Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

EC-Counsil

from [Martin Wasson] Network Security [Permanent Link]
Subject: EC-Counsil
Date: Fri, 27 Aug 2004 09:37:20 -0700 (PDT) 
Don makes some good points here, and I'd just like to add a few things.  I took 
the CEH course at the InfoSec Institute in Chicago.  The class was extremely 
well done.  The target servers, the network, and the attack machines 
outstanding, and performed as I had hoped.  The instructor, Jack Koziol, was 
absolutely top-drawer.  But here's my warning, this course is (for the most 
part) for complete beginners.  But beginners in the arena of pen testing, not 
TCP/IP, nor Linux.  What struck me about the class was the fact that most of 
the participants had completely ignored the list of prerequisites.  Most had 
never even seen a Linux box, and had no idea how to even change directories.  
Accepting this as a premise, you can imagine their complete lack of any TCP/IP 
knowledge.  So if you don't know what a SYN flag is, spend your money on TCP/IP 
Illustrated Vol. I, and don't waste your time and money on a hacking class.  No 
one can teach you to be a hacker.  You learn the protocols, and then you start 
thinking like one.  That notwithstanding, if URG-PSH-FIN means something to 
you, and you don't need why/when/how to use NMAP explained to you, Don is spot 
on...learn to use the basic tools yourself and look into the advanced class 
when you're ready.  I'd like to add the disclaimer that I have no affiliation 
whatsoever with the InfoSec Institute other than my company paid for me to take 
their class.  Like Don said, there are good guys out there with valuable 
training, and there are tons of bad guys who will take your money and teach you 
nothing.  Koziol is one of the good guys, and it was apparent to me that a 
great deal of thought and effort went into the design and execution of his 
class.  That's my $.02.

Best regards and many thanks to all who contribute. We get so much from guys 
like fyodor, rfp, Dragorn, shmoo group, Renaud Deraison, David Litchfield, 
Solar Designer, Dug Song, and a hundred others I'm forgetting (sorry, but 
everyone has their favorites), it's cool to see so many people giving back.

----------------------------------------------------------------------

Not to beat this topic to death again but my two cents worth are as follows;

You are far better off taking some time to learn how all of the tools work 
in your own home lab. This gives you the luxury of time to play with them, 
and will save you a bundle of money to boot. The security industry is 
already rife with certfication bodies, and all are not created equal. To be 
honest you would be best off going with an established cert such as the 
CISSP, or one of the GIAC ones for that matter. Cert recognition by the HR 
dept can be pivotal in your getting a job.

Also with most of these types of "learn how to hack" courses there is, or 
should be a healthy list of prerequisite skills ie: knowledge of certain 
tools, tcp/ip, programming concepts.... What some or most of these courses 
teach is how to formalize your approach to a pen-test. That can also be 
learned though a book vice paying a large sum of money to learn what I would 
consider the obvious.

To sum up what I would advise people to do is simply learn on your own. That 
is after all one of the greatest assets of the hacker is it not? Self 
motivation and tenacity coupled with curiousity will go a long way in 
helping you down the road to getting into the computer security field.

Cheers,

Don

------------------------------------------
Don Parker, GCIA
Intrusion Detection Specialist
1.613.302.2910(c)
------------------------------------------

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: QualysGuard, dagney
Next by Date:  Paros v3.1.3 (proxy plus scanner) is now available!, contact
Previous by Thread:  Re: EC-Counsil, Don Parker
Next by Thread:  RE: EC-Counsil, randori .
Indexes:  [Date] [Thread] [Top] [All Lists]