Re: Pen test courses

From: oherrera (oherreraat_private)
Date: Mon May 26 2003 - 11:36:41 PDT

  • Next message: JC: "Re: Pen test courses"

    There are a lot of good (or acceptable) penetration testing
    training courses around and I'm sure that by the time this
    mail reaches the server others will have allready commented
    something about them.
    
    Still I would recommend that you build your own training lab
    (If you could spend a hub and a few old machines with
    different O.S. that might suffice, for a start...).
    
    In most (if not all) training courses that I'm aware of, you
    end up with machines and software that rea ready to go...
    all has been tested before and if something fails it is
    usually because the teachers didn't do their job very well,
    but you won't learn how to deal with tunning code yourself
    there.
    
    Most of the time exploits that you intend to run after just
    downloading them from the Internet won't compile or won't
    work the first time, and there is a lot to learn by reading
    and fixing the code yourself (I've seen both mastepieces of
    code and really horrible programming abortions).
    
    Also, I believe this is the way to go if you start writing
    your own tools and exploits to grow your pentest kit.
    
    My .2 cents...
    
    Omar Herrera
    
    > Hi,
    > could you recommend me some valuable PenTest training ?
    > I know already how to use nmap, ping/traceroute, nessus,
    > hping, nemesis, tcpdump/ethereal, ettercap, I know how to
    > do passive fingerprint of OS, use various honeypots etc.
    > etc.  However, there is always something new to learn, I'm
    > sure. I did some research of available training courses on
    > the Internet and I'm not sure which could be valuable to
    > me, as I do not need to spend time learning 'nmap -vv -sS
    > -P0 x.x.x.x'. Besides programming skills and researching
    > new vurneabilities (and keep running on learing track), is
    > there any good training out there ? Thanks a lot
    >
    > Petr Ruzicka
    >
    > ----------------------------------------------------------
    > ----------------- *** Wireless LAN Policies for Security &
    > Management - NEW White Paper *** Just like wired networks,
    > wireless LANs require network security policies  that are
    > enforced to protect WLANs from known vulnerabilities and
    > threats.  Learn to design, implement and enforce WLAN
    > security policies to lockdown enterprise WLANs.
    > To get your FREE white paper visit us at:
    > http://www.securityfocus.com/AirDefense-pen-test
    > ----------------------------------------------------------
    > ------------------
    
    ---------------------------------------------------------------------------
    *** Wireless LAN Policies for Security & Management - NEW White Paper ***
    Just like wired networks, wireless LANs require network security policies 
    that are enforced to protect WLANs from known vulnerabilities and threats. 
    Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.
    
    To get your FREE white paper visit us at:    
    http://www.securityfocus.com/AirDefense-pen-test
    ----------------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Mon May 26 2003 - 12:16:55 PDT