vs just memorizing nmap
> switches and port numbers (not that the exam doesn't cover more).
>
> When I watched a few videos of CEH and read through the material on
> the exam it seemed the CEH was more like the first few classes at med
> school (from what I've heard), you have to memorize a bunch of names,
> functions, and instruments, but it isn't until later that you get to
> break out the tools and apply that knowledge.
>
> - Pete
>
> On 8/27/07, Michelle Duff <mduff () tampabay rr com> wrote:
> > Excellent point, Jay.
> >
> > I agree whole-heartedly -- having gotten a number of certs in my career:
> > CISSP, CCNP, MCSE and not enough hands-on led to my being viewed w/ 
> > general
> > contempt by those who knew their stuff & didn't necessarily have the 
> > certs -
> > I was a 'poser' - it stinks to be viewed that way.
> >
> > You must have the hands-on -- read, study, test -- all good. But you must 
> > do
> > this stuff - touch it, do it, think it or you'll get the same treatment I
> > did.
> >
> >
> >
> > -----Original Message-----
> > From: Jay [mailto:jay.tomas () infosecguru com]
> > Sent: Monday, August 27, 2007 11:12 AM
> > To: mduff () tampabay rr com; manis () digital39 com; 
> > pen-test () securityfocus com
> > Subject: RE: CEH Books
> >
> > <rant> If you could learn to hack/assess from reading a book everyone 
> > would
> > do it. Does a carpenter go get a book to learn to swing a hammer.?No he 
> > goes
> > out and does it and probably smashes a few knuckles in the process.The 
> > most
> > important part of hacking/assessing is opening your mind see where it 
> > leads.
> > There is a million ways to check for XSS, CSRF etc. You have to be
> > determined and flexlible. Try things even though it shouldn't work.
> >
> > e.g I was looking for XSS in a input field. Tried all the normal stale
> > "><script>alert('XSS')</script> type syntax. - nadda.
> >
> > Only after I padded it with 20 null characters (%00) on each side it did
> > pop.
> >
> > Reading should give you 'ideas' after that its up to you.
> >
> > CEH is a baseline like most certs. It says I sat through a week of 
> > training
> > and then I took a multiple choice test. May mean I know my stuff and want 
> > to
> > documnt it to an extent. Or I May be good at tests and dont know sh@t 
> > about
> > security.</rant>
> >
> > Jay
> >
> >
> > ----- Original Message -----
> > From: Michelle Duff [mailto:mduff () tampabay rr com]
> > To: manis () digital39 com,pen-test () securityfocus com
> > Sent: Fri, 24 Aug 2007 01:01:23 -0400
> > Subject: RE: CEH Books
> >
> > Peter -
> >
> > Sorry, I haven't read those books...when I can't find anyone who's read a
> > study book, I'll check out the reviews on Amazon.com - granted, the
> > reviewers may not always have a clue, but the more the book is reviewed I
> > can get an idea if it's what I need & if it's any good... I've had good
> > results w/ this method.
> >
> > Amazon readers gave Michael Graves' Exam Prep book a good review:
> > http://www.amazon.com/Certified-Ethical-Hacker-Exam-Publishing/dp/0789735318
> > /ref=sr_1_1/102-9254239-5172111?ie=UTF8&s=books&qid=1187930981&sr=1-1
> >
> > Amazon readers also gave Kimberly Graves' Review Guide good marks:
> > http://www.amazon.com/CEH-Official-Certified-Ethical-Hacker/dp/0782144373/re
> > f=sr_1_1/102-9254239-5172111?ie=UTF8&s=books&qid=1187931127&sr=1-1
> >
> > Hopefully, someone here has read the books and can comment on them.
> >
> > Good luck!
> >
> > Michelle
> >
> >
> >
> > -----Original Message-----
> > From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] 
> > On
> > Behalf Of Peter Manis
> > Sent: Thursday, August 23, 2007 6:09 PM
> > To: pen-test () securityfocus com
> > Subject: CEH Books
> >
> > I found two CEH books on Alibris and I was wondering if anyone had
> > experience with either.
> >
> > Certified Ethical Hacker: Exam 312-50
> > by Michael Gregg
> >
> > CEH: Official Certified Ethical Hacker Review Guide
> > by Kimbery Graves
> >
> > Thanks,
> >
> >  - Pete
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Cenzic
> >
> > Need to secure your web apps NOW?
> > Cenzic finds more, "real" vulnerabilities fast.
> > Click to try it, buy it or download a solution FREE today!
> >
> > http://www.cenzic.com/downloads
> > ------------------------------------------------------------------------
> >
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Cenzic
> >
> > Need to secure your web apps NOW?
> > Cenzic finds more, "real" vulnerabilities fast.
> > Click to try it, buy it or download a solution FREE today!
> >
> > http://www.cenzic.com/downloads
> > ------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------