|
EH-Net
|
|
May 20, 2013, 01:56:53 PM
|
|
647
|
Ethical Hacking Discussions and Related Certifications / Other / Re: DefCon: What I liked and didn't like
|
on: August 05, 2010, 06:18:11 AM
|
@gnix, here are the presentations I liked: - Web Application Fingerprinting with Static Files
- My Life As A Spyware Developer Very Good
- Malware Freak Show 2: The Client-Side Boogaloo
- Hardware Hacking for Software Guys
- Repelling the Wily Insider
- You Spent All That Money And You Still Got Owned... Very Good
But again, I missed several presentations because the room was too full. So there may be other very good ones I didn't get to watch.
|
|
|
|
|
649
|
Ethical Hacking Discussions and Related Certifications / General Certification / Re: Most in-demand certifications
|
on: August 04, 2010, 06:10:45 PM
|
|
In Canada, the Communications Security Establishment (CSE) is more or less the equivalent of the NSA in the United-States. They are responsible for evaluating security professionals working for the canadian government. Here are the ONLY certs they value:
CISSP from (ISC)2 CISSP / ISSEP from (ISC)2 CISSP / ISSAP from (ISC)2 CISSP / ISSMP from (ISC)2 CISM from ISACA CISA GIAC / Any Silver audit certification GIAC / Any Gold audit certification GIAC / Any Silver management certification GIAC / GSFP, GEIT Gold management certification
We are always 5 years behind the american DoD...
|
|
|
|
|
652
|
Ethical Hacking Discussions and Related Certifications / Other / DefCon: What I liked and didn't like
|
on: August 01, 2010, 11:40:48 PM
|
Hey, I am still in Vegas and DefCon 18 ended a few hours ago. I wanted to let you know how it went, from my own point of view. As a note, DefCon 17 was my first DefCon last year. Here is what I liked this year:- Some presentations were so good (about 30%). You could tell when a presenter has been speaking at RSA, Schmoocon, BlackHat, etc. They are usually structured and entertaining.
- People are friendly and it is easy to start a conversation with pretty much everyone.
- Most hackers are real nerds. Next year, I propose a new challenge for the crowd: find the ugliest person. It would be pretty easy...
 Here is what I didn't like:- We were way to many for the Riviera Casino. Come on, already last year, we could barely moved in the hallway. This year, I missed 5 very, very interesting presentations because we were about a thousand waiting in the hallway!!! Everyone was very pissed about that...
- Because of the above problem, we didn't have enough time to go from the tracks 1,2,3 and 4 to track 5, which was separated from the others. 10 min wasn't enough.
- Compared to last year, a lot of presentations this weekend sucked: Bad speaker, no structure, taking about beer all the time, laughing at users, etc. I know it is DefCon and it is supposed to be "cool" and "underground", but there is a limit to human stupidity...
- We couldn't get "real food" around (but that I knew from last year) You get tired pretty quickly at eating hamburgers and cheap pizzas.
- People are so immature! I saw a guy getting drunk during his own presentation... Also, everyone is talking about "beer". They are between 30 and 45 years old and all they think is "I am going to have a beer tonight!". I was like that at 16... Come on, grow up!
- About 20% of the goons think they are super heros. Like anywhere else, put a t-shirt on a guy with the word "security" on it and look at his head getting bigger and bigger...
Bottom line, I paid my own airplane tickets (and it takes 10 hours, one way), paid the hotel, took 3 days off work to have about 5 good presentations of 50 minutes each. It cost me about $600/hour (I know I am pushing, butt still...). I could have had 10 good presentations, but the rooms were full. Next year, I will wait until the presentations are on the internet...
|
|
|
|
|
653
|
Ethical Hacking Discussions and Related Certifications / General Certification / Re: EC-Council validity
|
on: July 29, 2010, 06:46:28 PM
|
|
I think the real problem is that we compare all these certifications, along with their respective training. In my own humble opinion, Offensive-Security raised the bar a lot and other certifications/courses have an hard time competing with them. I think everyone will agree with me that OS:
- Answer email very quickly - Have a course that will challenge everyone - Have a courseware that is usable in real life - Is cheaper than almost all other certs/courses - And last but not least, you feel you have learned a lot once you get it!
In my opinion, CEH ranks lower than OSCP and SANS courses for most of the above points. I personally had to registered twice for the exam, NEVER got an answer from them (emailed and called many, many times!) and I had an hard time figuring out what was going to be in the exam.
So I kind of agree with all of you. CEH is good, but not great...
|
|
|
|
|
658
|
Ethical Hacking Discussions and Related Certifications / Web Applications / Re: Best WebApp Pentest Course?
|
on: July 25, 2010, 07:25:05 PM
|
|
Sil... Again, I couldn't thank you enough!
I am thinking exactly the same way as you do. I have always learn things by myself and again in this case, the wise thing for me to do is to continue doing just that.
I have already played with 75% of all the tools and targets you have mentionned in your email. In addition, I am only missing one book out of the list you provided at the bottom! All I need to do now is to read, understand and apply!!!
BTW, I was sitting at Def Con last year and watch Joe McCray make his presentation on Advanced SQL Injection! The world is small...
Thanks Sil, I will be reading in the next months!!!
|
|
|
|
|
Loading...
|