RE: CEH training

From: Thomas Brennan (tbrennan@datasafeservices.com)
Date: Wed Jun 29 2005 - 14:21:10 EDT

As a Authorized Training Center for EC-Council for the "Ethical Hacker
Class" I wanted to add my two cents to the thread.

1. EC-Council material is "baseline" for competence in the space and a
good course for the infosec professional that seeks knowledge on
methods/methodology etc. After delivery of the course materials that
will satisfy the Thompson Prometric exam and combined with EXCELLENT
materials of ISECOM - OSSTMM Open Source Security Testing Methodology
Manual (www.isecom.org/osstmm) as well as the OWASP (www.owasp.org)
including the Top 10 and WebHacking Tutorials such as Webgoat and add in
some NIST 800 Series and you could have a very rich and content filled
course that can fill up 10-15hr days for the hardcore.

2. Speaking to the point of the instructor -- in instructor led training
this will make or break the course. If this guy is a d$ck or does not
explain but reads the book that's a problem. It is important to have a
well respected, technical trainer that can deliver the course to the
students and also has field time in front of clients and doing
assessments so when the students take the practical exam/Prometric
muli-choice they can say... WOW I learned something.

3. A missed point many times is the class size and students. If the
individual is seeking hands-on training.... Really seeking training is
always a welcome student. There is always those that attend a company
paid course with little desire to "learn" show up late, leave early and
in some cases have to be asked to leave due to being a distraction to
the others in the room.

So what I want to get across is all of the above is important in
training. There are some really good firms providing training as well as
some really good books. But as you know just because someone has a
Drivers License (Passes some certification) this alone does not make the
a good driver right... Ask my wife she's horrible ;) or having a M.D.
after your name does not mean patients will not die. Certs raise the bar
- read the book, attend the CON's stay current with the industry as
course materials gets outdated VERY quickly....

Methodology does not we're still breaking things using the same old
white board and markers as we have for years...

Finally, if anyone is interested in using the OWASP WebGoat WebHacking
Tutorial LIVE (Thanks to Aspect Security/Jeff William) it is now LIVE on
our public site along with our instructors bio's visit
www.datasafeservices.com for more details.

Semper Fi,

Thomas Brennan, CISSP, C|EH, MCSA, CFSO
Data Safe Services (SDVOSB)
Website: www.datasafeservices.com
Main: 1-888-663-0079

-----Original Message-----
From: glemmon@onealwebster.com [mailto:glemmon@onealwebster.com]
Sent: Friday, June 24, 2005 4:29 PM
To: a2zpensec@gmail.com; pen-test@securityfocus.com
Subject: RE: CEH training

FCH,

It is pretty much up to you as to which training option you decide to
use.
>From the feedback I got and I guess like any other learning process much
depends on the instructor you get: their own level of knowledge and
experience, your willingness to learn (and aptitude for the subject
area). I only named Intense School because I saw that they had an online
option, which is one of the very MAJOR factors for me right now. There
are a lot of books out there that will help you along the way and the
OSSTMM document by ISECOM is very well written, I cannot believe I did
not take the time to read it before now. I am not sure if there is an
equivalent course manual for the CEH that you can just purchase and go
through, the course materials used by the organisations that offer the
course seem to be a customised product done by the particular
institution.

You can check out the various institutions though a lot of them have
their course outline that you can download and go over, just remember as
I have learnt from this very topic a good course outline does not
guarantee a good instructor or learning experience. I guess what I am
saying is you must do some checking on your own, and ultimately make
your own decision it is your money and time that will be invested.

Gregory

-----Original Message-----
From: NativePenSec [mailto:a2zpensec@gmail.com]
Sent: Friday, June 24, 2005 11:26 AM
To: pen-test@securityfocus.com
Subject: Re: CEH training

Ok...my take is that the official EC Council courseware is NOT the one
to use to study for the CEH exam, RIGHT?? If so, what are the
alternatives. I do have a home network ( a linux box, xp, 2k and cisco
router) and have been doing inhouse hacking (if you will). I downloaded
the exam objects and have been learning towards these objectives.

So....should I use the official EC Council courseware or do an intense
school route??

Thanks!
-FCH

 

On 6/23/05, Tim Singletary <Tim@active-defense.com> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Ralph/Gregory
> The Infosec Institute is an authorized EC Council training and
> testing center and they DO NOT use the "stock" EC Council courseware.
>
> But to put it simple Greg was asking for opinions and this has turned
> into a mass marketing campaign. Looking back through this thread every

> person that teaches the CEH has piped in and said "theirs" was the
> best.
>
> Two things, first Gregory was asking for an honest, unbiased,
> reference to the CEH, second these forums were designed to promote
> learning and cohesion among fellow pen-testers, not a forum for mass
> marketing.
>
>
>
> Timothy Singletary
> CISSP,CISM,CEI,CEH,Security+,CTT+,MCP
> 315.601.0953 Cell
> Tim@active-defense.com
>
> - -----Original Message-----
> From: Ralph Echemendia [mailto:ralph.echemendia@gmail.com]
> Sent: Thursday, June 23, 2005 10:44 AM
> To: glemmon@onealwebster.com
> Cc: pen-test@securityfocus.com
> Subject: Re: CEH training
>
> Hey Gregory,
>
> Being the Information Security Testing Product Line Manager and lead
> instructor / researcher here at Intense School I of course somewhat
> biased, but will try to be honest in my response to this matter.
>
> I always see a great deal of questions regarding our content and the
> CEH. I also used to teach the OPST and the real issue surrounding
> these "hacking" certifications is industry-wide approval and market
> penetration. When it comes to a world-wide cert. that has achieved
> this, it is the CEH.
>
> To clarify, Intense School has lead the growth of the CEH in the US
> more so than any other training provider with a very high pass rate.
> With that said we are also the only authorized testing provider who
> does NOT use the official CEH Curriculum. Why you may ask?
> The answer is simple, quality and hands-on education. The curriculum
> provided by EC-Council for this course (while good for some) is more
> like a book than a class and the nature of the hand-on experience is
> almost non-existant.
>
> Therefor we created a course that met our expectations, which is to
> exceed our students needs.
>
> Our (current) courseware was developed by Clement Dupuis and John
> Nunez. I have to tell you that in my many years and having written,
> seen and taught many "Hacking" classes, John and Clement did an great
> job, with any curriculum in IT updates are mandatory.
>
> This class certainly prepares you for the CEH, and to be honest many
> other similar certification, but is written to do more than just that.
>
> We are continually working to offer our students the most "Intense"
> training experience. In fact we are the ONLY ones to my knowledge who
> offer the same quality and hands-on training ONLINE.
> http://www.intenseschool.com/bootcamps/liveonline/default.asp
>
> If ANY of you have any questions, comments or concerns feel free to
> contact me.
>
> Again Thank YOU and have a GREAT class, whichever you choose.
>
> Highest Regards,
>
> Ralph Echemendia, OPST, CEH, ECSA
> Lead Instructor / ISPLM
> Intense School
> http://www.intenseschool.com/
> 8211 W. Broward Blvd., #210
> Ft. Lauderdale, FL 33324
> 954-650-2870 (cell)
> 954-370-3326 (fax)
> PGP Key: 1C94771AFEB42824
> Fingerprint: C2FC 9594 E39F FEF2 2B8E E0AF 1C94 771A FEB4 2824
>
> Voted 2004 Windows IT Pro Magazine Readers' Choice winners in the
> category of Training and Certification for:
> "Best Boot Camp"
> "Best Instructor-Led Training"
> "Best Computer-Based Training"
> "Best Web-Based Training"
>
> On Jun 21, 2005, at 2:34 PM, glemmon@onealwebster.com wrote:
>
> > Hi all,
> >
> > I am looking at getting some training to start my official journey
> > down = the path as a Security Penetration Tester - and was wondering

> > about the = views on taking the Intense School's CEH boot Camp. Has
> > anyone on/from the list attended their course and have and
> > feedback/recommendations? My = background is predominantly Windows,
> > but I am fairly functional with Linux. I am more interested in
> > online courses right now though only because I am = currently
> > involved in some projects that require me to be available for my
> > office = over the next couple of months. Any constructive feedback
> > is more than = welcome.
> > Thanks
> >
> >
> > Gregory Lemmon, MCP, Security+
> > I.T. Manager
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0.3
>
> iQA/AwUBQrt13azt/Qm0dOI3EQL3TQCeMxBl6kIXSo8Nt0dtTEFqs1ESsuAAoMyn
> NNObr2RQgcfUuPWgQ9WQzFnR
> =3u4h
> -----END PGP SIGNATURE-----
>
>
>

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:30 EDT