RE: EC-Counsil

• Previous message: Don Parker: "RE: QualysGuard"
• In reply to: Chris Griffin: "EC-Counsil"
• Next in thread: Hadi H. Jaafarawi: "RE: EC-Counsil"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Chris Griffin'" <cgriffin@dcmindiana.com>, "'pen test'" <pen-test@securityfocus.com>
Date: Wed, 25 Aug 2004 10:12:13 -0400

The first thing I would recommend is that you verify a few things with your
training provider first.

Ask them who the instructor for the course is, this can make a world of
difference. Ask them for the instructor resume. As them how often he has
taught before. Ask them for previous course survey on this instructor. It
is your money and you are allowed to ensure you get your money worth. If it
is some unknown, never heard of person, that claims to have taught
internationally when they have never left the states, I would get a bit
worried.

Second I would ask them if they are using their own package to teach the CEH
or using the plain vanilla package offered by the EC-Council. This can make
a whole lot of difference. If you look at the outline of each of the lesson
on the EC-Council site, you will quickly realize that some of the tools
being covered in the official package are dated and no longer being used by
a real world pen tester. It is not the tools that make a good tester; it is
the tester skills that make him a good tester. The tools are just an
instrument in his craft.

As far as training, I would recommend you take a look at
http://www.intenseschool.com/bootcamps/security/hacking/?bc=hacking

The link above will take you to the Intense School web site. They have a
really good package that leads to the CEH certification. I will sincerely
admit that I am leaning on their side as I have written a large portion of
the courseware along with John Nunes who worked at ISS for many years and
also Jack Koziol who is the author of The Shell coder Handbook and a leading
book on Snort. As you can see there were a few good brains behind the
development of this package and you cannot go wrong. The package is oriented
with what a tester does in real life (today) and not on cool tools. You
have a lifetime to learn cool tool but a one week course has to teach you
the fundamentals needed to allow you to function on your own and build on
top of this strong foundation. Methodology is one of the things that are
stressed throughout the course.

There are probably a few people on this list that have taken the course and
can comment on it if you do not want to take my word.

Take care

Have fun

Clement
-----

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

• Previous message: Don Parker: "RE: QualysGuard"
• In reply to: Chris Griffin: "EC-Counsil"
• Next in thread: Hadi H. Jaafarawi: "RE: EC-Counsil"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]