Re: CEH training

• Previous message: paul dansing: "Re: Core Impact"
• In reply to: Richard Zaluski: "RE: CEH training"
• Next in thread: Pete Herzog: "Re: CEH training"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 22 Jun 2005 17:24:39 -0700
To: Richard Zaluski <rzaluski@ivolution.ca>

Securitycompass is teaching a class in upcoming HackInTheBox.org on
it, I have heard good things about it, my friend took their course and
it was pretty good. I have seen the content as well and looks good. I
would definately suggest contacting them to see if they have any
upcoming public classes.

dk.

On 6/22/05, Richard Zaluski <rzaluski@ivolution.ca> wrote:
> Regarding "tools" and windows, most of the security tools that run on
> Windows are simply ported over from the *nix world. They run much better
> and often times allow much more flexibility in their use due to the way
> Windows and *nix operates and interacts with them.
>
> Its much better, in my opinion to run a tool on its native operating system.
> I have seen nmap for example running on MS 2000 professional completely lag
> behind the *nix version.
>
>
> Richard Zaluski
> CISO, Security and Infrastructure Services
> iVOLUTION Technologies Incorporated
> 905.309.1911
> 866.601.4678
> www.ivolution.ca
> rzaluski@ivolution.ca
>
>
> Key fingerprint = DB39 7FC3 1F5D AD94 85DD 78B0 774D 5DE5 B011 BD8C
> =======================================================================
> CONFIDENTIALITY NOTICE: This email message, including any
> attachments, is for the sole use of the intended recipient(s) and may
> contain confidential and privileged information. If you are not the
> intended recipient, please contact the sender. Any unauthorized review,
> use, disclosure, or distribution is prohibited.
> =======================================================================
>
> -----Original Message-----
> From: glemmon@onealwebster.com [mailto:glemmon@onealwebster.com]
> Sent: Wednesday, June 22, 2005 2:30 PM
> To: brzurom@tycho.ncsc.mil; pen-test@securityfocus.com
> Cc: rzaluski@ivolution.ca
> Subject: RE: CEH training
>
> Thank you all for your comments, suggestions and recommendations. This is
> my
> take away from your feedback: The CEH cert needs some improvement, in that
> it
> is 1) very Tools oriented 2) more windows than *nix oriented (not
> necessarily
> a bad thing considering the average Windows Admin is light years behind the
> average *nix Admin in general network and sys know how) 3) Good training is
> very dependent on the Instructor you get (this is probably the issue in a
> lot
> of cases not just CEH cert/training).
>
> A lot of you that responded seem to have overlooked a minor detail though -
> I
> need something (training offering) preferably in an online format, I will
> not
> be able to travel for another two months project completion deadlines.
>
> I have looked at the SANS@Home course "Hacker Techniques, Exploits &
> Incident
> Handling" Instructor - Ed Skoudis and that is what I am leaning towards
> enrolling in. I also looked at ISECOM, Learn Security Online, SensePost and
> Foundstone. All are impressive in their syllabus/course outline and I know
> from reading some of the books from the Hacking Exposed series as well as
> other general reading that these institutions and their instructors are held
> in high esteem in the Infosec World, well with the exception of the Learn
> Security Online establishment. I could not get enough background information
> from their website about them.
>
> I really appreciate all the feed back, and you guys please keep up the great
> work of community building and knowledge sharing. I hope to be making my
> contribution to this list in a little while as a pen-tester :-)!!!
>
> Gregory
>
>
> -----Original Message-----
> From: Zuromski, Brian [mailto:brzurom@tycho.ncsc.mil]
> Sent: Wednesday, June 22, 2005 9:08 AM
> To: 'pen-test@securityfocus.com'
> Cc: 'Richard Zaluski'
> Subject: RE: CEH training
>
> I actually attended a CEH workshop. Although it was only a sales pitch
> into what the class would be about we actually got to keep the class book.
> It doesn't really teach the theory in hacking....although they have a short
> section on what is a hacker and what keeps someone 'ethical'. Then they
> proceed to show you how to use 5000 different WINDOZE apps that constitute
> hacking into networks and systems 'ethically' of course. I just thought it
> was more for windows people who are curious and want to know how to
> enumerate
> targets. (IMHO it is just information you could get elsewhere) I thought it
> was too dependant on tools, and not strong on actually how to collect
> information manually. If they would introduce linux into the class then I
> would absolutely get the CEH cert as everyone knows most windows tools are
> based off of $nix tools that have been around and you have to know what your
> doing when you use the $nix tools forcing more theory and know how into the
> class that could help people understand across the board.....
> I will say this, the instructor who did this (Don), was extremely
> knowledgeable and knows the unix/windoze/network side of things, so if you
> get a good instructor it might pay off on the way the apps are working to
> collect information and enumerate targets....and that is what you need to be
> a pen-tester!
>
>
>
> -----Original Message-----
> From: Richard Zaluski [mailto:rzaluski@ivolution.ca]
> Sent: Saturday, June 18, 2005 7:33 PM
> To: glemmon@onealwebster.com; pen-test@securityfocus.com
> Subject: RE: CEH training
>
>
> The issue we find with these courses is that they tend to be encyclopedic in
> nature. They teach you how to 'hack a box' rather then provide you with the
> skills a professional security tester needs.
>
> iVOLUTION currently has two Penetration Courses that we teach at IBM, its
> security staff and worldwide partners. Our classes are based upon the skills
> you need to become an efficient and resourceful security professional
>
> There are a few good courses out there that deal with Penetration Testing,
> not just ours. I would look for classes that deal specifically with Pen
> Testing rather than 'hacking'
>
> There is much more to being a pen tester than hacking. It's knowing the
> tools, techniques, methodologies and resources as well as understanding how
> to research exploits and properly assess networks and target systems. This
> is
> in conjunction with understanding the legalisms associated with testing that
> varies greatly in different countries, states, provinces and regions.
>
> As for online courses of this nature, I have not seen one as yet but I do
> understand time is an issue in your case.
>
> Regards,
>
> Richard Zaluski
> CISO, Security and Infrastructure Services iVOLUTION Technologies
> Incorporated
> 905.309.1911
> 866.601.4678
> www.ivolution.ca
> rzaluski@ivolution.ca
>
>
> Key fingerprint = DB39 7FC3 1F5D AD94 85DD 78B0 774D 5DE5 B011 BD8C
> =======================================================================
> CONFIDENTIALITY NOTICE: This email message, including any
> attachments, is for the sole use of the intended recipient(s) and may
> contain confidential and privileged information. If you are not the
> intended recipient, please contact the sender. Any unauthorized review,
> use, disclosure, or distribution is prohibited.
> =======================================================================
>
> -----Original Message-----
> From: glemmon@onealwebster.com [mailto:glemmon@onealwebster.com]
> Sent: Tuesday, June 21, 2005 2:35 PM
> To: pen-test@securityfocus.com
> Subject: CEH training
>
> Hi all,
>
> I am looking at getting some training to start my official journey down =
> the path as a Security Penetration Tester - and was wondering about the =
> views on taking the Intense School's CEH boot Camp. Has anyone on/from the
> list attended their course and have and feedback/recommendations? My =
> background is predominantly Windows, but I am fairly functional with Linux.
> I am more interested in online courses right now though only because I am =
> currently involved in some projects that require me to be available for my
> office = over the next couple of months. Any constructive feedback is more
> than = welcome.
> Thanks
>
>
> Gregory Lemmon, MCP, Security+
> I.T. Manager
>
>
>
>
>

• Previous message: paul dansing: "Re: Core Impact"
• In reply to: Richard Zaluski: "RE: CEH training"
• Next in thread: Pete Herzog: "Re: CEH training"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]