RE: CEH Course - Your thoughts?



Personally I took my CEH class with infosec institute and it was
awesome. The class goes from 8 am to 11pm for a week the teacher was
awesome and extremely knowledgable. I also took there advanced class
which was also great. Just my two cents.

Phil

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Jason Ross
Sent: Thursday, August 21, 2008 8:43 PM
To: security-basics
Subject: Re: CEH Course - Your thoughts?

My opinion, hold off for SANS..
I'm a C|EH, and I can honestly say that (for me anyway) the course was a
tremendous waste of time and money.
( Disclaimer: I did not attend the v6 version, YMMV. )

Not only did the material covered in the class not represent what was
asked on the test, but the material was in large part outdated and not
really relevant in today's world (example: we covered using Beast to
backdoor hosts quite a bit...good luck getting that past any current A/V
system without hexing the snot outta the binary, which wasn't even
mentioned in the course, let alone taught.)

In fact, it was so bad, that myself and my co-worker (who took the
course with me) both went to the organization sponsoring the class and
made a formal complaint about it.

I took advantage of the opportunity because the company was willing to
pony up for it but not for a CISSP or even a SANS course (the cost
differences are fairly significant). If you have an opportunity to
convince your employer to spring for one of the other, it's a much
better investment on their part, despite (or perhaps because of...
I'll let others debate that) the fact that it requires a higher
commitment.

For a simple test of the relative "worth" I recommend the following
experiment:
Go to a job search website of your choice Search for the desired SANS
certification, or CISSP, then search for CEH.
Note the differences in the types and number of positions posted.

As I said, I attended an earlier version, so things may be
different...or it may just be that I ended up with a crappy instructor
(though I read through all the materials afterwards, and the "dated"
comment applies regardless). But for me, it was a real let down, and any
time anyone asks me about it, I say so.

--
Jason


On Thu, Aug 21, 2008 at 4:54 PM, J5
<lifeisnotamalfunction@xxxxxxxxxxxxxx> wrote:
I will be rounding up my first year as a security analyst soon and my
company has offered to send me to a CEH course taught by Dan Garfield
and it is held by IT Training Solutions. This is the new v6 course.

I feel very comfortable with locating vulnerabilities on the network
and exploitation methodologies. I do penetration testing on my job,
but it is a very small part of my daily activities. I see many tools
listed in the description that I just haven't had the time to go hands

on with.... and some I use extensively.

I would like to ask anyone who has attended one of these 5 day courses

to reply with their experiences. I am looking for a lab based
environment to experiment with tools I haven't had the opportunity to
use. I am already ingrained with CIA, AAA & management aspects of
infosec as well as the 'anatomy of an attack.' I want to get to the
nitty gritty and not have the same vague overview I get all the time.
I really want to spend a solid week focusing on improving my toolkit.

Do you feel like this course would be beneficial to me or should I
hold off for something else. (SANS, Foundstone, etc)