Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: CEH Books

from [Michelle Duff] Network Security [Permanent Link]
Subject: Re: CEH Books
Date: Mon, 27 Aug 2007 13:54:37 -0400
Good luck with the job search, Peter - would love to hear how it turns out for you.

Thanks for the OSCP info -- I'd heard of it, but didn't know what the training was like - good to get the skinny on a course.

I took the CEH course from InfoSec Institute - it was a bootcamp thing. Typical bootcamp mode of learning - quick & dirty.
We did do capture the flag stuff which was lots of fun, but it always came at the end of a 11 hour day of studies geared towards getting us to pass the CEH exam. Now I'm home playing w/ the VMware environment trying to recreate similar capture the flag sessions.


----- Original Message ----- From: "Peter Manis" <manis@digital39.com>
To: "Michelle Duff" <mduff@tampabay.rr.com>
Cc: "Jay" <jay.tomas@infosecguru.com>; <pen-test@securityfocus.com>
Sent: Monday, August 27, 2007 1:19 PM
Subject: Re: CEH Books


I agree as well, which is one reason I picked the OSCP before the CEH.
To pass the OSCP I need to actually perform an attack on a machine.
Of course this is not equal to real world experience, but as a start
towards moving to security I felt HR may look at my resume and have
interest in hiring me as an entry level tester because I have proven I
can apply the knowledge I have learned vs just memorizing nmap
switches and port numbers (not that the exam doesn't cover more).

When I watched a few videos of CEH and read through the material on
the exam it seemed the CEH was more like the first few classes at med
school (from what I've heard), you have to memorize a bunch of names,
functions, and instruments, but it isn't until later that you get to
break out the tools and apply that knowledge.

- Pete

On 8/27/07, Michelle Duff <mduff@tampabay.rr.com> wrote: 
Excellent point, Jay.

I agree whole-heartedly -- having gotten a number of certs in my career:
CISSP, CCNP, MCSE and not enough hands-on led to my being viewed w/ general
contempt by those who knew their stuff & didn't necessarily have the certs -
I was a 'poser' - it stinks to be viewed that way.

You must have the hands-on -- read, study, test -- all good. But you must do
this stuff - touch it, do it, think it or you'll get the same treatment I
did.



-----Original Message-----
From: Jay [mailto:jay.tomas@infosecguru.com]
Sent: Monday, August 27, 2007 11:12 AM
To: mduff@tampabay.rr.com; manis@digital39.com; pen-test@securityfocus.com
Subject: RE: CEH Books

<rant> If you could learn to hack/assess from reading a book everyone would
do it. Does a carpenter go get a book to learn to swing a hammer.?No he goes
out and does it and probably smashes a few knuckles in the process.The most
important part of hacking/assessing is opening your mind see where it leads.
There is a million ways to check for XSS, CSRF etc. You have to be
determined and flexlible. Try things even though it shouldn't work.

e.g I was looking for XSS in a input field. Tried all the normal stale
"><script>alert('XSS')</script> type syntax. - nadda.

Only after I padded it with 20 null characters (%00) on each side it did
pop.

Reading should give you 'ideas' after that its up to you.

CEH is a baseline like most certs. It says I sat through a week of training
and then I took a multiple choice test. May mean I know my stuff and want to
documnt it to an extent. Or I May be good at tests and dont know sh@t about
security.</rant>

Jay


----- Original Message -----
From: Michelle Duff [mailto:mduff@tampabay.rr.com]
To: manis@digital39.com,pen-test@securityfocus.com
Sent: Fri, 24 Aug 2007 01:01:23 -0400
Subject: RE: CEH Books

Peter -

Sorry, I haven't read those books...when I can't find anyone who's read a
study book, I'll check out the reviews on Amazon.com - granted, the
reviewers may not always have a clue, but the more the book is reviewed I
can get an idea if it's what I need & if it's any good... I've had good
results w/ this method.

Amazon readers gave Michael Graves' Exam Prep book a good review:
http://www.amazon.com/Certified-Ethical-Hacker-Exam-Publishing/dp/0789735318
/ref=sr_1_1/102-9254239-5172111?ie=UTF8&s=books&qid=1187930981&sr=1-1

Amazon readers also gave Kimberly Graves' Review Guide good marks:
http://www.amazon.com/CEH-Official-Certified-Ethical-Hacker/dp/0782144373/re
f=sr_1_1/102-9254239-5172111?ie=UTF8&s=books&qid=1187931127&sr=1-1

Hopefully, someone here has read the books and can comment on them.

Good luck!

Michelle



-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Peter Manis
Sent: Thursday, August 23, 2007 6:09 PM
To: pen-test@securityfocus.com
Subject: CEH Books

I found two CEH books on Alibris and I was wondering if anyone had
experience with either.

Certified Ethical Hacker: Exam 312-50
by Michael Gregg

CEH: Official Certified Ethical Hacker Review Guide
by Kimbery Graves

Thanks,

 - Pete

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------







------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: CEH Books, Peter Manis
Next by Date:  Re: [WEB SECURITY] HTTP Proxy for thick clients, charlie derr
Previous by Thread:  Re: CEH Books, Peter Manis
Next by Thread:  Re: CEH Books, Peter Manis
Indexes:  [Date] [Thread] [Top] [All Lists]