.

CEH and other questions

<<

omegaflare

Newbie
Newbie

Posts: 2

Joined: Wed May 09, 2012 10:29 pm

Post Wed May 09, 2012 10:38 pm

CEH and other questions

Guys,

I just graduated from RIT with a Bachelor of Science degree in IT (Website Development and Networking).

Now I am focusing on Offensive Warfare as my main specialty. So I want to specialize in Penetration Testing and get licensed. I want to get certified in OSCP, or LPT.

http://www.offensive-security.com/infor ... backtrack/

Then eventually I will probably take Cryptography (program viruses) at RIT, and be able to write/program my own exploits via python, perl, and etc.

I really want to register for a course online (I can't do it via live classroom because I have hearing loss and would require an ASL interpreter) so online class would be ideal for me.

So please put me in the right direction and where should I do first? Thanks!
Last edited by omegaflare on Wed May 09, 2012 10:40 pm, edited 1 time in total.
<<

unicityd

User avatar

Full Member
Full Member

Posts: 170

Joined: Wed Sep 03, 2008 5:33 pm

Post Thu May 10, 2012 12:33 am

Re: CEH and other questions

There are a few recent how-to-get-started threads on here.  Take a look around, someone may have already provided the answers you need.

A few notes:

Cryptography is not about programming viruses.  Cryptography is about making and breaking codes.  If you want to learn about Cryptography, check out Applied Cryptography by Bruce Schneier or Understanding Cryptography by Chrisof Paar and Jan Pelzl.

If you want to know more about viruses, check out Malware by Ed Skoudis and Lenny Zeltser or The Art of Computer Virus Research and Defense by Peter Szor.

If you want to learn about penetration testing, check out the recent threads and/or read Counter Hack by Ed Skoudis or Hacking Exposed by McClure et. al.

Penetration testers are not licensed, at least in the U.S.  I haven't heard of it anywhere else either, but...maybe things are different in Myanamar or somewhere.  I don't know.

For an online class, maybe check out eLearn Security? 

http://www.elearnsecurity.com/course/pe ... n_testing/
BS in IT, CISSP, MS in IS Management (in progress)
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Thu May 10, 2012 8:01 am

Re: CEH and other questions

omegaflare wrote:Now I am focusing on Offensive Warfare as my main specialty. So I want to specialize in Penetration Testing and get licensed. I want to get certified in OSCP, or LPT.


Get licensed by whom? In a conventional licensing scheme, one takes exams and is certified by a governing body who sets forth parameters of checks and balances alongside rules to ensure that the individual licensed is "on board" with the objectives of whomever gave them the license. When the individual strays from this, the license is revoked, penalties applied and so forth. There is not ONE organization that 1) has the authority to make this sort of rule 2) has the capability/know-how to enforce any silly rules it could apply when it comes to "cybersecurity." The framework for global cooperation is not and will never be there so such license would be utter nonsense and complete marketing.

You don't need a license to perform penetration testing and anyone who tells you this needs to stick to reading re-hashed nonsensical books. What you will ALWAYS need is insurance to cover yourself and the possibility of damages you may incur from doing something wrong. No one, not one organization be it SANS, EC-Council, even the US Government can make a push for "licensing" pentesters. The content would be so broad and never-ending no exam could possibly be given. This is because of the many areas of security involved in penetration. (See http://infiltrated.net/TechnicalSecurityRoadmap.html)

Now, to answer your question, the link above will also give you a glimpse and starting point at the many different and diverse areas concerning security testing. I suggest having a look..
<<

unicityd

User avatar

Full Member
Full Member

Posts: 170

Joined: Wed Sep 03, 2008 5:33 pm

Post Thu May 10, 2012 10:19 am

Re: CEH and other questions

anyone who tells you this needs to stick to reading re-hashed nonsensical books


Do you like any of the penetration testing books out there?  You've seemed fairly dismissive of them in the past.  Do you think people should skip them entirely? 

I don't think that reading one (or several) will make someone an expert or anything close to that, but they seem useful for getting a basic introduction. 
BS in IT, CISSP, MS in IS Management (in progress)
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Thu May 10, 2012 11:23 am

Re: CEH and other questions

I prefer to stick with networking, programming and systems based reading. For the most part, there are under one handful of books that are alright when it comes to pentesting. The problems I have are:

1) Content is tailored for your reading pleasure
In most books, they're using loaded examples. Similar to shooting fish in a barrel. What are you learning? Certainly not the core of what happens during an exploit. You're leaning what they did to compromise their loaded machine.

2) Content is horribly narrow
Name me one pentesting book that does not use MS08-67 and I will show you 20 that do. Pentesting does not revolve around Windows MSRPC. There is a lot more to understand and learn.

3) Rehashed rehashed rehashings
Most books I have read (and I have read about 10-12 books this year alone) are so repetitive of the things that I have seen in other books and blogs that its disgusting. I would (and always do) recommend understanding systems and networking at an extremely level (understand the protocols) moreso than focusing on wasting money on "Hacker Voodoo Edition 7 Multi Platinum Bling Bling Edition."

Reasoning for me so adamant about learning such content (sys/net) for those new to pentesting is that it makes them well rounded where they begin to compile a wider array of expertise. Makes little sense to compromise a system only to get on the system and not understand even the basic commands, the basics of say a multi-homed network, a NAT'd network, VPN'd network and so forth.
<<

omegaflare

Newbie
Newbie

Posts: 2

Joined: Wed May 09, 2012 10:29 pm

Post Fri May 11, 2012 9:02 pm

Re: CEH and other questions

http://www.offensive-security.com/infor ... backtrack/

- will this help me out in regard to pentesting? I can take online courses and get certified (not licensed.. of course).

I have been doing programming in mysql, Java, and pHp. Now I am learning C and then eventually Assembly Language. my programming is quite rusty so I will need to re-hone my programming skills.

I may know how to program but I still need to understand the security fundamentals so I will able to conducting pen testing. I just want to make sure I am on the right track; writing viruses interested me but often perceived as a threat by many organizations/governments so I am not sure if this is a good thing but that's something I want to learn.
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Fri May 11, 2012 9:22 pm

Re: CEH and other questions

When it comes to pentesting, that's one of the ones that those in the know look to and respect. It isn't a case of oh, I read a book and passed a multiple choice question test. The PWB / OSCP is completely hands on, and you'll learn a lot along the way. Search through the forums, there have been many discussions on it, how many times people had to take the exam, and what we all think of it. Even people that took it and failed feel that they learned quite a bit along the way.

Will it tell HR or a hiring manager that you're the world's greatest pentester?No. will it tell them, if they know what the cert is, that you know something? Yes. Will it show you're willing to learn, and continue your education? Yeah.

While I don't have the OSCP, and haven't done the PWB course. I have done the WiFu course, and got the OSWP. I've been brought in a few times for interviews just because of it. They wanted to know what it was like and impressions of it.
OSWP, Sec+

Return to Security

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software