Re: CEH training

From: Gareth Davies (gareth.davies@mynetsec.com)
Date: Thu Jun 23 2005 - 00:57:01 EDT

Tony Mesenbrink wrote:

> I have heard that the Mile2 course on penetration testing, which is an
> updated course from the CEH course they teach, is really good. My two
> cents....
>
I would agree.

I have taken CEH and have also taught it for Mile2.

They have now stopped offering CEH on the whole, as there are better
courses coming out

http://www.mile2.com/certified_ethical_hacker_training_v3.html

I personally don't think much of CEH, from what I experienced, the
slides were pretty good, but out of date, rather 'script kiddy' in
nature, focusing on tools and not the underlying knowledge required to
understand the techniques.

They provided no lab-setup or excercises of any type, I basically had to
make my own labs.

The manual was mostly print-outs of tools readme.txt's. I preferred to
use Hacking Exposed as the text in the classes, refer to the slides for
some parts and just ad-hoc the rest and add stuff from HE series.

I think the newer versions have changed, but I don't believe even the
core idea of it is to make you into a pen-tester, or even give you an
idea what to do.

The original version of CPTP was very much based on CEH, being one of
the first instructors, I didn't like, it was very tools oriented and far
too similar to CEH

http://www.mile2.com/Certified_Penetration_Testing_Professional_CPTP.html

I enforced redevelopment so it looks more at techniques, methodologies
and a lot more into the whole pen-testing process from information
gathering and passive fingerprinting, to active info gathering,
enumeration then sections for Linux, Networks, Windows, Linux, Wireless,
Databases, Web Applications and so on...

Having taught the first version of CPTP and instigated the redevelopment
I am much happier with it now, as we are trying to cram a lot into 5
days still, it's a bit rough in some places, but it will smooth out
after time. I have taught a similar thing over 5 weeks, and it still
didn't seem enough.

We are going to start running some mock courses of the latest version in
the US soon and hope to have it rolled out fully within the next
quarter. The new version of CPTP outline should be out soon.

http://www.mile2.com/Certified_Penetration_Testing_Professional_CPTP.html

Please note this is the old curriculum, the new one is more like CPTS

http://www.mile2.com/Certified_Pen_Testing_Specialist_CPTS_V3_0.html

Anyway I shall continue pushing it into something I think is decent, as
there are courses like Security+ which give you the basics and stuff
like CEH which gives you an insight into 'hacking'.

There isn't much that gives you a good mix of both, and from A-B-C-D how
to conduct a professional penetration test.

As a few people have mentioned however, these courses are at the deep
end of the technical scale and your experience will vary hugely
depending on the instructor you get, if they are a real pen-tester and
are experience, whichever courseware they deliver, you'll get something
out of it.

Just my 2 (probably biased) cents. 

-- 
Gareth Davies
Manager - Security Practice
Network Security Solutions MSC Sdn. Bhd.
Suite E-07-21, Block E, Plaza Mont' Kiara, No. 2 Jalan Kiara,
Mont’ Kiara, 50480
Kuala Lumpur, Malaysia 
Phone: +603-6203 5303
www.mynetsec.com

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:28 EDT