thanks for the info. i guess now i know which phone to get next got a Nokia N95 for the powerfull wifi and to toy around. i have to get more into it, but other things first...

no problem! and know your way with tooling (nmap, snort, etc.) required by EC-Council!

don't forget packetstorm!

i used both books to prepare me for the 5 day training i took and yes, both of them are good material. i think the CEH exam prep was a little short, but it contains good documentation. if you study hard with these books, and take some exam practice tests, you will probably do just fine!

ah...skipping class....the good old days...i can tell you that gets a lot harder when youre on the payroll

anyway here's some advice. i was in the same package about a year ago: got my master degree, was interested in security, now what...i joined one of the big IT organizations that are stationed in my country. the advantage you have is you can move around within the organization. i'f youre interested in...say access control, you can specialize in that area, but if you want to do consulting on another area, you can go to consulting. ofcourse this is different in many organizations and most of them dont want you to swich often, but most of them stimulate motivation and the opportunity to grow within the company.

good luck and welcome to EH.net!

bummer cmattmiller. jus think of it as an extra mile opportunity!

Ryan's articles have convinced me to sign up for this course. i'm waiting for response on the budget. at this point i'm so stoked i probably will sign up anyway even if i have to pay for it myself. the only question is when! (maybe i'll team up with hayabusa, two knows more then one right? )

congratulations Ryan! way to go on the perfect score!

i have read your articles with great pleasure! however, i got a question: depending on your pre-knowledge, how do you compare the CEH certificate to the OSCP regarding to difficulty? and how does this allign with GPEN?

just found out at Offensive security that version 3.0 of OSCP will be available at mid-march! some info:

The Offensive Security team is excited to announce the release date of v3.0 of the Pentesting With BackTrack Course.  On March 21, 2010 the course will be made live. The team has worked overtime to ensure the videos and labs are better than ever. With new modules, more in depth explanations and a new rich lab environment, this will prove to be a very exciting release.

Whats new in PWB v.3.0 ?

Aligned with BackTrack 4
New Video recordings, updated courseware
New Lab environment, doubled in size, modern OS’s added
Added storylines to the lab, simulating a realistic corporate environment
In depth Buffer Overflow module, including Linux Buffer Overflows
New Web Application Attack modules
The updated syllabus will be made available online on the 21st of march.

already informed my manager, lets see if i can get some budget

i did some extra research on this and i found out we have a separate document for this which is called "vrijwaringsverklaring" in dutch. when i read through it i see a lot of lawyer talk so i guess we have that part pretty good covered.

i also took a look at Mr. skoudis' tempate. it looks good, pretty straigthforward. however, i think it would be a good addition to specify it a little more (for example, mention the C.I.A. criteria to point out what could happen to the data and who's responsible for it). i'd really like to add some things, but time isnt really on my side at the moment...

ah, i see. thank you for clearing this out!

my thoughts exactly! i just found out that V3.0 will be available mid-march so i'm planning to sign up for the 60day version!

at my organization we have these requirements added to the NDA (non disclosure agreement) which we add to the contract. we require for the organization that requested the "ethical hack" to sign this agreement anyway so we extended it with all the "lawyer stuff". then again we have a completely different court system in Europe. its a pretty simple straightforward document but in dutch of course.

good to see they get the recognition. i remember something about another cert with a different name (with the same content) specialized for the us goverment. does this mean ceh is generally accepted? it a little bit "a long way from home" story for me. however, if i got a good offer, i would be there in no time!

all sounds very familiar! sometimes when i want to order stuff on the internet and see oscommerce i get suspicious! however, i think you can throw that kensington lock away, or did you get some improved version?

http://www.youtube.com/watch?v=0SkKJ4yOKo8

uhm...werent we all "ethical"?  and what i learn from most hollywood movies is that the profession is hyped ALOT! remembering flashy screens, countdown timers until youre traced etc. good example:



the only situations i can think of are the following: or you succeed, or you dont. worst case scenario is you knock down a few (production) servers. and for that we have the NDA with an additional responsiblity part wich summons the following: for whatever I do, YOUR responsible