Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Pen Testing for investigators

from [Security Professional] Network Security [Permanent Link]
Subject: Re: Pen Testing for investigators
Date: Tue, 20 Sep 2005 08:31:56 -0400 
Ish,     I changed the subject in my response because to be honest, I 
don'tthink investigators, law enforcement officers, and the like need tofocus 
as much on pen testing, as they do with forensic analysis(hardware and 
network), Intrusion analysis, law, etc.     Traditionally, pen testing is left 
to a whole other group.  Thatbeing said, it is still somewhat understandable 
that you would stillwant to provide an overview of pen testing to broaden 
horizons.     So, here is my opinion on a few courses and classes (most of 
whichI have taken and recommend): 1) Intrusion Detection Training and Packet 
Analysis - This to me isone of the most important pieces of training if you are 
in the fieldof incident handling or intrusion detection.    To me, there is 
oneclass which stands up above the rest and that is the SANS Track 3course.  
Now, opinions aside on what they have done recently with thecertification 
(GCIA) requirements, this class is one of the mostintense courses I have gone 
through.  The amount of packet levelanalysis and IDS analysis that you do will 
make your head hurt.  Ihighly recommend this class to everyone I meet. 2) 
Forensic Analysis (Hardware) - Since we are mostly an Encase shop,I can only 
speak about Encase training.  I do know that SANS alsooffers a Forensics course 
(I think it is Track 8), but I have not beenso I cannot speak on that one.  
That being said, I would go towhatever vendor you decide to use for software, 
and ask them fortraining.  This is probably your best best for understanding 
thesoftware that your guys will be using in the field.  Sorry, not a lotof help 
here on this one. 3) Malcode analysis - I don't know if you guys will be 
getting intothis, but if you are, there are two options I would suggest here.  
Oneis a SANS certification called GREM 
(http://www.giac.org/certifications/security/grem.php).  A few of mycolleagues 
have gotten this certification and it seems to have helpedthem a great deal.  
Also, if you are looking for a cheaper alternativeto this, you can do what many 
of us have done and train yourself. Quite honestly, the best way I feel to 
learn how different malcodeworks / operates is to play with it yourself.  Get 
yourself a copy ofregmon, filemon, Tripwire, etc., and set up a little test LAN 
with arouter and simulate a normal network environment.  Run the code,analyze 
the packets, look at what registry settings are changed, seewhat files are 
created, changed, or accessed, and you will be well onyour way.  Please keep in 
mind that this is a very technicallyoriented job duty and is not for the 
everyday Joe just wanting todabble. 4) Pen Testing - This is what your original 
question was asking for,but as I stated earlier, I don't know if you really 
understand whatyou were asking (please take no offense...this is just my 
opinion). Pen Testing and classes that supposedly teach it have become all 
therage lately and quite frankly, I have yet to see a class that trulyteaches 
someone how to be a Pen Tester.  That being said, there are afew courses out 
there that will allow your guys to get their feet wetand get a base knowledge 
if that is what you are looking for.  Thebest Intro course I have attended to 
date was the CEH class (CertifiedEthical Hacker).  This class does not delve 
deep into the advancedtechniques, but does provide a broad sweep and 
understanding into howa Pen Test is performed and the every day tools used in 
the process. Also, I recently attended NSA's IAM and IEM courses which in 
myopinion, give a nice overall view on a methodology to use when doingan 
evaluation.  Also, ISECOM offers two classes based on the OSTMMthat teach a 
somewhat different methodology. Again, please keep in mind that it is somewhat 
not the norm when youuse the words Law Enforcement Officer, Forensics Analyst, 
and PenTester in the same sentence.  These are usually three, at the leasttwo, 
completely separate job functions that are performed within anorganization.  I 
have yet to stumble across an employer who wantstheir badge waivers to also be 
Pen Testers, Intrusion Analysts, andForensics Analysts at the same time (at 
least in the Govt. side ofthings). I hope this helps you out a bit.  Everyone 
has their own opinions onall these courses and subject matter, so please take 
this as anOPINION and nothing more.  In no way am I saying that this is the 
pathyou should follow.  Take care. - Brian Bartholomew
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Passwords with Lan Manager (LM) under Windows, Cedric.Baechler
Next by Date:  RE: Windows XP SP2 and Security Tools, Todd Towles
Previous by Thread:  Re: Pen Testing for investigators, Don Parker
Next by Thread:  Re: Pen Testing for investigators, eutaw_uass
Indexes:  [Date] [Thread] [Top] [All Lists]