Fw: Ethical Hacking Courses

["Peter Mercer" <inom () ozemail com au>]

----- Original Message -----
From: "Peter Mercer" <inom () ozemail com au>
To: <mht () clark net>
Sent: Monday, May 14, 2001 9:31 AM
Subject: Re: Ethical Hacking Courses


> My 2 cents worth
>
> While there are several course on the market today that teach the
techniques
> and tools behind hacking none of them can teach you to be a hacker / Pen
> tester. The best they can do is teach and expose you to the tools and how
> some of the most commonly used vulnerabilities work.
>
> If you are looking to go to a course and come away a fully qualified Pen
> Tester you may be a little disappointed.
>
> What a course form any one of the mentioned vendors ( I have done a few
they
> are all good) can hopefully teach you is to think outside the square. The
> course will teach you effective ways to gather information but only you
can
> look at that information then look and look again and say "Ok what can I
do
> with the information I have in front of me".
>
>  It's this part that you need as a Pen Tester / Hacker. It's statements
like
> "If we just tried to do this, maybe......." that will get you there. I
would
> as I have said in past email only credit 20 % to the scanners / tools
> available and 75% to the grey matter scanner you were born with. (Last 5
> present you ask, that's easy, Coffee).
>
> If you go to the old l0pht crack site there is a wonderful quote from MS
> somewhere on the page that I think say's a lot about what I am trying to
get
> to here.
>
> "Microsoft has claimed such a feat would take millions of years".
>
> Millions of  years, darn lets give up now I'll miss basket ball training.
> Well we all know that this was not the case. As I said before they
gathered
> the info then did a lot of lateral thinking and quick as you can say
> "Mudgenski Von Splat"
>
> They had a solution, answer then tool.
>
> The "thinking /grey matter" was by far the greatest part.
>
> Go to the course they are great as a primer but learn more than just how
to
> use the tools on show learn to think out side the square.
>
> Peter Mercer / in0m
>
> <Insert risk management here> Of course I reserve the right to be
completely
> wrong.
>
>
>
>
>
> ----- Original Message -----
> From: <mht () clark net>
> To: "Osborne-1, Brett" <Brett.Osborne-1 () ksc nasa gov>; "Talisker"
> <Talisker () networkintrusion co uk>; "Penetration Testers"
> <PEN-TEST () SECURITYFOCUS COM>
> Cc: "Crumrine, Gary L" <CrumrineGL () state gov>
> Sent: Wednesday, June 13, 2001 1:34 AM
> Subject: RE: Ethical Hacking Courses
>
>
> > Argghh...
> >
> > The Ultimate/Ethical Hacking course was originally developed at a former
> > Big N organization and then re-created from scratch at E&Y.  The
founders
> > of Foundstone who were the authors of the material E&Y again
> > re-created/updated the material from scratch at Foundstone.  E&Y and
> > Foundstone had a falling out about the name, so therefore E&Y got to
keep
> > the name Ethical Hacking and Foundstone changed their course to Ultimate
> > Hacking.
> >
> > Material keeps on getting updated to keep up with the latest script
> > kiddies, etc..
> > "Through the router, through the firewall, into the corporations we go"
> was
> > tutorial by some of the original writers of the material presented at
one
> > of the local security conferences in order to polish up the material
> before
> > offering the course to the massess.
> >
> > The course helped acquire the right material and enthusiasm to get the
> > publisher's primed to publish Hacking Exposed and then Hacking Exposed
II.
> > /hope this helps
> >
> > Anyways, the course currently offered by Foundstone lacks some of the
> > fundamentals on why and where, and history for the reason why security
> > exploits are so abudant in the wild, but offers plenty of hands-on
time..
> > I often wonder why organization don't offer courses like "Impractical
> > Internet Security" or "Useless NT/2000 Security tools that won't help
some
> > script kiddie from breaking your web server"  Those sound like fun
courses
> > to teach.. :)
> >
> >
> > At 09:01 AM 6/12/2001 -0400, Osborne-1, Brett wrote:
> > > Verisign also conducts a similar course:
> > > http://www.verisign.com/training/courses/hacking/index.html
> > >
> > > Brett Osborne
> > >
> > > -----Original Message-----
> > > From: Talisker [mailto:Talisker () networkintrusion co uk]
> > > Sent: Monday, June 11, 2001 12:47 PM
> > > To: Penetration Testers
> > > Subject: Ethical Hacking Courses
> > >
> > >
> > > Hi
> > >
> > > I'm currently looking at the various ethical hacking courses that are
on
> the
> > > market.
> > >
> > > Are there any thoughts from you pen testing gurus about which is the
> best.
> > > I've heard about the ISS Ethical Hacking Course and Foundstones
Ultimate
> > > Hacking Course, both are 4 days and similar in price, are there any
> others?
> > > Would it be better value to mix and match at Sans or attend Defcon, has
> > > anyone out there compared the merits of the various courses.
> > >
> > > Take Care
> > > Andy
> > > URLs purposefully suppressed, had my monthly quota  ;o)