.

My roadmap to InfoSec

<<

MrTuxracer

User avatar

Newbie
Newbie

Posts: 47

Joined: Fri Dec 30, 2011 4:25 am

Location: Germany

Post Fri Dec 30, 2011 1:11 pm

My roadmap to InfoSec

Hello EH-Community,

I'm new to this community, but I have read a lot of good & interesting articles in here and that's the reason why I need your advice  :)

I'm currently working as a network administrator for about 4 years now (it's my first job) and would like to go deeper into InfoSec. I spent most time of my day on router, switch and firewall shells, so I've got quite good networking fundamentals. Beside this I am a LPI - certfied Linux fanboy - well, I don't use Windows unless there's no other way, like in the world of Active Directory  ;) and I am a VMware enthusiast, because I love this technology and its impact.
I've got coding knowledge in VB.NET, PHP/SQL and basic ASM, C++.

Now I would like to realign my focus on InfoSec like attack and prevention mechanisms. I'm interested in InfoSec for over a year now and already have some basic fundamentals (like WebSecurity, BufferOverflows, usage of Metasploit and some other common tools) but I'm missing the in-depth details. That's the reason why I started to blog about things but this only helps a little. Now I've read a lot about certifications on EH and think those courses and (practical) exams are the best way to learn the details.

I'm currently thinking of going this way during the next 2 years:
CEH -> eCPPT Pro -> OSCP -> OSCE
(Taking the CEH and eCPPT Pro until summer, and the OSCP until end of 2012).

What do you think ?

By the way: My problem is that I have to pay most of the courses/exams out of my own pocket because my employer doesn't want to pay them. I hope that they'll pay at least the CEH :-\

Thanks & Regards
eCPPT, HP ASE (Networking), LPIC-1, OSCP, WCSP
http://www.rcesecurity.com
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Fri Dec 30, 2011 2:19 pm

Re: My roadmap to InfoSec

Hi MrTuxracer,

Welcome to the forums. Great background! Your experience in programming will help you out big time. Looks like a solid track you've set up for yourself, but with you having the fundamentals under your belt, I would say its time to go out there and have at it. VMware is great for practice! Setup some vulnerable VMs, get some vulnerable software, and hack away.

Having taken the eCPPT Pro and OSCP courses, I can tell your going to learn a good amount. Plus with the practical exams versus written, after you earn the certifications, they'll look better to employers (although I haven't seen the eCPPT recognized yet by HR. OSCP/E is getting its recognition barely, and CEH they love to see - thoughthe exam is written). Be sure when you sign up for the eCPPT course, you obtain the 5% voucher offered for EH-NET members, which could be redeemed here.

There are several of us here who pay out of pocket for our training. Sounds like were all in the same boat in relating to getting the best training for buck. Although not initially mentioned, alternate positive resources at affordable prices are:

Hacking Dojo

Strategic Security - which I believe was previously LearnSecurityOnline

SecurityTube

I think you've picked a solid route to take and your in for a fun ride (especially by the time you get to taking Cracking the Perimeter). Were all here to help along the way. For future references if you want to go the route of practicing in your own lab, below are a few links that will help out:

Virtual Images of Windows XP, Vista, and 7 - Compatible with Virtual PC
http://www.microsoft.com/download/en/details.aspx?id=11575

VMware's Virtual Appliance Marketplace - Containing Windows 2003 & Various Linux Distros
http://www.vmware.com/appliances/

Vulnerable Web Applications for Learning
https://securitythoughts.wordpress.com/2010/03/22/vulnerable-web-applications-for-learning/

OldApps - Find older software to practice exploitation on
http://www.oldapps.com/

Vulnerable by Design - Links to tons of vulnerable VMs, Web Apps, War Games & More
http://g0tmi1k.blogspot.com/2011/03/vulnerable-by-design.html
Last edited by KrisTeason on Tue Jan 10, 2012 7:37 pm, edited 1 time in total.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

Seen

User avatar

Full Member
Full Member

Posts: 137

Joined: Mon Aug 30, 2010 1:05 am

Post Fri Dec 30, 2011 2:21 pm

Re: My roadmap to InfoSec

Honestly, I would take the eCPPT first, and strongly read these forums in regards to the CEH.  It looks good on a resume, but from what I hear you don't get a lot of knowledge from the CEH.  The eCPPT, on the other hand is a great entry-level cert, and way cheaper than the CEH unless you don't have to take the class.
Sec+, eCPPT
<<

MrTuxracer

User avatar

Newbie
Newbie

Posts: 47

Joined: Fri Dec 30, 2011 4:25 am

Location: Germany

Post Fri Dec 30, 2011 4:26 pm

Re: My roadmap to InfoSec

Thanks xXxKrisxXx & Seen for your answers!

@xXxKrisxXx:
I thought about the SMFE course made by SecurityTube too, but it's quite too new and more specific. If there is more feedback on the SMFE available, I think it's good to take it after the eCPPT and before the OSCP/E. Have you planned to take it ?

Thanks for the list of ressources, I already know some of them, especially oldapps.com. I used them to rebuild a bufferoverflow exploit by myself...well an easy one, but at least it worked like a charme  :)
And the last one is really nice!

@Seen:
Yes, you're right! I think that the CEH is only a HR relevant certificate. I don't like multiple-choice exams, even though the VCP exam was quite hard work, but they do not say a lot about the real skill of the holder...well in times of braindumps.... they do not say anything  :-\
eCPPT, HP ASE (Networking), LPIC-1, OSCP, WCSP
http://www.rcesecurity.com
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Fri Dec 30, 2011 4:43 pm

Re: My roadmap to InfoSec

Hi MrTuxracer,

The SMFE course I think is barely starting. I don't think there are any reviews on it currently. I did hear Vivek mention in his SMFE video that he planned on rolling out a Metasploit book early 2012. It's going to be great and accommodate the course well.

I went for the eCPPT after OSCP, but I agree on attempting it before the OSCP course. I plan on taking CTP eventually here but to be honest, the reviews on it, and how much it is hyped up I don't know if I'm ready for it. They make it out like you have to be an Exploitation guru and require you to pass their http://fc4.me/ challenge before even signing up. The course looks intimidating to me, filled with tons of pain, but with the cert your guaranteed respect by any serious InfoSec peers.

If you replicated a buffer overflow example, your well on your way for Pentesting with BackTrack. I was going to mention you could either do CEH or eCPPT in any order but didn't want to bash CEH too hard like I have been guilty for doing in the past. Its' very HR relevant, and taking it before the eCPPT may help you even more in the PTP Pro course. What I enjoyed about eLearnSecurity's course was not only the amount of time they give you to go through all of the material in the class, but the solid material on the Web App module which will get you prepared for the eCPPT exam.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

MrTuxracer

User avatar

Newbie
Newbie

Posts: 47

Joined: Fri Dec 30, 2011 4:25 am

Location: Germany

Post Mon Jan 02, 2012 12:10 pm

Re: My roadmap to InfoSec

Hi xXxKrisxXx,

I just enrolled for the eCPPT and started to study on it. The study material is quite good and organized and there are a lot of interesting new things in it. I do not have regrets about this purchase - looks like this gonna be much fun  :) It's been the right decision to take the eCPPT before the OSCP!

The CTP is indeed very intimidating...you really have to like pain to enroll for it...so what are you waiting for ? go for it  ;)

Well I'll skip the CEH for now, let's have a look how I'm doing after the eCPPT.
eCPPT, HP ASE (Networking), LPIC-1, OSCP, WCSP
http://www.rcesecurity.com
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Mon Jan 02, 2012 1:07 pm

Re: My roadmap to InfoSec

Hi MrTuxracer,

Excellent to hear you enrolled. Your going to have a blast! If you run into a bind, don't forget about their forum for students. Plus were here to help on our end. There is a few of us here who have taken either the student or pro course with eLS so never hesitate!

Until I reach the level of masochist is the only time I'll be fully prepped to enroll in CTP. It's definitely on my list of, 'To do things in 2012'. I just need to go back through the PWB material and knock out the BoF extra miles and prep on Exploit-DB before officially going in.

Goodluck on your journey, may the force be with you!  :)
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

vp75

Jr. Member
Jr. Member

Posts: 78

Joined: Tue May 01, 2007 6:46 am

Post Wed Jan 04, 2012 4:39 pm

Re: My roadmap to InfoSec

MrTuxracer wrote:Hi xXxKrisxXx,

I just enrolled for the eCPPT and started to study on it. The study material is quite good and organized and there are a lot of interesting new things in it. I do not have regrets about this purchase - looks like this gonna be much fun  :) It's been the right decision to take the eCPPT before the OSCP!

The CTP is indeed very intimidating...you really have to like pain to enroll for it...so what are you waiting for ? go for it  ;)

Well I'll skip the CEH for now, let's have a look how I'm doing after the eCPPT.


Hi Mr.Tuxracer,
I'm in the same course, except joined during christmas....
Probably might meet in community  ;) there...
V
eCPPT
<<

MrTuxracer

User avatar

Newbie
Newbie

Posts: 47

Joined: Fri Dec 30, 2011 4:25 am

Location: Germany

Post Fri Jan 06, 2012 9:44 am

Re: My roadmap to InfoSec

vp75 wrote:
Hi Mr.Tuxracer,
I'm in the same course, except joined during christmas....
Probably might meet in community  ;) there...
V


Great one, isn't it ?
Nice, message me if you like  ;)
eCPPT, HP ASE (Networking), LPIC-1, OSCP, WCSP
http://www.rcesecurity.com
<<

isgillen

User avatar

Newbie
Newbie

Posts: 3

Joined: Tue Dec 13, 2011 7:30 am

Post Mon Jan 09, 2012 6:08 am

Re: My roadmap to InfoSec

eCPPT is a good choice to start with, I was new to security and it takes you from a noob to having a good understanding.

the course assumes that you have a basic knowledge of programming but i would suggest you need to have a bit more than basic if you intend to do the professional course straight away also TCP/IP.

They do offer a student course prior to the pro but i decided to go straight in at pro and was pretty comfortable. A plus point about the eCPPT is that they offer you a whole module on scripting which it not the norm but very beneficial.

The forums are very helpful and there is always someone there that will answer your questions.

The only downside is that there are some grammatical errors and a few slide early on do get a little confusing because the examples they use do not exist in the real world so you cant follow them. The staff are aware of this and are addressing it.

The future for eCPPT look promising and there are changes happening all the time. The best thing is that one you have paid up once you get life time access to both forums and course material so you can always stay up to date what ever changes they make. They also offer discounts to current members on anything new they try and listen to suggestions from the community.

Hope this helps in your decision, good luck
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Tue Jan 10, 2012 9:55 am

Re: My roadmap to InfoSec

Wow, eCPPT is pretty affordable.  I actually may sign up for that this month.  I like the idea of life time access.  I think I will try the demo and see how I like it.  Judging by the responses here it seems to be a good prep for getting a head start in OSCP. 
Certs: GCWN
(@)Dewser
<<

coding_fury

Newbie
Newbie

Posts: 1

Joined: Tue Jan 10, 2012 7:14 pm

Post Tue Jan 10, 2012 7:25 pm

Re: My roadmap to InfoSec

Hello everyone,
I heard a lot of good things regarding eCPPT (in this thread and elsewhere). However when going to elearnsecurity website, I stumbled on this page for penetrating testing pro. Is it just me or it looks like a really bad sham-wow tv commercial ? I expected to read "but wait! if you order right now we double up the offer!" at any time. I'ld like some feedback for people that actually did the course (PTP and eCPPT exam) to see if my worries are founded or not.

Also, is it possible to spend between 20-30 hours at most per week studying /practicing and still make the exam in the 120 days ? I presume it depends a lot on where you start but I'ld like an opinion.

Thank you,
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Tue Jan 10, 2012 7:34 pm

Re: My roadmap to InfoSec

Hello coding_fury,

Welcome to EthicalHacker.net. After checking out that page, it mainly seems like they're just trying to recommend/sell their course. Being a PTP alumni, I can confirm the course is legit.

You can definitely get the exam completed if you put in that many hours per week studying. You could even start practicing on the exam prior to officially starting your time to pen-test it (meaning you'll be given your exam target with eLS PTP credentials, and details on what needs to be done).

Kris
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

Gromic

User avatar

Newbie
Newbie

Posts: 38

Joined: Sat Nov 26, 2011 4:44 pm

Post Wed Jan 11, 2012 4:06 pm

Re: My roadmap to InfoSec

Hi Tuxracer!  Welcome to the forum!

Congrats on enrolling in eCPPT... I am also planning to sign up for the course shortly. Actually I wanted to do that already in december, but since you can defer the lab time only for 90 days once you bought it... and I will be really busy till april ... I haven't done it yet...  Hopefully the next couple of weeks
Time ...time...time... it's always the issue...

@coding_fury
I know the site sometimes looks like a "I make you rich quickly page".  Next to what kris said... from what you read around here it must be a really good course...
Thinking .... Please Wait...
<<

MrTuxracer

User avatar

Newbie
Newbie

Posts: 47

Joined: Fri Dec 30, 2011 4:25 am

Location: Germany

Post Thu Jan 12, 2012 4:34 am

Re: My roadmap to InfoSec

Hi gromic,

Thanks. It's been a good investment so far, and as far as I can say now, I don't need 120 days to complete the whole course. I think, it's quite a good preparation for the offensive-security courses.

@coding_fury / @3xban:
I agree...the website is not looking very serious, but the members-area and the course pages are well-made and a great benefit for someone who's new to the pentest topic.
eCPPT, HP ASE (Networking), LPIC-1, OSCP, WCSP
http://www.rcesecurity.com
Next

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software