From: Pete Herzog (lists@isecom.org)
Date: Sun Dec 10 2006 - 13:40:54 EST
Hi,
mifa@stangercorp.com wrote:
> I have gone through the eh course and I still do not feel like I can really understand how to pen test.
The problem you have is not one of exploits but one of getting a bad
education. The EH course you took apparently did not prepare you for
ethical hacking or even to approach testing outside the tools and exploits
they showcased. That's a scam if they didn't make clear that the class
wasn't a show and shoot tools class. And you should be unhappy about that.
What should be "ethical hacking" is a professional course that teaches you
the skills and knowledge you need to further improve yourself on top of the
how-to and why of your tools. If you don't know how these tools and
exploits they showed work then you won't know what to do when they don't
work and how to know when they don't work right.
Unfortunately, false advertising is a tough thing to chase when it comes to
a bad education and it's up to you to prove your discontent is from a poor
education. Especially since the title of "Ethical Hacking" is not an
official profession so if you choose a class with that in the name then I
can assure you that what is in the training can be broad, old, worthless,
etc. since they are free to make it up as they want-- it's really just a title.
Tools and exploits come and go and the more tools they show you the less
time you will have to actually master any of them. I know the OSSTMM
Professional Security Tester covers about 12 utilities with real depth in
addition to teaching you how to comprehend a test case and ascertain
utilities you need when you need them. So basically the internet becomes
your toolbox and you find as you need. It's a real foundation.
I am sorry that you got shafted by the class because I know they're not
cheap. Maybe you can ask to re-take it and this time ask a lot more
questions and get deeper into the tools they showcase. Most of all, you
can ask the trainer to show you what to do if the box is up to date in its
patches.
Sincerely,
-pete.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:26 EDT