.

New guy with a lot of questions...

<<

york_daro

Newbie
Newbie

Posts: 9

Joined: Sun Aug 26, 2007 12:26 pm

Post Sun Aug 26, 2007 2:46 pm

New guy with a lot of questions...

Hello, I'm new here... I was reading some topic here and I see it's an interesting board ... I've already learnt some things from here :)

But I want to ask You some questions... I'm thinking about those Certifications... I like security news.. I'm interested in that... about programming I know Delphi, Pascal, SQL, a little ASM, html, php... also not too much about Linux (basics)...

Is it worth trying to get any of the certicicates ?

I'm from poland... CEH is something new here but I see some interesting words about OSCP...

I want to raise up my knowledge about security.. But I know that programming Delphi and repairing broken computers/printers is not enough 4 me :-]

What would You recommend ?

Regards
Darek
<<

Kev

Post Mon Aug 27, 2007 12:08 am

Re: New guy with a lot of questions...

What is your goal?  Security? Programming?  I would recommend security. Security with strong network and programming skills will set you above the crowd. Programmers are starting to lose work as more jobs are being outsourced  to other countries, but security is still a "hands on" requirement. So yes, go for your CEH and follow the curriculum. 
<<

york_daro

Newbie
Newbie

Posts: 9

Joined: Sun Aug 26, 2007 12:26 pm

Post Mon Aug 27, 2007 1:47 am

Re: New guy with a lot of questions...

But from what I heared OSCP is better to begin with than CEH? and CEH is valid only for 2 years? Also... would it be better  (if I decide to of course) to buy first video materials and then when I feel ready go for the exam?

I don't think If I could get through the exams...

I have some CEH materials (Video DVD, Lab 3.0 and reviews) from my friend just to see what I'm up against but I'm thinking about buying V5.0...

what would you prefer starting with? CEH or OSCP?
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Mon Aug 27, 2007 7:46 am

Re: New guy with a lot of questions...

I don't think I would say that one is necessarily better than the other. OSCP focuses on BackTrack and BackTrack only. BT is a great tool in itself, but there are also many others out there.

CEH will be valid for 3 years starting January of '08. At that time, you'll be required to earn continuing education credits to retain your certification, along with a $50 annual fee.

It's also been said on here that the OSCP course is not for beginners to Linux. I don't know if I agree with that or not though. I think someone new to Linux could pick up everything that the OSCP course covers fairly easily, but I had prior experience too.

I did the CEH course before taking the OSCP course. There are good points to both, and I took information away from each.
<<

york_daro

Newbie
Newbie

Posts: 9

Joined: Sun Aug 26, 2007 12:26 pm

Post Mon Aug 27, 2007 8:14 am

Re: New guy with a lot of questions...

maybe other way :)

the CEH video is downloadable ;) and other materials are downloadable ;)

then tell me... does the certificate gives anything else, not only a title?
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Mon Aug 27, 2007 9:28 am

Re: New guy with a lot of questions...

I don't know. I know I've had mine for some time now, but don't use those type of skills at work. I handle various security-related projects, but I'm not really sitting around hacking stuff all day.

And FYI (before you waste time with the CEH videos) they're not that good.
<<

york_daro

Newbie
Newbie

Posts: 9

Joined: Sun Aug 26, 2007 12:26 pm

Post Mon Aug 27, 2007 1:03 pm

Re: New guy with a lot of questions...

I can see that... hmmm.. some interesting information/tools could be very usefull and a little theory i can get too :)

So I see that all the knowledge are books, and own tests...
the boot camps and Certificates - I think it's just a waste of money (better go with your girlfriend and buy hey some flowers for it ;) )...

other thing... I read much about those virtualization and virtual labs... what's the sense of doing them? just to test the "tools" ? because if I'll make my Win XP PRO SP2 fully updated then I know that I won't be able to do anything (no known bugs) but only to scan, get some information?

I see you all are doing virtual labs... but what for? If you can't break updated win xp sp2 ?
<<

hitechpo

User avatar

Newbie
Newbie

Posts: 9

Joined: Mon Sep 03, 2007 7:50 am

Location: Cow Country, USA

Post Mon Sep 03, 2007 9:15 am

Re: New guy with a lot of questions...

I feel that tools are just an extension of the hacker, themselves.  Why do you want to learn how to hack?  Most of the time it is because something inside you wants to learn how things work.  What makes the software do what it does or what makes that computer act the way it does.  The methodology and information helps you understand the basics of what is going on.  The tools help you in gathering this information, but you still have to know how to interpret the results and what vectors of attacks can you utilize to compromise the system.  Sure, there may not be a lot you can do with a patched OS; however, what about the software running on the OS.  How could you get the user to download a Trojan or other malware program so that you can own the box?  There are zero-day exploits that come out everyday, do you keep up with this information?  These are some of the things to consider when you go forward and learn the 'tools'.
CISSP, CEH, NSA-IAM/NSA-IEM, MCSE, A+
<<

york_daro

Newbie
Newbie

Posts: 9

Joined: Sun Aug 26, 2007 12:26 pm

Post Mon Sep 03, 2007 9:33 am

Re: New guy with a lot of questions...

I know that hitechpo :) zero-day exploits, SE and other apps... sure... I am up to date with many things... that's why I wanted to ask You about those certifications - why they are so expensive... I thought that 4 that price there would be plenty of informations how to..... I see now that most of the informations I can get from google... what am I saying? all of the informations ....
<<

LSOChris

Post Mon Sep 03, 2007 10:10 am

Re: New guy with a lot of questions...

certs are only for what you can get out of them and to get by HR.

you can get most of the education for college for free on the net, does that mean that college has no value and a college degree has no value?  thats a bit of stretch but you get the idea.

two things to address your comment because i have seen the whole "i can get everything on google garbage"

when you take a training course, any course, you paying for that instructors time because, ideally, they have alot of experience in the field and can help you learn the material faster, better, more retainabilty, whatever.  not "so" much for the content they teach, although it should be organized and better than what you can get "for free with google"

second, certs are a way to test yourself to prove that you know the knowledge and to "ideally" show others that you know the knowledge as well.  we dont need to go into the debate of the value of certs, there are already several threads about it.

the cost?  well thats just part of the game isnt it. 
<<

york_daro

Newbie
Newbie

Posts: 9

Joined: Sun Aug 26, 2007 12:26 pm

Post Mon Sep 03, 2007 11:43 am

Re: New guy with a lot of questions...

sure but U see... here that price is too much 4 most of living people here... When I sam that price.... I thought that it must the best ever made cert.... it isn't :) I worked whole year to get that amount and buy a computer... if I would spend those money on that course I think I would be disappointed...I would never spend so much money on any "game" :) that's why I wanted to ask about Your point of view... I think that not too many people from Poland will be taking any of those exams ;) maybe in some time...
<<

LSOChris

Post Mon Sep 03, 2007 3:03 pm

Re: New guy with a lot of questions...

if you have the skills you are talking about there is plenty of work to be made on the side. sites like rentacoder come to mind.

again there is difference between the price to sit for a cert and the price for a training course.  i wouldnt confuse the two.
<<

morpheus063

User avatar

Sr. Member
Sr. Member

Posts: 393

Joined: Sun Jun 25, 2006 10:08 am

Location: Cochin - India

Post Mon Sep 03, 2007 10:09 pm

Re: New guy with a lot of questions...

Hi York_daro,

What really matters is your level of knowledge and your skills. No matter how many certifications you hold, you always have to face the interview board and have to answer the questions. And to answer those, you need real stuff - But let me also say that good knowledge with certifications make you stand above others. So both go side by side.

As far as the cost, I think the money value for both countries are different - and the pricing is based on US dollars. So obviously non-us people will find it very high (Infact, I am also a non-us guy) The salary you get in your home country will be different from the salary that you get in US.
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

[b]There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n
<<

Florin

Newbie
Newbie

Posts: 29

Joined: Thu May 03, 2007 8:57 am

Post Tue Sep 04, 2007 10:10 am

Re: New guy with a lot of questions...

York_daro,

The price of the certificate shouldn't be an obstacle to you.
This depends if you really want to test you knowledge and to be able to prove you employers that "you know what you are talking about".

If you really want to take a cert, in my opinion you have two choices:
1. Self study. If the price of the course is to high for you, do a lot of self study. Use virtual labs, read books etc. When you feel confident about your knowledge, you can take the cert, the price of the exam is not that high (non-US guy oppinion here also).
2. Prove you employer that you are willing to specialise youself in security, and, if this is important for him or the company's project, maybe he'll support the price of the course/exam.

Please note that both of the choices depend very much on you commitment to you goal.

Hope this helps...
Security+, OSCP, CISM, CISSP
<<

york_daro

Newbie
Newbie

Posts: 9

Joined: Sun Aug 26, 2007 12:26 pm

Post Tue Sep 04, 2007 1:05 pm

Re: New guy with a lot of questions...

yes I know :) that's one of my gr8est problems ;)
don't know what to do with myself ...

Most of my time i spent on programming... but it's too heavy topic to get a good job in it (too high requirements/skills from programmers that you can get alone from internet :) )...

I like security but most of my time I used it to check site/network/software.... attack (4 fun and test myself + to prove them that their site/network/software isn't secured good enough)... the real problem is that I don't know how to protect (i'm not an administrator)....

to mention about programming everybody says that the best and most needed language is C++ (i rather like delphi [lol]) but I don't know anything about that... so I think that programming could be a problem 4 me... administrating a network is easier than programming.... I don't know if it's not too late 4 me to learn C++ (hard thing)..... I just don't know... I know one thing... I like computers, making, modify, buy (new ones) :D so many problems....

thank you all 4 so many replies (and sory 4 my english) ;)
Next

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 3 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software