RE: CEH Books

From: Jay (jay.tomas@infosecguru.com)
Date: Mon Aug 27 2007 - 11:11:36 EDT

<rant> If you could learn to hack/assess from reading a book everyone would do it. Does a carpenter go get a book to learn to swing a hammer.?No he goes out and does it and probably smashes a few knuckles in the process.The most important part of hacking/assessing is opening your mind see where it leads. There is a million ways to check for XSS, CSRF etc. You have to be determined and flexlible. Try things even though it shouldn't work.

e.g I was looking for XSS in a input field. Tried all the normal stale "><script>alert('XSS')</script> type syntax. - nadda.

Only after I padded it with 20 null characters (%00) on each side it did pop.
 
Reading should give you 'ideas' after that its up to you.

CEH is a baseline like most certs. It says I sat through a week of training and then I took a multiple choice test. May mean I know my stuff and want to documnt it to an extent. Or I May be good at tests and dont know sh@t about security.</rant>

Jay

----- Original Message -----
From: Michelle Duff [mailto:mduff@tampabay.rr.com]
To: manis@digital39.com,pen-test@securityfocus.com
Sent: Fri, 24 Aug 2007 01:01:23 -0400
Subject: RE: CEH Books

Peter -

Sorry, I haven't read those books...when I can't find anyone who's read a
study book, I'll check out the reviews on Amazon.com - granted, the
reviewers may not always have a clue, but the more the book is reviewed I
can get an idea if it's what I need & if it's any good... I've had good
results w/ this method.

Amazon readers gave Michael Graves' Exam Prep book a good review:
http://www.amazon.com/Certified-Ethical-Hacker-Exam-Publishing/dp/0789735318
/ref=sr_1_1/102-9254239-5172111?ie=UTF8&s=books&qid=1187930981&sr=1-1

Amazon readers also gave Kimberly Graves' Review Guide good marks:
http://www.amazon.com/CEH-Official-Certified-Ethical-Hacker/dp/0782144373/re
f=sr_1_1/102-9254239-5172111?ie=UTF8&s=books&qid=1187931127&sr=1-1

Hopefully, someone here has read the books and can comment on them.

Good luck!

Michelle

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Peter Manis
Sent: Thursday, August 23, 2007 6:09 PM
To: pen-test@securityfocus.com
Subject: CEH Books

I found two CEH books on Alibris and I was wondering if anyone had
experience with either.

Certified Ethical Hacker: Exam 312-50
by Michael Gregg

CEH: Official Certified Ethical Hacker Review Guide
by Kimbery Graves

Thanks,

 - Pete

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:04 EDT