- This topic has 13 replies, 6 voices, and was last updated 10 years, 6 months ago by
.
-
Posts
-
-
-
-
Funny… I just asked ‘kind of’ similar in response to his other post.
Please do your best, ‘it experts’ to find a specific forum section, relative to your needs, and post once, only. It saves repetition… additionally, those of us who are regulars on here see posts in ALL forums, anyway, so I can assure you, we’ll see it, whichever forum you post it in, and if it’s NOT in a proper section, don or the moderators can move it…
-
Thanks for the reply and sorry for posting the subject twice.
my experience in security is manly with network security, i have lots of certification in this side (CCIE Security, Juniper Specialist, and others) you can say in the security as a (firewall, IPS, VPN, ..etc) i am expert in most of the top vendor.
Also i am expert in information security (I am CISSP, and CISM certified) and I am specialized in ISO 27001.
The week point I have is I do not have any experience in programming 🙁 .
Related to OS I have little knowledge
I am working as security consultant and would like to enhance my knowledge and be Penetration tester. For the pen testing I know the basic theory part but no hands on experience at all
My plan is to be a network pen testing then focus on application and DB pen testing. I start reading the bible in network security for Eric Col. And planning to go for SANS training after 2 months.
Now to achieve my aims to be expert in Pen testing. I need your support and guide of what to do and which training to take (SANS 504, 560)
BTW, my company depends on me to add this service to our customer. So please I do not want to let them down.
I hope thing become clear now 🙂 -
No worries, on the duplicate posts… was more or less just noting it, as a common courtesy! 😉
As for your knowledge range, you’ve got quite the resume there. With the knowledge you have, my personal experience says you could go ahead and go with the 560. I know you said you had little OS or programming experience, but if you truly have achieved CCIE Security and some of the others you’ve listed, I think you’ll be OK, and you can come up to speed, quickly enough, to go at 560.
Are you looking at vLive, or classroom? Obviously, the face-to-face experience, especially if you get Ed Skoudis teaching you, would be ‘best possible scenario.’ (Not that other instructors or methods wouldn’t suffice, as well, just that, coming in, cold, sometimes, having the instructor at your fingertips can be of benefit.)
Pentesting, full-time, you’ll eventually want to delve more into programming and such, as well as learning more of web application and programming languages, but I think the concepts and knowledge you’ll need will continue to build, with experience and further education / learning, as you grow with it.
Now, to be fair, I WILL say, I think you’d have an easier go at either of the SANS courses, if you first had Security+ and / or CEH, and had more fundamental base knowledge specific to this field. However, again, if you’re capable enough to hold the certs you list, I think you’ll be alright.
My opinions, anyway… ;D
-
-
-
-
Thanks all for the reply.
Actually, the 504 course will be run by: Ed Skoudis, and the course 560 by someone else and I am planning to go for SANS in Singapor , I am thinking to take the basic with Ed in 504 and I can continue self study and practice, and since he is the author of 560, defiantly I will get benefit and he will guide me to the right direction. The 560 course will be in London by some one else (that’s why I do not want to take it). Any way my concerns is if I take the 504 course with Ed, can I start doing pen-test for network or I need to attend 560???
Also can you help me in the following?
1. What is the best list of books to start and become expert in pen testing?
2. Any video or other resources I need?
3. What is the offsec course.Thanks again for your support and guide.
-
While there’s a lot of technical overlap between the two courses, they are taught from different perspectives. The difference is responding to someone attacking you and performing the attacks yourself. If you are going to be performing penetration testing, I strongly encourage you to take the 560. It covers other non-technical items that are important for penetration testers to know. Report writing, legal issues, providing value to organizations, etc. You can view a day-by-day breakdown of the topics covered at each course’s website. If you cannot attend locally, there are also vLive and On-Demand options where you can take the course remotely.
http://www.amazon.com/Professional-Penetration-Testing-Creating-Operating/dp/1597494259/ref=sr_1_1?ie=UTF8&s=books&qid=1281220361&sr=8-1 would be a good book to start with.
-
-
@Dark_Knight wrote:
I am currently reading Counter Hack Reloaded, and am finding that it’s basically the Sans 560.
Is it not to old (2006)?
I never read the book that why I am asking.
-
-
@impelse wrote:
@Dark_Knight wrote:
I am currently reading Counter Hack Reloaded, and am finding that it’s basically the Sans 560.
Is it not to old (2006)?
I never read the book that why I am asking.
Just a tad 🙂 It covers up to windows server 2003. However the attack principles are more or less the same.
To the OP, check out the OSCP offered by offsec.
-
- You must be logged in to reply to this topic.
