----- Original Message ----- From: "Peter Mercer" <inomat_private> To: <mhtat_private> Sent: Monday, May 14, 2001 9:31 AM Subject: Re: Ethical Hacking Courses > My 2 cents worth > > While there are several course on the market today that teach the techniques > and tools behind hacking none of them can teach you to be a hacker / Pen > tester. The best they can do is teach and expose you to the tools and how > some of the most commonly used vulnerabilities work. > > If you are looking to go to a course and come away a fully qualified Pen > Tester you may be a little disappointed. > > What a course form any one of the mentioned vendors ( I have done a few they > are all good) can hopefully teach you is to think outside the square. The > course will teach you effective ways to gather information but only you can > look at that information then look and look again and say "Ok what can I do > with the information I have in front of me". > > It's this part that you need as a Pen Tester / Hacker. It's statements like > "If we just tried to do this, maybe......." that will get you there. I would > as I have said in past email only credit 20 % to the scanners / tools > available and 75% to the grey matter scanner you were born with. (Last 5 > present you ask, that's easy, Coffee). > > If you go to the old l0pht crack site there is a wonderful quote from MS > somewhere on the page that I think say's a lot about what I am trying to get > to here. > > "Microsoft has claimed such a feat would take millions of years". > > Millions of years, darn lets give up now I'll miss basket ball training. > Well we all know that this was not the case. As I said before they gathered > the info then did a lot of lateral thinking and quick as you can say > "Mudgenski Von Splat" > > They had a solution, answer then tool. > > The "thinking /grey matter" was by far the greatest part. > > Go to the course they are great as a primer but learn more than just how to > use the tools on show learn to think out side the square. > > Peter Mercer / in0m > > <Insert risk management here> Of course I reserve the right to be completely > wrong. > > > > > > ----- Original Message ----- > From: <mhtat_private> > To: "Osborne-1, Brett" <Brett.Osborne-1at_private>; "Talisker" > <Taliskerat_private>; "Penetration Testers" > <PEN-TESTat_private> > Cc: "Crumrine, Gary L" <CrumrineGLat_private> > Sent: Wednesday, June 13, 2001 1:34 AM > Subject: RE: Ethical Hacking Courses > > > > Argghh... > > > > The Ultimate/Ethical Hacking course was originally developed at a former > > Big N organization and then re-created from scratch at E&Y. The founders > > of Foundstone who were the authors of the material E&Y again > > re-created/updated the material from scratch at Foundstone. E&Y and > > Foundstone had a falling out about the name, so therefore E&Y got to keep > > the name Ethical Hacking and Foundstone changed their course to Ultimate > > Hacking. > > > > Material keeps on getting updated to keep up with the latest script > > kiddies, etc.. > > "Through the router, through the firewall, into the corporations we go" > was > > tutorial by some of the original writers of the material presented at one > > of the local security conferences in order to polish up the material > before > > offering the course to the massess. > > > > The course helped acquire the right material and enthusiasm to get the > > publisher's primed to publish Hacking Exposed and then Hacking Exposed II. > > > > /hope this helps > > > > Anyways, the course currently offered by Foundstone lacks some of the > > fundamentals on why and where, and history for the reason why security > > exploits are so abudant in the wild, but offers plenty of hands-on time.. > > > > I often wonder why organization don't offer courses like "Impractical > > Internet Security" or "Useless NT/2000 Security tools that won't help some > > script kiddie from breaking your web server" Those sound like fun courses > > to teach.. :) > > > > > > At 09:01 AM 6/12/2001 -0400, Osborne-1, Brett wrote: > > >Verisign also conducts a similar course: > > >http://www.verisign.com/training/courses/hacking/index.html > > > > > >Brett Osborne > > > > > >-----Original Message----- > > >From: Talisker [mailto:Taliskerat_private] > > >Sent: Monday, June 11, 2001 12:47 PM > > >To: Penetration Testers > > >Subject: Ethical Hacking Courses > > > > > > > > >Hi > > > > > >I'm currently looking at the various ethical hacking courses that are on > the > > >market. > > > > > >Are there any thoughts from you pen testing gurus about which is the > best. > > >I've heard about the ISS Ethical Hacking Course and Foundstones Ultimate > > >Hacking Course, both are 4 days and similar in price, are there any > others? > > > > > >Would it be better value to mix and match at Sans or attend Defcon, has > > >anyone out there compared the merits of the various courses. > > > > > >Take Care > > >Andy > > >URLs purposefully suppressed, had my monthly quota ;o) > > >
This archive was generated by hypermail 2b30 : Tue Jun 12 2001 - 22:45:03 PDT