Hello everyone,

I am currently self studying for the CPTS exam,

Using Career Academy CTPS CBT,  VMware labs setup of Windows and Linux boxes, using backtrack 2, backtrack 3 and a hardened Windows Xp box with windows based tools, I am also reading and working with the Pen testers Open source Tool kit book, the anit hacker tool kit book, found stones hack me band for sql injection and de-ice pen test labs. As well as keeping myself updated with Hacking Illustrated and other good resources online. I have 7 years IT experience and have a passion for Network security.

My questions are as follows
1) Am I missing anything from my preparation? Feel free to suggest or tell me were I may be falling short.
2) I have been in contact with Miles2 support on sitting the exam but have a few concerns, has anyone bought the exam voucher from mile2 online without any issue with their credit card?

Thanks in advance 
C.S


 

Has anybody noticed the expert in the CEH v6 training video and the CPTS…is the same person; they are competing products, why?  Well let me bridge the gap of confusion… Organizational affiliation says a lot about a person’s ethics and morals, a person of this caliber would make a very obvious distinction in this area.  This expert now has a site of their own; and while you get training videos from some resellers…you will be blown away by what they have on offer.  Go check them out, www.secureia.com select learning portal, create an account or log in with guest access, select vendor sponsored training, select core impact…

I've seen Mile2's content and it is what it is. More of the same from everyone else with a different person wearing different corporate "shwagear." Rather than offer a review - because I've only seen their content, never taken their courses - I ask the following right now... What is your ultimate goal: learning to certify to make more money, learning just for the sake of understanding it, learning to know it and be the best at it, ? All three differ.

Learning to certify to make more money
I can't comment specifically on Mile2 since I've never taken their course, nor do I care to. Since this is money we're talking here, the solution to figure out the best route to go would be the all-seeing-money-eyeball... Dice

Dice Results for CPTS search? One job which had nothing to do with penetration testing, the CPTS you're thinking of... No need to bother searching "cpts security"

Dice Results for CPT? 1 - 16 of 16 results... Promising.

Other employment site:

JobSpider Results for cpts security. - NONE were related to Mile2
JobSpider Results for ceh security. - About 30
JobSpider Results for cpt security. - About 20

By the way, Mile2 was written about here: http://www.ethicalhacker.net/content/view/9/2/

This should give you an indication of which is better if you're solely focused on the financial aspect of it.

Learning for the sake of understanding it
You can't go wrong because quite frankly, anything you learn is good, even if what you learn is a bad thing (INSERT_BUDDHIST_VIEW THERE). In trying to just learn it for the sake of learning, then you're better off following whatever content THEY give to you through the course. You have to remember, they're giving the exam and no matter how wrong, convoluted, backwards, awkwards, etc.  it may seem to be, it's their exam. You will learn what they're teaching, whether its applicable or relevant is actually irrelevant. In order to pass their exam you need to understand what they WANT you to understand. Even if it is wrong. I've learned this going through CISM studies. "Don't argue with them, give em what they want..."

Learning to know it and be the best at it
I can sell you this course. However, it will take you the rest of your life in which you will need to dedicate no less than 50 hours per week which includes configuring, breaking and understanding everything from the ground up.

The course is brutal and involves heavy amounts of reading everything from RFC's to books you won't even care to read, but you will read them anyway as you will need to a heck of a lot, no matter how foreign it may seem. After my course, which consists of networking, A++ like material to understand what many view as stupidities nowadays (BIOS interrupts, etc.) you will come to appreciate these little tidbits when/if you come across forensics/IR/ring0 scenarios. "I didn't know I could parse out mem to hide things!", "I didn't know I could use the system against itself to compromise it!"

After building your machine from scratch, zapping yourself silly, toasting many-a-memory-chip-and-or-harddrives, you will then move on into hardcore networking CCDA + CCIE style. Regardless if you want to or don't want take a Cisco cert, networking is king. You'll know you're through with the networking portion at a mastered level because any time your spouse asks you for "the nearest ATM", you'll be confused for a moment as you initially think: VCI? HEC? 53 byte cells? "What the hell is my spouse talking about" You'll be able to run tcpdump or snoop in lieu of Wireshark/TShark and determine based off of TTL and DF the difference between Linux, Windows, Solaris. You'll also be confused as to why you just can't grep through the newspaper, run "find" on your refrigerator, rm trash, etc. This is normal and you will get used to not being able to run fsck on life's normal problems. Everyday will be a learning experience, you'll get no satisfaction as you'll never be satisfied.

Let me know your interest in this course be advised however it is brutal and you'll often be confused as to what role you want to play today. Because you end up knowing enough about many different aspects of computing, any company you work for will end up trying to minimize hiring someone else. Why should they smart ass, you can do it for them. On the flip side, you could always say jumpSalaryjump and they WILL say how high.

Sorry I should've lumped this response in my other rambling. BillV I will have to greatly disagree on this statement "I agree with crk, Mile2 has always seemed somewhat shady to me" Regardless if they seem shady, they're not as marketed as EC-Council is. There was a thread on a site a long time ago called "Run Away from the C|EH Certification" (http://it.toolbox.com/blogs/securitymonkey/run-away-from-the-ceh-certification-9639) where the author based on his opinions pretty much summed up the C|EH the same way you do Mile2.

What it all comes down to is content. Bottom line from the learning perspective. Who is teaching the content and how applicable it is. For example, most people are like deer in headlights when it comes to the CPT, CEPT, CREA, etc.. "Who is IACRB again?" I can tell you first hand from experience taking their courses, the content is 100% legit for the learning aspects and is by far one of my most prized certs in terms of value. You WILL not get certified without actually knowing since its a two part exam, written and a practical (OSCP anyone). For my practical I had to write my own exploit to compromise a Bastille hardened machine in which I found ZERO exploits publicly available. Now trust me when I say this, I searched high and low and for exploits and the kicker is... For this one machine I had a low level access and needed to escalate privileges. Again: NO FOUND EXPLOITS IN THE WILD. dot dot dot

Who is IACRB? Well, most of them are the guys who wrote the book on much of what is asked here:

Andres Andreu author: Professional Pen Testing for Web Applications (Programmer to Programmer)
Jack Koziol author: Intrusion Detection with Snort, The Shellcoder's Handbook: Discovering and Exploiting Security Holes (grandaddy of shellcoding books)
Keatron Evans author: Chained Exploits: Advanced Hacking Attacks from Start to Finish
Jeremy Martin: CISSP-ISSMP/ISSAP, NSA-IAM/IEM, CEI-CHFI/CEH/ECSA/LPT, CEPT/CPT/CASS/CDRP/CSSA/CREA, CHS-III, CCNA+Security (http://www.linkedin.com/in/infosecwriter)

And there are other trainers there. You WILL learn and get your money's worth. Now take note: I HAVE ZERO affiliation with them, no endorsements to speak for them, no ties, nothing. I can tell you first hand, any of their courses will make you better at any topic they're teaching you.

Let's have a "step back" look at this for a moment using member armando's (http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/action,profile/u,21203/) new course Penetration Testing Pro (http://www.elearnsecurity.com) which was reviewed: http://www.ethicalhacker.net/content/view/311/8/ ... According to other's it's "what the CEH should be..." From an outsiders view if I went there on my own accord, I might say the same thing "something smell's shady, what's up with their website... who is Armando..."

Bottom line, don't judge a website by its webpage Personally, it all boils down to the trainer. I have a friend named Larry Greenblatt, runs the sickest most intense infosec classes for CISSP's, CISM's and the likes called Cyberkungfu... Many from my industry (pentesting/breakers/sysadmins/engineers... hackers...) would be like: "WTH is a Cyberkungfu and what the hell is up with this class..." (http://www.internetworkdefense.com/) Know something... I'd LOVE to spend one or two weeks sitting at any of his bootcamps/classes/courses as I can attest to his quality and expertise... I can't vouch for his website (sorry Larry if you ever stumble on this ) but his content is rock solid.

So as for Mile2, regardless of their content, I'd be more concerned with the instructor as content... You can learn this portion on your own if you have the patience.

Jeremy Martin taught my CEH class. He was an awesome instructor. I did the CEH with Infosec by the way.