HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 53 guests online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow General Certificationarrow Heorot.net Intermediate Penetration Testing Course Vs Offensive security
EH-Net
May 21, 2013, 12:13:08 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: 1 [2]   Go Down
« previous next »
  Print  
Author Topic: Heorot.net Intermediate Penetration Testing Course Vs Offensive security  (Read 14426 times)
0 Members and 1 Guest are viewing this topic.
Kev
Sr. Member
****
Offline Offline

Posts: 428


View Profile
« Reply #15 on: September 11, 2009, 07:58:02 PM »
I thought I would throw in my 2 cents and recommend the Heorot training. I am familiar with both and they are equally good, actually I would say you should do both if you are truly serious.  What I like about the Heorot training is the real life scenarios he uses.  Exploits are kept to a minimum.  In the last 2 years of pentesting I can say very few breaches were made by exploits and those few were made with browser exploits. Perhaps someone here has a different experience?   If someone thinks you can arrive at a pentest and launch their metasploit autopwn and that’s it, well that is a huge disservice to their client. Just what I have encountered. 
Logged
Jhaddix
Sr. Member
****
Offline Offline

Posts: 317



View Profile WWW
« Reply #16 on: September 11, 2009, 09:24:45 PM »
This is true, real world "pentesting" is about risk assessment, configuration testing, and vulnerability testing. It's not so much about exploitation (although it IS the fun part). Most of the time the exploitation is done in the webapp side or clientside type of tests. It really depends on the scope but we have very few clients who will let us exploit production machines, which sucks because after we clear the DMZ we know we'll find juicy systems =(
Logged
GSEC, GPEN, GWAPT, ECPPT, WAHHlive, LSOAdvancedPenTester

http://www.securityaegis.com
http://www.pentesterscripting.com
http://code.google.com/p/pentest-bookmarks/
Kev
Sr. Member
****
Offline Offline

Posts: 428


View Profile
« Reply #17 on: September 11, 2009, 10:14:01 PM »
Well said Jhaddix. I agree exploits are the fun part.  Cracking a password just doesn’t have the same feel to it as rooting a box with an exploit.  Hmm, I wonder why that is?
Logged
T_Bone
Full Member
***
Offline Offline

Posts: 199


View Profile
« Reply #18 on: September 12, 2009, 03:02:01 AM »
Thanks Kev, Jhaddix

These are the responses i was looking for really as i wanted to perform whichever course is likely to help me progress in the pen testing field.  As posted previously I would have liked to have done the GPEN as it goes through the pen testing methodology used but was only able to get on the GCIH as a facilitator which is still very good but doesn't cover report writing and stuff like determining what vulnerabilities are classed as "critical" "High" etc as you would need to understand for a pen test.  It does explain how to protect systems against attacks which is obviously very important to understand as a pen tester so that you can advise what needs to be put in place.
Logged
alucian
Full Member
***
Offline Offline

Posts: 225



View Profile
« Reply #19 on: September 15, 2009, 12:56:37 AM »
Hello guys,
If I really well understand, according to Jhaddix and Kev, it is better to do Heorot training in order to be able to do a good job as pentester (I mean to be able to work as a consultant and to do a good job, and not to be some security guy on a company's payroll). This training seems to give the business knowledge of the job, besides the technical skills.
I'd like to do both of their levels, but because I have to pay for them by myself it is a big problem.   Cry

Maybe I will wait to see what elearnsecurity will bring to the scene (a combination of both Heorot's levels wold be nice).

In the mean time I am doing OSWP and starting to read Fyodor's book.

Good luck to everybody.
« Last Edit: September 15, 2009, 12:59:13 AM by alucian » Logged
CISSP ISSAP, CISM/A, GWAPT, GCIH, eCPPT, OSWP
Pages: 1 [2]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.07 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.