Penetration Testing mailing list archives
Fw: Ethical Hacking Courses
From: "Peter Mercer" <inom () ozemail com au>
Date: Mon, 14 May 2001 11:26:31 +1000
----- Original Message ----- From: "Peter Mercer" <inom () ozemail com au> To: <mht () clark net> Sent: Monday, May 14, 2001 9:31 AM Subject: Re: Ethical Hacking Courses
My 2 cents worth While there are several course on the market today that teach the
techniques
and tools behind hacking none of them can teach you to be a hacker / Pen tester. The best they can do is teach and expose you to the tools and how some of the most commonly used vulnerabilities work. If you are looking to go to a course and come away a fully qualified Pen Tester you may be a little disappointed. What a course form any one of the mentioned vendors ( I have done a few
they
are all good) can hopefully teach you is to think outside the square. The course will teach you effective ways to gather information but only you
can
look at that information then look and look again and say "Ok what can I
do
with the information I have in front of me". It's this part that you need as a Pen Tester / Hacker. It's statements
like
"If we just tried to do this, maybe......." that will get you there. I
would
as I have said in past email only credit 20 % to the scanners / tools available and 75% to the grey matter scanner you were born with. (Last 5 present you ask, that's easy, Coffee). If you go to the old l0pht crack site there is a wonderful quote from MS somewhere on the page that I think say's a lot about what I am trying to
get
to here. "Microsoft has claimed such a feat would take millions of years". Millions of years, darn lets give up now I'll miss basket ball training. Well we all know that this was not the case. As I said before they
gathered
the info then did a lot of lateral thinking and quick as you can say "Mudgenski Von Splat" They had a solution, answer then tool. The "thinking /grey matter" was by far the greatest part. Go to the course they are great as a primer but learn more than just how
to
use the tools on show learn to think out side the square. Peter Mercer / in0m <Insert risk management here> Of course I reserve the right to be
completely
wrong. ----- Original Message ----- From: <mht () clark net> To: "Osborne-1, Brett" <Brett.Osborne-1 () ksc nasa gov>; "Talisker" <Talisker () networkintrusion co uk>; "Penetration Testers" <PEN-TEST () SECURITYFOCUS COM> Cc: "Crumrine, Gary L" <CrumrineGL () state gov> Sent: Wednesday, June 13, 2001 1:34 AM Subject: RE: Ethical Hacking CoursesArgghh... The Ultimate/Ethical Hacking course was originally developed at a former Big N organization and then re-created from scratch at E&Y. The
founders
of Foundstone who were the authors of the material E&Y again re-created/updated the material from scratch at Foundstone. E&Y and Foundstone had a falling out about the name, so therefore E&Y got to
keep
the name Ethical Hacking and Foundstone changed their course to Ultimate Hacking. Material keeps on getting updated to keep up with the latest script kiddies, etc.. "Through the router, through the firewall, into the corporations we go"wastutorial by some of the original writers of the material presented at
one
of the local security conferences in order to polish up the materialbeforeoffering the course to the massess. The course helped acquire the right material and enthusiasm to get the publisher's primed to publish Hacking Exposed and then Hacking Exposed
II.
/hope this helps Anyways, the course currently offered by Foundstone lacks some of the fundamentals on why and where, and history for the reason why security exploits are so abudant in the wild, but offers plenty of hands-on
time..
I often wonder why organization don't offer courses like "Impractical Internet Security" or "Useless NT/2000 Security tools that won't help
some
script kiddie from breaking your web server" Those sound like fun
courses
to teach.. :) At 09:01 AM 6/12/2001 -0400, Osborne-1, Brett wrote:Verisign also conducts a similar course: http://www.verisign.com/training/courses/hacking/index.html Brett Osborne -----Original Message----- From: Talisker [mailto:Talisker () networkintrusion co uk] Sent: Monday, June 11, 2001 12:47 PM To: Penetration Testers Subject: Ethical Hacking Courses Hi I'm currently looking at the various ethical hacking courses that are
on
themarket. Are there any thoughts from you pen testing gurus about which is thebest.I've heard about the ISS Ethical Hacking Course and Foundstones
Ultimate
Hacking Course, both are 4 days and similar in price, are there anyothers?Would it be better value to mix and match at Sans or attend Defcon, has anyone out there compared the merits of the various courses. Take Care Andy URLs purposefully suppressed, had my monthly quota ;o)
Current thread:
- Ethical Hacking Courses Talisker (Jun 11)
- <Possible follow-ups>
- RE: Ethical Hacking Courses Osborne-1, Brett (Jun 12)
- RE: Ethical Hacking Courses mht (Jun 12)
- RE:Ethical Hacking Courses George Milliken (Jun 12)
- Re: RE:Ethical Hacking Courses Shoten (Jun 12)
- RE:Ethical Hacking Courses John Doe (Jun 12)
- RE:Ethical Hacking Courses William Knowles (Jun 13)
- Fw: Ethical Hacking Courses Peter Mercer (Jun 12)