From: Clement Dupuis (cdupuis@cccure.org)
Date: Fri Nov 14 2003 - 10:04:45 EST
Good day James, Pete, Brian, Andrew, and all,
Pete is totally right, the first OSSTMM based courses were run by Ideahamster and I would never have claimed or alluded in any, shape, or
form anything to the contrary considering that I know the OSSTMM history well.
>> Finally, the Intense School course teaches the OSSTMM methodology
>> - in fact
>> a large portion of class time is spent on this, and it provides the
>> structure for what is done. They were doing an OSSTMM-based course before
>> there was an official one sanctioned by ISECOM, and they do a good job
>> covering it.
I can understand that some of the students get this impression simply because the first time they hear about the OSSTMM is when they come for our class. This prove to me that the huge education process that Pete has started is indeed needed and it is nice to see the OSSTMM taking part in activities and conferences (RSA for example) on the North American side as well as the European side.
>I wrote the OSSTMM and I think you are very wrong about the ISECOM
>sanctioned courses.
Please do not mix SANCTIONED and BASED ON, as mentioned: our courseware methodology is largely based on the OSSTMM which I strongly believe is the only testing methodology that is thorough and complete out there. I am often pressure to remove the methodology portion or to shrink it down to merely nothing, however I have resisted and will continue resisting because this is what makes the difference between simply a tool course and a course that shows you what you really need to know to do your job out in the field.
>Our classes are based on OSSTMM 3.0 which has not been released yet to the
>public (public version is 2.1). If any group has OSSTMM training materials
>above 2.1 and they are not listed on our web page then they are either
>stolen or fraudulent materials.
I can personnally tell you that our courseware is NOT using any of the unrelease material and the version of the OSSTMM being distributed as a bound copy to the students is the public release of the OSSTMM.
Best regards
Clement
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_pen-test_031023
and use priority code SF4.
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:42 EDT