Reproduced with permission from "Soulbrutha" an employee of a very large international Cell phone company.
Nov 27 2005, 02:10 AM
Well I attended the Mile2 version of CEH which is called CPTS--Certified Pen Testing Specialist.
In my honest opinion this is the best course I've "ever" attended. I'm from a windows background I've been fortunate enough to attend many many courses ( Dos 6.22 & Windows 3.1 for my first MCP)
On first arrival you get five items: Large Binder ( study material ), slim binder ( Lab manual), a copy of Gray Hat Hacking : The Ethical Hacker's Handbook, a DVD pouch full of Linux distros, tools, guides, white papers etc.... and a nice pen !
The instructor was knowledgeable, funny and had keen interest in "lock picking" which he took this interest into the classroom which kept us amused.
The class was a mixture of windows, network, unix admin's and me a security newbie.
There were 15 modules which differs slightly from the Mile2 web site description:
MODULE 1 - Business & Technical Logistics of Penetration Testing
MODULE 2 - Information Gathering
MODULE 3 - Linux Fundamentals
MODULE 4 - Detecting Live Systems
MODULE 5 - Getting rich from enumeration
MODULE 6 - Cryptography Decrypted
MODULE 7 – Vulnerability assessment
MODULE 8 – Hacking Windows
MODULE 9 – Advance Vulnerability & Exploit Techniques
MODULE 10 - Malware ( Software goes undercover )
MODULE 11 – Cracking and Securing Wireless networks
MODULE 12 – Packet Sniffing & Session Hijacking
MODULE 13 – Attacking Networks, Routers, Firewalls and IDS
MODULE 14 – Attacking Database's
MODULE 15 - Attacking Web Technologies
Most of the lab exercises worked pretty well and were fun and educational.
Hacking techniques/Tools which I used: nmap, nessus, hping2, Cain Abel, GetAcc, DumpSec, Metasploit, Core Impact, Auto Scan to name and absolute few !
We hacked, cracked, sql injected, sniffed, wrapped, spoofed, Arp poisoning.
We looked at lazy and bad programming techniques.
The course was for security professions who want to LEARN what to look for in their own environment and how to protect themselves from attack. I've learned about the layered approach to security ( Defense in Depth ) Users, computers, servers, network and perimeter.
This was definitely not a course for "script kiddies"
We used VMWare Workstation 5, which was used to run the XP, Windows 2000, Whax, Auditor and knoppix, that we use in the class, because of this I've now created a similar environment at home: MAC, 3 x Windows 2003, 1 x Windows 2000, 3 x Windows XP all with varying patch levels and now using Metasploit and Cain & Abel 2.81 to its fullest.
What I learnt:
Tools, hackers/script kiddies point of view, how in-secure a typical network can be, how easy it is to exploit servers. How we take IDS's, IPS's for granted. How easy it is to break WPA and WPA2. and the list goes on....
The only difference between CEH and CPTS is that on the CEH course there is one more module: DDOS
I'm now going to go over the course notes to reinforce what I've learnt and to prepare for both CEH/CPTS exams ( hopefully sooner rather than later )
This was the glue I needed for my CISSP and my CompTIA Security+ qualifications.
The course was relevant, useful, an eye opener and scary ! 
SB 
The full discussion is available here: www.sadikhov.com/forum/lofiversion/index.php/t38922.html |
