Very noobish question, yet again.

Does the CEH have a hands on aspect to the exam? Also does anyone have any particular areas to focus on before taking the exam from experiance? Is this just mostly memorization?

Okay - As companies are continually being attacked by either internal espionage or cyber attacks from the outside, it seems pretty safe to say that cyber defense is a big part of security.
 
What skillset/certifications would you recommend to someone looking to perform this job instead of penetration testing?

I'm new to the CEH exam and just finished reading and studying a Sybex book that would prepar someone for the 312-50 and EC0-350. I saw a lot of talk about CEH v7 and wasn't sure which exam the study material I have would map to?

I'm going to start doing labs and setting up some stuff at home, I just wasn't sure what was on the test or what was mapped to the one I was going to hopefully take.

I heard that there was a lot of weird questions in the CEH, should I wait until the next one comes out?

Thank You!!

So once a site has HTTPS the credentials are safe from there? Are you encrypted the entire time you're on the site? Or are there sites that go between HTTP and HTTPS?

When you're going through HTTPS are the cookies being sent through a the SSL tunnel? Is this right?

I'm very interested in this and if anyone can help with some of the more "fine" details on how this tool works please let me know.

I'm assuming that this is based off the cookies that are being thrown up to the open wifi "hub".

I saw many responses to "HTTP everywhere", which is another interesting topic. Many of this is new to me and I'd love to hear more about these topics from any of the more "seasoned" members.

Okay - I'm not sure that this is the right forum for this, but I'm curious as to how firesheep works.

I tested the application on my wireless router which I downgraded to wep which allowed this vulnerablity to work. My understanding of this is that for sites that aren't completely HTTPS or HTTP this tool will allow you to hijack there session.

My question is how is this taking place? Are these for sites that secure your credentials intially at logon and than aren't HTTPS afterwards? Is the information being sniffed by cookies being sent over the wireless? How can you defend against this?

I understand the networking here since the AP acts like a hub, I was more intereted as to what was being sniffed out with this tool.

thanks.

Thank you Grendel - Are there tutorials or challenges with the De-Ice disks? I'm starting to get into pen testing and I was curious if there was any help with learning these techniques.

Thanks again.

Okay - Thanks to everyone in this forum I just downloaded and installed Hackerdemia within Ubuntu and got it up and working. There is a lab there thats hosted that show a few tutorials on Netcat, Nmap, and Hydra (this one doesn't work). Are there any other labs? For Hackerdemia that you can follow?

Would De-Ice be better?

Quick question......

What are the differences between Hackerdemia and De-Ice Live CD?

Thanks

Thank you all for your help. I can't wait to get started!!!

I'm going to be setting up a test lab using VMware server on my workstation to play around with. Does anyone any suggestions on labs or setups that would be most helpful? I want to play around and watch how things work.

Any thoughts would be greatly appreciated.

Thanks,

Matt

I've read about Dynamic port scanning, but the I thought that the spoofed IP's needed to be within the same subnet? Cany anyone help me out here?

thanks

Are positions in cyber warefare normally restricted to people with military experiance?

This is a great forum!! I actually just came here to ask a question regarding which exam to take first, the CEH or OSCP and I'm pretty sure thats been answered already.

My other question is this, I've been in the IT field now for 7 years with the past 1 1/2 years being in the infosec side of IT (Managing IPS/Firewalls/Anti-Virus/Web filters/SIEM, etc..) But I don't have any real pen testing experience to go along with that. 

I've administrated a Windows/VMware/Cisco/CheckPoint network, but is that going to prepare me enough to even attempt the OSCP? I have some linux knowledge and really no coding experience except from college way back.

I'm going to attempt the CEH first, but what I'm concerned with is being ill prepared to start the OSCP after that. This is something I really want to attempt to get the hands on knowledge of pen-testing, but I want to make sure its the wise thing to do at the time.

Any advice?

Thanks!!!

Thank you my friend!!

Actually the database admin has approached us and wants this done, so we're kinda in a different boat.

I've already scheduled a meeting for him to go over what they're currently doing, what he'd like to see, and whats to be expected.

Thanks!!