.

What's the ONE training course you want to take this year?

<<

What90

Full Member
Full Member

Posts: 120

Joined: Sat Jun 09, 2007 2:23 am

Location: Syndey, Australia

Post Tue May 18, 2010 8:56 am

What's the ONE training course you want to take this year?

All,

Just looking for recommendations or suggestions on security training courses that aren't part of the main stream SANS, OffSec and EH stables.

A couple have popped up randomly in discussions which started me thinking about what else worthwhile, but not well known, is out there.

I'm interested in ones with a high quality trainer, excellent supporting material and that you'd recommend.

I'm not too worried about the training being on one particular area, topic or even if you don't get a nice cert for doing it - as long as it's excellent plus worth the time and effort.

Thanks!

Chris
<<

Xen

User avatar

Sr. Member
Sr. Member

Posts: 386

Joined: Tue Feb 03, 2009 3:59 am

Post Tue May 18, 2010 10:06 am

Re: What's the ONE training course you want to take this year?

eLearnsecurity is currently sponsoring this month's giveaway (you already know this but.....).
Other than this I'm quite interested in penetration testing courses offered by heorot.net http://heorot.net/ I did not find any reviews for this course though ( I think Jhaddix is reviewing them).
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Tue May 18, 2010 11:35 am

Re: What's the ONE training course you want to take this year?

What90 wrote:I'm not too worried about the training being on one particular area, topic or even if you don't get a nice cert for doing it - as long as it's excellent plus worth the time and effort.


I'm waiting for Assured Exploitation (http://trailofbits.com/2010/02/25/assur ... -training/) to make its way around my part of town. I wouldn't mind taking training from Immunity Security either... I may do the CREA (http://www.infosecinstitute.com/courses ... nline.html) this year... Who knows. First I have to finish the CISM this June then I will make a decision. I may just go into vendor based training who knows (JNCIS, CCSP, etc.)
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Tue May 18, 2010 1:55 pm

Re: What's the ONE training course you want to take this year?

Sil, the Assured Exploitation course sounds like a ton of fun.  I wonder how that compares with Offsec's AWE. 
~~~~~~~~~~~~~~
Ketchup
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Tue May 18, 2010 2:20 pm

Re: What's the ONE training course you want to take this year?

Ketchup wrote:Sil, the Assured Exploitation course sounds like a ton of fun.   I wonder how that compares with Offsec's AWE.   


I don't want to take anything away from Mati and the crew at Offsec but looking at their syllabus (http://www.offensive-security.com/docum ... tation.pdf) I will give my two cents on this...

If you're into reverse engineering and exploitation on any level. You should know the names Dino Dai Zovi and Alex Sotirov. If you haven't heard the names - to be quite honest, you have many years to go (learning and maturing) on the exploitation side of the pentesting industry...

Dino:
MacHacker's Handbook
Art of Security Testing

http://www.amazon.com/Mac-Hackers-Handb ... t_ep_dpi_1

http://www.amazon.com/Art-Software-Secu ... t_ep_dpi_2

Dino taught (might still teach) the exploitation courses at Polytechnic in Brooklyn NY. Overall he is a pretty cool guy aside from him being probably one of the scariest people I've come across either via correspondence or just knowing whom the person is.

Alex:

SSL broken! Hackers create rogue CA certificate using MD5 collisions
http://www.zdnet.com/blog/security/ssl- ... sions/2339

[Alex] is well known for his discovery of the ANI browser vulnerability[3] as well as the so-called Heap Feng Shui technique[4] for exploiting heap buffer overflows in browsers...

Security researchers Alexander Sotirov and Mark Dowd have developed a technique that bypasses many of the new memory-protection safeguards in Windows Vista, such as address space layout randomization (ASLR). The result of this is that any already existing buffer overflow bugs that, in Vista, were previously not exploitable due to such features, may now be exploitable.

http://en.wikipedia.org/wiki/Criticism_ ... n_features




They're both at the forefront (bleeding edge) of exploitation and its often their work that others use in their classes (AWE). So you have an option... Get it from those who wrote the book, or get it from those who read and learned from those who wrote the book.

If there was one course... Only one course I could take for the next say 3-4 years... This definitely would be it. I still need to hit that "aha! Thats what I was missing!" I don't feel I've hit it at this stage.

On the pentesting side of things:

Network penetration - check
system penetration - check
programming - check (too many languages to list)
incident response - check
network / host based analysis and forensics - check

All checks to me imply I'm very versed, have no problem even teaching concepts and methodologies...

Lacking:
reverse engineering - work in progress
exploiting via reverse engineering - work in progress

Those are my weak spots. Reverse engineering from a quality assurance/security (http://www.amazon.com/Fuzzing-Software- ... 295&sr=8-1) is not my strong spot. I'd like to learn it better until I feel comfortable. I have no problem finding bugs/exploits for programs, I often have problems making it repeatably weaponized.
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Tue May 18, 2010 2:56 pm

Re: What's the ONE training course you want to take this year?

[hater mode]
LPT, just to make CEH not a complete waste of time...
[/hater mode]
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

Xen

User avatar

Sr. Member
Sr. Member

Posts: 386

Joined: Tue Feb 03, 2009 3:59 am

Post Tue May 18, 2010 3:25 pm

Re: What's the ONE training course you want to take this year?

@sil
Have you considered SANS SEC 709 Developing Exploits for Penetration Testers and Security Researchers http://www.sans.org/security-training/d ... s-3037-tid ? If you've attended it or by looking at the contents, how would you rate this for beginners? I do not plan to attend this course in the near future but just want to hear your opinion on it. EHNet has a review of this course http://www.ethicalhacker.net/content/view/264/2/
Last edited by Xen on Wed May 19, 2010 3:14 am, edited 1 time in total.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Tue May 18, 2010 10:30 pm

Re: What's the ONE training course you want to take this year?

Sil, that course does sound very interesting.  I am not much for hard core engineering.  I would rather be writing something.  I do like playing with exploits though.  I have a long way to go to consider myself knowledgeable in this area, but I am working on it.
~~~~~~~~~~~~~~
Ketchup
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Tue May 18, 2010 10:35 pm

Re: What's the ONE training course you want to take this year?

Ketchup wrote:Sil, that course does sound very interesting.   I am not much for hard core engineering.   I would rather be writing something.   I do like playing with exploits though.   I have a long way to go to consider myself knowledgeable in this area, but I am working on it.


Then you and I would get along great if you were in the North East USA region. I could show you 'sploiting and you would be able to help me on writing ;)
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Wed May 19, 2010 10:15 am

Re: What's the ONE training course you want to take this year?

I've had to give this one a lot of thought. Since it's limited to security, I'd like to take the CCNA:Security. But it has more to do with me working as an Admin than as a pen-tester.

But I'm not sure you'd count that as a mainstream one. :)
OSWP, Sec+
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Wed May 19, 2010 10:25 am

Re: What's the ONE training course you want to take this year?

Sil, I meant writing, as in "writing software" / coding.  I seem to enjoy writing software more than I do reverse engineering it.  Strangely, I do like breaking stuff quite a bit.  :)
~~~~~~~~~~~~~~
Ketchup
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Wed May 19, 2010 10:37 am

Re: What's the ONE training course you want to take this year?

Ketchup wrote:Sil, I meant writing, as in "writing software" / coding.   I seem to enjoy writing software more than I do reverse engineering it.   Strangely, I do like breaking stuff quite a bit.  :)


Ah... Gotcha. Software writing is not my forte. I've never had the urge to write programs but WILL write programs for something specific that I need. When I do however, its usually security driven and done in a non-GUI, perl, python, c/c++ based language.
<<

rvs

Jr. Member
Jr. Member

Posts: 94

Joined: Wed Jan 28, 2009 9:40 pm

Post Wed May 19, 2010 12:22 pm

Re: What's the ONE training course you want to take this year?

i want to pass my frkn oscp things always gets into my way specially my work. Is there any study group? in this forum lead me the way.
<<

COm_BOY

User avatar

Full Member
Full Member

Posts: 129

Joined: Tue Feb 03, 2009 10:40 am

Post Fri May 28, 2010 4:40 am

Re: What's the ONE training course you want to take this year?

I am gona pass my OSCP and start CCIE-Security :P $$$
It has become appallingly obvious that our technology has exceeded our humanity.
<<

yatz

Full Member
Full Member

Posts: 222

Joined: Tue May 25, 2010 2:58 pm

Post Tue Jun 01, 2010 8:35 am

Re: What's the ONE training course you want to take this year?

I'd like to take CEH, but I don't think the company will pay for it.

Otherwise that eLearnSecurity course sounds appealing...  ;)
"Live as though you would die tomorrow, learn as though you would live forever."

CCNA, MCSA, MCTS, Sec+, Net+, Linux+, CEH
Next

Return to General Certification

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software