Penetration Testing
CEH program and Sybex Study Guide Sep 24 2011 07:01PM
Alberto Medina (amedinaj gmail com) (2 replies)
Re: CEH program and Sybex Study Guide Sep 28 2011 01:08PM
Michael Richard (alfarichard gmail com) (2 replies)
Re: CEH program and Sybex Study Guide Sep 30 2011 05:08PM
Robert Musser (rmusser2209 gmail com) (1 replies)

I have something to add here, I'm currently enrolled in the eCPPT course, I'm on the last module and am about to start doing the online web app pentests as practice for the test. I have not taken the oscp. From what I've seen and understand, the course(eCPPT) itself is nice in the sense it's a reference organized nicely and you have lifetime access to it. The forums are not that active and the test is penetrating a web app, not a full box you need to own. If you have the time, money, and dedication go straight for the oscp, as it's $250 more than the eCPPT for 60 days lab access. If not then the eCPPT is fine, just be aware that the focus is on web app technologies. As for my background, I have no security Certs, have not worked in a Securuty related field and hold the MS-70-680/686 MCITP:EDA. I have followed computer security for the past 8 years as a hobby. One thing I highly recommend you purchasing and reading front to cover for the eCPPT is the 2nd edition of the web app hackers handbook. It has really helped me and I highly suggest it. (along with OWASP of course...)
-

On Sep 28, 2011, at 6:08 AM, Michael Richard <alfarichard (at) gmail (dot) com [email concealed]> wrote:

> Hi Alberto,
>
>
> I completely agree with Clement and Bandar.
>
> I'm a beginner in infosec too, and recently I passed the Security+
> exam. My next step will be the eLearningSecurity certification (eCPPT
> | http://www.elearnsecurity.com/). Why? Two answers:
>
> First, I personally belive that the CEH training don't really prepare
> you for the job, I come to this conclusion after a brief look at the
> material (version 6) and after read some reviews on the web. Basicly
> they cover too much about tools and too little about the technics
> itself.
>
> Second, the OffSec BackTrack is a little bit expensive for me right
> now, and I don't think I have the knowledge necessary to enjoy the
> course (is really a badass course :)
>
> I think a more hands-on approach will be far more benefic for my
> learning experience. So, the path I've chosen is this: Sec+ -> eCPPT
> (eLearn training) -> OSCP (Offsec training) -> OSCE (Offsec training).
>
> Here some reviews:
>
> CEH - http://www.ethicalhacker.net/content/view/54/24/
> eCPPT - http://www.ethicalhacker.net/content/view/307/24/ &
> http://www.darknet.org.uk/2010/05/elearnsecurity-online-penetration-test
ing-training/
> OSCP - http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,11
52.0/
> OSCE - http://linuxisp.co.uk/content/ctp
>
> Edit: Sending again because the list does not handle MIME messages.
>
> [ ]'s
>
>
> Michael Richard
> @alfarichard
>
>
> 2011/9/24 Alberto Medina <amedinaj (at) gmail (dot) com [email concealed]>
>>
>> Hi all,
>> I know maybe in this list you have talk a lot about CEH program, but I want to know what do you really think about this program (CEH)? Is this really useful to start in information security? And what do you think about the Sybex Study Guide, by "Kimberly Grave"?
>> I do this question because a couple of years ago I took the CompTIA Security+ exam and passed it, but I wanna to continue the preparation in the field of information security and Ethical hacking, and someone recommended me the "Certified Ethical Hacker" certification as a good way to continue the path, so a bought the Sybex Study Guide for the exam, but I don't see a lot of difference between the content of Security+ program and this one, I thought I'd find the CEH deeper in the subject than Security+ program.
>> In fact, I found this Sybex guide is not very actual, there's not any mention to Windows 7 or even Vista, the tools mentioned are kind of old, in the "cracking password" section they don't talk about rainbow tables, only a littler mention; in the "backdoor" sections she (the author) recommend adding an additional hard disk to the computer and boot from there for protection using the backdoor she mention, or buy a Windows netbook, but it's not better using a VM in for testing?
>> Anyway, I just want to know what you think about this program? If not, what do you recommend for continue the path to Ethical Hacking and Information Security.
>>
>> Thank you and best regards,
>> Alberto Medina
>>
>> (Excuse my English :) )
>>
>>
>> ------------------------------------------------------------------------

>> This list is sponsored by: Information Assurance Certification Review Board
>>
>> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>>
>> http://www.iacertification.org
>> ------------------------------------------------------------------------

>>
>
> ------------------------------------------------------------------------

> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

>

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

[ reply ]
Re: CEH program and Sybex Study Guide Oct 01 2011 09:36PM
Security Auditor (auditor sec gmail com)
RES: CEH program and Sybex Study Guide Sep 30 2011 02:17PM
Fabio Nascimento de Mello (fabio nmello totvs com br)
Re: CEH program and Sybex Study Guide Sep 26 2011 02:16PM
Clement Dupuis (clement dupuis gmail com) (1 replies)
Re: CEH program and Sybex Study Guide Sep 28 2011 03:37AM
Bandar Alharbi (bandar malharbi gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus