RE: CEH training

From: Tim Singletary (Tim@active-defense.com)
Date: Thu Jun 23 2005 - 09:49:36 EDT

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Each and everyone of these course have their good points and bad. I
have been teaching and writing security related course's for 6 years
now as an independent consultant/instructor. I have taught both the
"Official" CEH course"quotelev1">> 905.309.1911
> 866.601.4678
> www.ivolution.ca
> rzaluski@ivolution.ca
>
>
> Key fingerprint = DB39 7FC3 1F5D AD94 85DD 78B0 774D 5DE5 B011
> BD8C
> ====================================================================
> == CONFIDENTIALITY
> NOTICE: This email message, including any attachments, is for the
> sole use of the intended recipient(s) and may contain confidential
> and privileged information. If you are not the intended recipient,
> please contact the sender. Any unauthorized review, use,
> disclosure, or
> distribution is prohibited.
> ====================================================================
> =- ----Original
> Message-----
> From: glemmon@onealwebster.com [mailto:glemmon@onealwebster.com]
> Sent: Tuesday, June 21, 2005 2:35 PM
> To: pen-test@securityfocus.com
> Subject: CEH training
>
> Hi all,
>
> I am looking at getting some training to start my official journey
> down the path as a Security Penetration Tester - and was wondering
> about the views on taking the Intense School's CEH boot Camp. Has
> anyone on/from the list attended their course and have and
> feedback/recommendations? My background is predominantly Windows,
> but I am fairly functional with Linux.
> I am more interested in online courses right now though only
> because I am currently involved in some projects that require me
> to be available for my office = over the next couple of months.
> Any constructive
> feedback is more than = welcome.
> Thanks
>
>
> Gregory Lemmon, MCP, Security+
> I.T. Manager
>
>
>

- --
When did I first realize I was God ?
Well, I was praying. And suddenly, I realized I was talking to
myself.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQrq98Kzt/Qm0dOI3EQL1EACcCyQ3tLC45hnF1pzf/spvN3XElZIAoIPu
TqEHwWrVtSab5BstBCTugmQG
=jt8K
-----END PGP SIGNATURE-----

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:29 EDT

/em>
> esteem in the Infosec World, well with the exception of the Learn
> Security Online establishment. I could not get enough background
> information from their website about them.
>
> I really appreciate all the feed back, and you guys please keep up
> the great work of community building and knowledge sharing. I hope
> to be making my contribution to this list in a little while as a
> pen-tester :-)!!!
>
> Gregory
>
>
> -----Original Message-----
> From: Zuromski, Brian [mailto:brzurom@tycho.ncsc.mil]
> Sent: Wednesday, June 22, 2005 9:08 AM
> To: 'pen-test@securityfocus.com'
> Cc: 'Richard Zaluski'
> Subject: RE: CEH training
>
> I actually attended a CEH workshop. Although it was only a
> sales pitch into what the class would be about we actually got to
> keep the class book. It doesn't really teach the theory in
> hacking....although they have a short section on what is a hacker
> and what keeps someone 'ethical'. Then they proceed to show you
> how to use 5000 different WINDOZE apps that constitute hacking
> into networks and systems 'ethically' of
> course. I just thought it was more for windows people who are
> curious and want to know how to enumerate targets. (IMHO it is
> just
> information you could get elsewhere) I thought it was too dependant
> on tools, and not strong on actually how to collect information
> manually. If they would introduce linux into the class then I
> would absolutely get the CEH cert as everyone knows most windows
> tools are based off of $nix tools that have been around and you
> have to know what your doing when you use the $nix tools forcing
> more theory and know how into the class that could help people
> understand across the board.....
> I will say this, the instructor who did this (Don), was
> extremely knowledgeable and knows the unix/windoze/network side of
> things, so if you get a good instructor it might pay off on the
> way the apps are working to collect information and enumerate
> targets....and that is what you need to be a pen-tester!
>
>
>
> -----Original Message-----
> From: Richard Zaluski [mailto:rzaluski@ivolution.ca]
> Sent: Saturday, June 18, 2005 7:33 PM
> To: glemmon@onealwebster.com; pen-test@securityfocus.com
> Subject: RE: CEH training
>
>
> The issue we find with these courses is that they tend to be
> encyclopedic in nature. They teach you how to 'hack a box' rather
> then provide you with the skills a professional security tester
> needs.
>
> iVOLUTION currently has two Penetration Courses that we teach at
> IBM, its security staff and worldwide partners. Our classes are
> based upon the skills you need to become an efficient and
> resourceful security professional
>
> There are a few good courses out there that deal with Penetration
> Testing, not just ours. I would look for classes that deal
> specifically with Pen Testing rather than 'hacking'
>
> There is much more to being a pen tester than hacking. It's knowing
> the tools, techniques, methodologies and resources as well as
> understanding how to research exploits and properly assess networks
> and target systems. This is in conjunction with understanding the
> legalisms associated with testing that varies greatly in different
> countries, states, provinces and regions.
>
> As for online courses of this nature, I have not seen one as yet
> but I do understand time is an issue in your case.
>
> Regards,
>
> Richard Zaluski
> CISO, Security and Infrastructure Services iVOLUTION Technologies
> Incorporated
> 905.309.1911
> 866.601.4678
> www.ivolution.ca
> rzaluski@ivolution.ca
>
>
> Key fingerprint = DB39 7FC3 1F5D AD94 85DD 78B0 774D 5DE5 B011
> BD8C
> ====================================================================
> == CONFIDENTIALITY
> NOTICE: This email message, including any attachments, is for the
> sole use of the intended recipient(s) and may contain confidential
> and privileged information. If you are not the intended recipient,
> please contact the sender. Any unauthorized review, use,
> disclosure, or
> distribution is prohibited.
> ====================================================================
> =- ----Original
> Message-----
> From: glemmon@onealwebster.com [mailto:glemmon@onealwebster.com]
> Sent: Tuesday, June 21, 2005 2:35 PM
> To: pen-test@securityfocus.com
> Subject: CEH training
>
> Hi all,
>
> I am looking at getting some training to start my official journey
> down the path as a Security Penetration Tester - and was wondering
> about the views on taking the Intense School's CEH boot Camp. Has
> anyone on/from the list attended their course and have and
> feedback/recommendations? My background is predominantly Windows,
> but I am fairly functional with Linux.
> I am more interested in online courses right now though only
> because I am currently involved in some projects that require me
> to be available for my office = over the next couple of months.
> Any constructive
> feedback is more than = welcome.
> Thanks
>
>
> Gregory Lemmon, MCP, Security+
> I.T. Manager
>
>
>

- --
When did I first realize I was God ?
Well, I was praying. And suddenly, I realized I was talking to
myself.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQrq98Kzt/Qm0dOI3EQL1EACcCyQ3tLC45hnF1pzf/spvN3XElZIAoIPu
TqEHwWrVtSab5BstBCTugmQG
=jt8K
-----END PGP SIGNATURE-----

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:29 EDT