.

EC-Council validity

<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Fri Jul 30, 2010 7:07 am

Re: EC-Council validity

sil, that's a great write up on these certifications.  I wasn't too familiar with the CPT and CEPT certs, but they sound like what the industry needs. 
~~~~~~~~~~~~~~
Ketchup
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Fri Jul 30, 2010 7:25 am

Re: EC-Council validity

ketchup how's it going hope you're enjoying your classes/briefings. The CPT and CEPT are a bit more complicated than the OSCP is with only the NOP being the most difficult (http://www.immunitysec.com/services-cnop.shtml) in terms of "leetness." However, the NOP also is in a class of its own as is the OPST (http://www.isecom.org/projects/opst.shtml).

If I had to rank them I would probably label them as follows (remember these are pentesting certs now, not security managers, auditors or intro level C|EH certs):

OSCP
GPEN
CPT
OPST
CEPT
NOP

Notice the LPT isn't on here? This is not because I think it's worthless, its because I believe the content of the ECSA + CEH to get the LPT is the wrong approach. I understand the need to introduce tools and certain methods however, I believe that EC-Council's structure isn't well... Structured properly. They have a great "framework" however, I believe they've been focusing too much on marketing and not enough on structure. AGAIN, this is not to say the LPT is worthless, this is just to say it's a bit too scattered for my taste.

It's probably unfair for me to list certs I don't have (GPEN, NOP) but judging by everything I've read, a little bit of experience with the organizations, I placed GPEN and NOP in those positions. For example, I don't know if it still holds true, but SANS tends to have "open book" exams. I completely disagree with this type of exam, period. NOP, well I know the authors and their capabilities and the authors are at the top of the "pentesting" food chain so I know the content is likely a PITA.

I might shoot for the OCSE as soon as I 1) get results from ISACA some time in the next two weeks or 2) I decide against the CREA/GREM (I'm still up in arms about these). The OCSE looks like fun however, 48 hours with a family + work + studies + xbox (yup, I have to free my mind with mindless stupidity a-la MW2) = difficult
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Sun Aug 01, 2010 12:08 am

Re: EC-Council validity

sil wrote:I don't know if it still holds true, but SANS tends to have "open book" exams. I completely disagree with this type of exam, period.


You can, but I really think it's less of an issue than people make it out to be. There is so much material and so many questions, that it's just not feasible to look up answers if you don't know what you're doing. You can look up a few items and bump up your score a marginal amount, but I think it would be rare that the open-book nature of these exams makes the difference between a pass and a fail. I challenged both of mine and got 90+ on each.

sil wrote:I might shoot for the OCSE as soon as I 1) get results from ISACA some time in the next two weeks


Isn't this ridiculous? My manager has been pestering ISACA on a regular basis for his CISM results, and last week they said he should have his results sometime this upcoming week. I probably tanked the CISA, but it would just be nice to know...

sil wrote:The OCSE looks like fun however, 48 hours with a family + work + studies + xbox (yup, I have to free my mind with mindless stupidity a-la MW2) = difficult


You don't have to take all the allotted time. Just wrap it up in a couple of hours ;)
The day you stop learning is the day you start becoming obsolete.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Sun Aug 01, 2010 1:00 am

Re: EC-Council validity

Sil, the NOP cert sounds a bit too constricting.  Am I understanding correctly that the entire test is discovering a BOF and exploiting it within 40 minutes?  That sounds a bit limited and geared towards vulnerability research.  Still, it is pretty hard core.  I really need to brush up on writing BOF exploits.  My knowledge is so outdated and useless.  I wish there was more time in the day.

The briefings were great.  I missed the ATM machine one, and opted for another briefing.  That was a mistake :)  I especially loved the Samy Kamkar one.  He is one funny dude, great content too.  I am working on a review of the training class, but in short, it was very enjoyable. 
~~~~~~~~~~~~~~
Ketchup
<<

supermanbe

User avatar

Newbie
Newbie

Posts: 1

Joined: Thu Aug 19, 2010 9:13 pm

Location: Orlando

Post Thu Aug 19, 2010 9:25 pm

Re: EC-Council validity

I have actually taken the CPTE from http://mile2.com and it has actually been a great course. It's actually now written by James Michael Stewarthttp://www.palaestratraining.com/stewart_bio.htm and I totally passed the exam.

All of the modules were there and the tools were awesome, I've heard of the eccouncil C{EH but have heard good things about mile2, my buddy told me about them and I ordered it from their site. Great course, I'm about to dive into CISSP to get a second certification.
<<

kennut

User avatar

Newbie
Newbie

Posts: 46

Joined: Thu Apr 16, 2009 10:41 pm

Post Thu Aug 19, 2010 11:21 pm

Re: EC-Council validity

nothing about EC Council, I was given the opportunity to take it and paid by the company for free! took CEH v5 workshop, well, the instructor is OK, but he did skipped hands on for Linux part etc. rest are very theory based, and of course, the fun part was unpatched Windows 2000 and how you use metaspoilt to get in. that was 2007.

I'm not sure how their coursework or materials fare now, their previous print-screen books x 5 volumes was a mess, so i really skipped them when preparing for the exam.

so back to the topic, yes, Ec-council marketing is damn good to be fact. better than others, even the job posting are asking for CEH credentials. No big issue in Asian countries, as OSCP, GPEN, CPT, OPST, CEPT, NOP are not popular here!

I hold CISA and CISM (in waiting for certification), so CEH when ppl asked me why I took it, I told them I did it for "fun", to learn thing ethical hacking stuffs, not something that can find a me high pay job.  ;D
Done all 3 certs, now going for CISSP.....
<<

outsourcethis

User avatar

Newbie
Newbie

Posts: 7

Joined: Thu Feb 05, 2009 11:37 am

Post Sun Sep 12, 2010 12:40 pm

Re: EC-Council validity

I should have responded earlier but didn't. I won't go into my long issue with EC-council and how I was treated. I have a C|EH E|CSA and LPT  these are just a good creds on your resume, They don't get in depth on how to be a pen tester leave that to the experts like GPEN or OSCP.

C|EH is like the MCSE, Its a buzz word/initials recruiters look for it on the resume thats all.

So my advice if your looking for a job the C|EH cred will help. If your looking for experience then leave it, there are better courses for that.

Just my 2 cents......
CISSP, C|EH, E|CSA, L|PT, MCSE+S. MCSA+S
Previous

Return to General Certification

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software