From: Peter Mercer (inom@ozemail.com.au)
Date: Fri Nov 07 2003 - 18:51:23 EST
On reflection, or if baby had not woken up, I would have liked to add
three more points.
Q-What will this course do for my overall security knowledge? Will it
complement my understanding of ISO, COBIT, ITIL, CISSP, CISM, GIAC,
CISA.....
Apart from the people who go to learn to be a hacker so they can scare
children, pick up chicks and annoy their neighbors, most of us are doing
this for career or knowledge advancement. It would be nice to know the
course designer realised this and developed his course to fit in or
reference other security knowledge.
Q-Do you also teach the countermeasures for the exploits you use
Not just, don't use password as a password and apply latest patches but
how to implement a company wide strategy to educate and enforce good
security policy and understanding. I know there is not a lot of time for
this on a hacking course but good security is not just about the
technology
Q-Do you endeavor to teach how to report and rate the risks to both the
Business and IT departments from the information you gather during an
A&P assignment
In my mind, one of the most important parts of a course. You may be able
to hack into the bank but if you can not produce a report that clearly
shows the client, both Business and IT the risks, you have wasted their
money and your time. This one is the best skill for career advancement
(IMHO). Once again, I know there is not a lot of time for this on a
hacking course but good to start to get an understanding of how
important it is.
Q-What should I know before I attend
Kind regards
Peter Mercer
Sydney
92487000
0419892600
-----Original Message-----
From: Erik Birkholz [mailto:erik@foundstone.com]
Sent: Friday, November 07, 2003 10:49 AM
To: Peter@petersplace.com
Cc: pen-test@securityfocus.com
Subject: RE: CEH and Intense School
"Then take the "hands on" classes to reinforce and interact with others
that are learning right along side of you." -erik
My point wasn't that you can't learn from a book or that ANY class will
be zero-day current. Rather my point was that you should read our books
first, then attend. It is a bummer teaching a class that has people in
it who don't know VI or a Net Use command. It makes me stay very
focused on the material instead of breaking out and showing the newest
techniques and working on complex issues the class members are facing.
As an instructor, that is what has made my favorite classes. The
evaluations after class always seem to reflect that as well.
With that said, any instructor that wont diverge from the slides should
be marked as suspect. ;)
>Remember the book only costs $50.
Btw, my book costs $69.95 ;) So I win. =)
-----Original Message-----
From: Peter Mercer [mailto:inom@ozemail.com.au]
Sent: Thursday, November 06, 2003 2:19 PM
To: 'Andrew Turner'; Penetration Testers
Subject: RE: CEH and Intense School
Hi Andrew,
A few questions to find out about Ethical Hacking courses;
Q-What's covered over the course
Remember most courses are +- 4 - 5k, that's good money, make the sales
man do his job and explain, ask for references from past attendees.
Q-How many times has this course been delivered
You want more than 4 to know the bugs are ironed out in labs and so on.
Q-What equipment do I get to use.
You don't want to be stuck with a p2 300 laptop with 64 megs.
Q-How many and what do the lab consist of
If it's a 5 day course you would want 4 - 5 labs of a reasonable
duration and complexity (not just one box with Unicode) or it may be
death by PPT
Q-Do the labs have multiple OS and applications that need exploiting.
Your there for as much experience as you can get
Q-How old are the patch levels on the lab boxes
If they are using NT4 sp 1 and Redhat 5.3 you are not going to learn
stuff you can use a lot every day. That said even old exploits can teach
you the mindset you need to use new exploits.
Q-Is there a Firewalls involved in the lab.
Once again you want experience, if the course developer has gone to the
trouble to configs and design labs that have multiple technologies and
made a hack that needs you to bounce around all of them, you can believe
the course is well thought out.
Q-In the course how much is different or not in the Hacking Exposed
book. Foundstone have not only been writing books for years on hacking,
that everybody consults at some stage but have also been teaching for as
long or longer. So I would want to know how they differentiate
themselves from other courses or what's is in the book. Remember the
book only costs $50.
Q-What tools do you use on the course and do I get a CDrom with them all
on at the end of the course If they show you all the tools they have
personally written and wont share them or the ones they use cost
gazillions to buy that may limit how useful the course is.
Q-how much time is spent on automated vulnerability scanners (AVS) Your
not there to learn to point and click. AVS have there place but knowing
how to do it yourself is why you are there.
Q-What's for lunch
Q-Is the t-shirt cool
This is just a few questions I would ask.
Kind regards
Peter Mercer (look no alpherbet soup)
92487000
0419892600
-----Original Message-----
From: Andrew Turner [mailto:andrewhturner@yahoo.com]
Sent: Thursday, November 06, 2003 12:47 AM
To: pen-test@securityfocus.com
Subject: CEH and Intense School
Greetings,
I am considering taking the Ethical Hacking course
tought by Intense School. Has anyone had experience
with this training program? If so, I would be very
interested in hearing your comments on the program.
Thanks in Advance!
-- Andrew H. Turner, CISSP __________________________________ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree ------------------------------------------------------------------------ --- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_pen-test_031023 and use priority code SF4. ------------------------------------------------------------------------ ---- ------------------------------------------------------------------------ --- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_pen-test_031023 and use priority code SF4. ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_pen-test_031023 and use priority code SF4. ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:42 EDT