Re: [Full-Disclosure] Training & Certifications
From: Dave Aitel (dave_at_immunitysec.com)
To: Harlan Carvey <firstname.lastname@example.org> Date: Sat, 03 Apr 2004 18:56:44 -0500
-----BEGIN PGP SIGNED MESSAGE-----
If you want to learn how to write exploits, Immunity is doing a
Windows Exploitation class Apr 29-30 in Manhattan. Feel free to email
me if you'd like more information...
Harlan Carvey wrote:
|> I'm not an authority on training as the only training I've had is
|> SANS, but I can vouch for the quality it.
| Any particular instructors? I find it hard to believe that someone
| who is an instructor at SANS would endorse tools like inzider. But
| I do know other instructors that are pretty darned good...Jennifer
| Kolde, for example.
|> ...when I see certain letters, I do pay closer attention.
| Which ones?
|> I'll break the ice by starting with something facetious like
|> "What is the first thing you do with a Windows box and the last
|> thing you do with a *NIX box when you have trouble?" Answer:
| I agree that would be a good way to break the ice, but from a
| professional standpoint, I don't think it's a great idea. In the
| real world, rebooting a Windows box isn't the first thing you
| should be doing. I might be concerned that with such a question,
| that might give the candidate an improper impression of how the
| company conducts itself.
| The rest of your questions are good ones to ask, but again, for
| Robert, I really think it depends on what sorts of services the
| company plans to offer.
|> For sysadmins, I ask easier, more system specific questions, but
|> for security I ask broad, tough questions because of the
|> requirements of the field. I have only had one person so far,
|> answer all correctly.
| Keep in mind, though, that depending upon the questions, what's
| 'right' may be subjective.
| _______________________________________________ Full-Disclosure -
| We believe in it. Charter:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.