From: circut@felinemenace.org
Date: Tue Jun 14 2005 - 13:31:19 EDT
The CEH certificate really doesn't deal with discovering your own security
holes in code. It more focuses on using the code / tools that are
available at the time. For example, when I took the class IIS bugs were
rampant, so the instructor basically passed out a zip file of every IIS
exploit out at the time, and told us to try and exploit the webserver...
Just don't go into the class thinking it will make you a programmer.
Also, the class was limited to the windows scope of things. Sure we
discussed a little bit of linux stuff, but about 80% of the class was
windows related... Just something to keep in mind if you already have a
strong windows background.
As for things they discuss:
Wifi, wardialing (yes, they do), network scanning with nmap / superscan,
sniffing with ethereal & tcpdump, using whois / dig / nslookup
to find contact info, bruteforcing cisco's, google diving (ex: finding a
cisco password from a config submitted to a forum or so), some SQL
injection, and changing varible values in GET / POST applications via
proxy or just editing a local copy of the form, about 30 minutes of
buffer overflows... But other then that it's really more focused on
teaching you to use the tools for attacks and vulnerabilities that are
already out there.
-circut
On Tue, 14 Jun 2005 lloyd@treleven.freeserve.co.uk wrote:
> I have been a sofware tester for the past five years mainly testing
> windows applications. And I am interested in gaining the CEH certicate
> what other skills should I look at gaining? E.g. ASP, PHP etc?
>
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:25 EDT