From: Michelle Duff (mduff@tampabay.rr.com)
Date: Mon Aug 27 2007 - 13:54:37 EDT
Good luck with the job search, Peter - would love to hear how it turns out
for you.
Thanks for the OSCP info -- I'd heard of it, but didn't know what the
training was like - good to get the skinny on a course.
I took the CEH course from InfoSec Institute - it was a bootcamp thing.
Typical bootcamp mode of learning - quick & dirty.
We did do capture the flag stuff which was lots of fun, but it always came
at the end of a 11 hour day of studies geared towards getting us to pass the
CEH exam. Now I'm home playing w/ the VMware environment trying to recreate
similar capture the flag sessions.
----- Original Message -----
From: "Peter Manis" <manis@digital39.com>
To: "Michelle Duff" <mduff@tampabay.rr.com>
Cc: "Jay" <jay.tomas@infosecguru.com>; <pen-test@securityfocus.com>
Sent: Monday, August 27, 2007 1:19 PM
Subject: Re: CEH Books
>I agree as well, which is one reason I picked the OSCP before the CEH.
> To pass the OSCP I need to actually perform an attack on a machine.
> Of course this is not equal to real world experience, but as a start
> towards moving to security I felt HR may look at my resume and have
> interest in hiring me as an entry level tester because I have proven I
> can apply the knowledge I have learned vs just memorizing nmap
> switches and port numbers (not that the exam doesn't cover more).
>
> When I watched a few videos of CEH and read through the material on
> the exam it seemed the CEH was more like the first few classes at med
> school (from what I've heard), you have to memorize a bunch of names,
> functions, and instruments, but it isn't until later that you get to
> break out the tools and apply that knowledge.
>
> - Pete
>
> On 8/27/07, Michelle Duff <mduff@tampabay.rr.com> wrote:
>> Excellent point, Jay.
>>
>> I agree whole-heartedly -- having gotten a number of certs in my career:
>> CISSP, CCNP, MCSE and not enough hands-on led to my being viewed w/
>> general
>> contempt by those who knew their stuff & didn't necessarily have the
>> certs -
>> I was a 'poser' - it stinks to be viewed that way.
>>
>> You must have the hands-on -- read, study, test -- all good. But you must
>> do
>> this stuff - touch it, do it, think it or you'll get the same treatment I
>> did.
>>
>>
>>
>> -----Original Message-----
>> From: Jay [mailto:jay.tomas@infosecguru.com]
>> Sent: Monday, August 27, 2007 11:12 AM
>> To: mduff@tampabay.rr.com; manis@digital39.com;
>> pen-test@securityfocus.com
>> Subject: RE: CEH Books
>>
>> <rant> If you could learn to hack/assess from reading a book everyone
>> would
>> do it. Does a carpenter go get a book to learn to swing a hammer.?No he
>> goes
>> out and does it and probably smashes a few knuckles in the process.The
>> most
>> important part of hacking/assessing is opening your mind see where it
>> leads.
>> There is a million ways to check for XSS, CSRF etc. You have to be
>> determined and flexlible. Try things even though it shouldn't work.
>>
>> e.g I was looking for XSS in a input field. Tried all the normal stale
>> "><script>alert('XSS')</script> type syntax. - nadda.
>>
>> Only after I padded it with 20 null characters (%00) on each side it did
>> pop.
>>
>> Reading should give you 'ideas' after that its up to you.
>>
>> CEH is a baseline like most certs. It says I sat through a week of
>> training
>> and then I took a multiple choice test. May mean I know my stuff and want
>> to
>> documnt it to an extent. Or I May be good at tests and dont know sh@t
>> about
>> security.</rant>
>>
>> Jay
>>
>>
>> ----- Original Message -----
>> From: Michelle Duff [mailto:mduff@tampabay.rr.com]
>> To: manis@digital39.com,pen-test@securityfocus.com
>> Sent: Fri, 24 Aug 2007 01:01:23 -0400
>> Subject: RE: CEH Books
>>
>> Peter -
>>
>> Sorry, I haven't read those books...when I can't find anyone who's read a
>> study book, I'll check out the reviews on Amazon.com - granted, the
>> reviewers may not always have a clue, but the more the book is reviewed I
>> can get an idea if it's what I need & if it's any good... I've had good
>> results w/ this method.
>>
>> Amazon readers gave Michael Graves' Exam Prep book a good review:
>> http://www.amazon.com/Certified-Ethical-Hacker-Exam-Publishing/dp/0789735318
>> /ref=sr_1_1/102-9254239-5172111?ie=UTF8&s=books&qid=1187930981&sr=1-1
>>
>> Amazon readers also gave Kimberly Graves' Review Guide good marks:
>> http://www.amazon.com/CEH-Official-Certified-Ethical-Hacker/dp/0782144373/re
>> f=sr_1_1/102-9254239-5172111?ie=UTF8&s=books&qid=1187931127&sr=1-1
>>
>> Hopefully, someone here has read the books and can comment on them.
>>
>> Good luck!
>>
>> Michelle
>>
>>
>>
>> -----Original Message-----
>> From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
>> On
>> Behalf Of Peter Manis
>> Sent: Thursday, August 23, 2007 6:09 PM
>> To: pen-test@securityfocus.com
>> Subject: CEH Books
>>
>> I found two CEH books on Alibris and I was wondering if anyone had
>> experience with either.
>>
>> Certified Ethical Hacker: Exam 312-50
>> by Michael Gregg
>>
>> CEH: Official Certified Ethical Hacker Review Guide
>> by Kimbery Graves
>>
>> Thanks,
>>
>> - Pete
>>
>> ------------------------------------------------------------------------
>> This list is sponsored by: Cenzic
>>
>> Need to secure your web apps NOW?
>> Cenzic finds more, "real" vulnerabilities fast.
>> Click to try it, buy it or download a solution FREE today!
>>
>> http://www.cenzic.com/downloads
>> ------------------------------------------------------------------------
>>
>>
>> ------------------------------------------------------------------------
>> This list is sponsored by: Cenzic
>>
>> Need to secure your web apps NOW?
>> Cenzic finds more, "real" vulnerabilities fast.
>> Click to try it, buy it or download a solution FREE today!
>>
>> http://www.cenzic.com/downloads
>> ------------------------------------------------------------------------
>>
>>
>>
>
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:04 EDT