Certified Penetration Testing Engineer

"The instructor was excellent and ranks tops in the 100+ classes that I have taken over my 21 years in the field.  He did a great job of teaching, answering questions and working through the labs.  He made himself very available to the students and responded to e-mail questions in a very timely manner.  I would give him an A+. The training course and lab were great.  The instructor was excellent as well".

Steve Minor, Rush Card  (05.242010)

Certified Penetration Testing Engineer Class

I attended a mile2 Certified Pen Tester course at the XXXX Centre, Dublin,  during the period 15 to 19 February 2010. Our instructor at the time was M.S. I'd just like to thank him for his instruction during these dates. You have no idea as to how much I actually learned on this course. To be honest, the course has completely changed my views with regards to my current IT career within the bank.
 
My first day back at work (after the course), was so boring and dull and I actually wished I was back in class (soaking up [the instructor's] knowledge) of PEN testing. I am currently looking at broadening my knowledge in this subject as I have set my goals to become a professional PEN tester. I go through all our course materials of which he gave us every night and have also purchased a few books on this subject. ..     ...Once again, I'd like to thank [the instructor] for coming to Dublin to share his knowledge with me on the course and look forward to hearing from you.

Best regards, R W

C)ISSO & CISSP combo course

"Mr. Aman Bhar. Excellent Instructor. Well prepared, excellent presenter. Very knowledgeable. Thank you!" - Wilfred Liebscher, Department of National Defense, Canada.

"Excellent instructor!! Outstanding teacher. Extremely knowledgeable. Made the course fun and interesting. Very helpful." - Lisa Vance, Department of National Defense, Canada.

"You are more than welcome Aman. Thank you for providing another perfect learning experience to my-our students." - large Mile2 Security Training Partner in the EU

C)ISSO course feedback

"He was knowledgeable and gave a clear overview of all the domains and the overlaps." - E.M. van Nuil, Oblivion B.V.
"Aman Bhar. Very Good, He Really Try To Let Us Understood The Material Instead Of Just Communicating It" - Wilco Vong, Symantec
"Aman Bhar. Very Good" - Sherry Bibiana, Tomt B.V.
"Aman Bhar. The great thing that Aman was doing, is using real life\examples during the training which makes the material less 'dry'. " - Dave Dipendaal, Predictive Consulting
"Thanks again for a great, clear training!" - Dave Dipendaal, Predictive Consulting

________

Certified Digital Forensics Examiner.

                                                                   Certified Digital Forensics Examiner

New Bern Police Department

I would like to extend my thanks to you and your company, Mile 2.  The training is great and informative.  It has enhanced my knowledge by leap and bounds.  Because of the training I know I am now more prepared to do my job in a professional and proficient way. 

Detective SZ

Certified Wireless Security Engineer (CWNA/P)

CPTS and CPTE Comments

Dear XXXXXXXX,

After speaking with Mile2, about the government trying to add more certifications to 8570, I though this was an outstanding idea since it was sort of limited at this time and not job specific. At this time the 8570 can get my personnel up to the standards needed to basically do the job, but not to the skill level needed for their task. By adding some of the specialized certifications into the 8570 at different level this would make people work harder to become more focused in their task, such as Blue team members or Red team members for the Marine Corps Information Assurance Assessment Team.

In XXXXXX 2006 the CPTE course was taught to the Marine Corps Information Assurance Assessment Team and it was found to be a value-added skill set needed to accomplish our mission. The Marine Corps' current schools for Information Assurance Technician MOS 0689 does not offer any training like the CPTE course, so this would reinforce the need for this certification to be added to the DoDD 8570.1- M as Technical Level II and the CPTE as Technical Level III. We are already seeing the effects of commands using the 8570 as a tool to ensure properly trained personnel are assessing their networks. But we are also seeing contracting agencies and government agencies only training to what is written in the 8570.1-M and nothing else. This is going to hurt the IT sections that have specialized traits such as Information Assurances that do penetration testing and threat analysts work.

The Mile2  CPTE surpasses the level of training provided by other certifications similar to it such as Foundstone and CEH (CNDA which they call it now), due to extensive hands on training that you receive. The CPTE also teaches the methodology of how to perform an assessment from a penetration tester's standpoint. The CEH is out to training only to teach how to pass a test and how to use dangerous tools. I have taken both courses and have found this CPTE (Formerly CPTS) to be one of the most professional certification courses I have been to, comparable only to CISSP.

Being a former Marine Corps Data Chief and now a part of the Marine Corps Information Assurance Assessment Team I think that these two certifications would take vital role in training of our IA workforce. As Sun Tzu stated "Know your enemy".

Thank you for your time on this matter and I hope this information helps you in your studies of the 8570.

XXXXXXXX
Technical Lead
Marine Corps Information Assurance Assessment Team (MCIAAT)

Certified Penetration Testing Specialist Student Review by FAA Security Officer

Subject : Recommendation
From :
To : mile2.com

Michael,

Having attended both the CPTE security training classes presented by Mile2, I will definitely recommend this training for IS security analysts within the FAA ( Federal Aviation Administration).

As you may know, our certification and authorization packages performed on various critical infrastructure assets are directed by FISMA guidelines, as well as other Federal directives and orders. FISMA guidelines state that"periodic testing and evaluation of the effectiveness of information security policies, procedures and practices, to be performed with a frequency depending on risk,.. which shall include testing of management, operational, and technical controls of every information system identified in the inventory..."

The only way for an organization to know the effectiveness of the security controls already in place is to think like an attacker, and be knowledgeable about, and skilled with, the cyber attack tools that are
readily available to anyone. This is not any different than securing a house or other structure. You must know all of the entry points in order to make sure those are secure. This is where the value of the Mile2 CPTE classes lie. Mile2 instructors do not just teach theory of information system attacks. They have real world penetration testing experience that they professionally convey in a hands-on environment. I have attended a similar course offered through SANS which taught volumes about tools and theory, but with 300 other individuals in the class, and no hands-on until the last day of class, the learning experience was disappointing, to say the least. All Mile2 classes I have attended have had no more than 15 students, which allows substantial one-on-one time with the instructor.  All of the modules include hands-on labs that allow the student to gain an understanding of the attack tools, which is paramount in mitigating attacks.

All in all, Mile2 training far surpasses that of SANS for the following reasons:

1) Small class size ensures that all questions from students are discussed and answered, either as a group, or one-on-one with the instructor. This is not possible in a large class setting typical of SANS training.

2) Hands-on experience with attack tools on a daily basis.

3) Lower cost than SANS training, usually by at least $1000.00.

Thank you for presenting the penetration testing material in such a way that was very conducive to really absorbing the knowledge needed to better help me protect the critical information infrastructure of our nation.
 
 
Best Regards,

XXXXXXX   M.S. IA, CISSP
Senior Information Systems Security Analyst
Federal Aviation Administration / MMAC 

Reproduced with permission from "Soulbrutha" an employee of a very large international Cell phone company.

Well I attended the Mile2 version of CEH which is called CPTS-Certified Pen Testing Specialist.

In my honest opinion this is the best course I've "ever" attended. I'm from a windows background I've been fortunate enough to attend many many courses ( Dos 6.22 & Windows 3.1 for my first MCP)

On first arrival you get five items: Large Binder ( study material ), slim binder ( Lab manual), a copy of Gray Hat Hacking : The Ethical Hacker's Handbook, a DVD pouch full of Linux distros, tools, guides, white papers etc.... and a nice pen !

The instructor was knowledgeable, funny and had keen interest in "lock picking" which he took this interest into the classroom which kept us amused....

...We hacked, cracked, sql injected, sniffed, wrapped, spoofed, Arp poisoning. We looked at lazy and bad programming techniques.

The course was for security professions who want to LEARN what to look for in their own environment and how to protect themselves from attack. I've learned about the layered approach to security ( Defense in Depth ) Users, computers, servers, network and perimeter.

This was definitely not a course for "script kiddies"

We used VMWare Workstation 5, which was used to run the XP, Windows 2000, Whax, Auditor and knoppix, that we use in the class, because of this I've now created a similar environment at home: MAC, 3 x Windows 2003, 1 x Windows 2000, 3 x Windows XP all with varying patch levels and now using Metasploit and Cain & Abel 2.81 to its fullest.

What I learnt:

Tools, hackers/script kiddies point of view, how in-secure a typical network can be, how easy it is to exploit servers. How we take IDS's, IPS's for granted. How easy it is to break WPA and WPA2. and the list goes on....

The only difference between CEH and CPTS is that on the CEH course there is one more module: DDOS
I'm now going to go over the course notes to reinforce what I've learnt and to prepare for both CEH/CPTS exams ( hopefully sooner rather than later )

This was the glue I needed for my CISSP and my CompTIA Security+ qualifications.

The course was relevant, useful, an eye opener and scary !

CPTE (Formerly CPTS)  Review

Working in the computer industry for 9 years then focusing on security for 4 years I have seen many things. I have always been on the defense when it comes to security; it seems to always be a game of catch up. A vulnerability is released and upper management deems a solution that might not be the best fix. I cannot tell you how many times I have been forced to implement a square patch into a round vulnerability. Since I have little understanding of the attack or the vulnerability; I am at the mercy of the patch and coder that wrote it. With this deficiency in my background I needed more information on what the exploits are and the frame of mind on the person creating them.

I have taken many training classes from SANS, and Learning Tree, on the topics of security. This time I needed a certain specialty class. I need to learn more on how to exploit a network. I needed to learn methodology on compromising a network. In order to defend an enterprise networking environment I had to learn how to penetrate one.

I then looked at the two different penetration certifications, CEH (Certified Ethical Hacker – From EC Council) or CPTS (Certified Penetration Testing Specialist from Mile2). I have read many articles on CEH and bought the official book, Ethical Hacking written by EC-Council. After looking into the CEH certification I came to the conclusion that it is too tool orientated. I am familiar with the open source environment so most of the tools that come with the CEH course. I didn't want to learn tools set but the reasons to use them. Looking into the CPTS course I couldn't fine very much information on it, but one thing that sold me was printed on the Mile2 site. Mile2 CPTS is being used by the US Military -- I found my class! If the Military is using Mile2 for their training then why shouldn't I.

I took the class in Nashua , NH June 19 – 23 rd . I was two hours late for the Monday class due to flight delays. I was introduced to Tim my instructor who was also presented as a professional penetration tester and security expert. Whenever I meet people with such title's I always view them with a grain of salt. A class is only as good as the instructor. If I am able to stump the instructor on my first day, then I usually lose confidence in the class. Tim was right on the money with anything that I threw at him. He knew the industry and was current with security practices and procedures. Tim's best asset was the ability to think out of the box to exploit secure networks and the people that maintain them.

The five day training environment consisted of lectures and lab assignments that ranged from simple to advanced. The atmosphere was professional and light hearted in that I was able to freely ask questions. At all times the instructor addressed the students politely no matter what their background or skill set was. Tim was able to keep the whole class involved with questions and stories from his experiences. Students would also give input from situations that they experienced in the past.

I learned many tools on how to perform security penetrations. More importantly I learned the methodology on the exploits that I was performing. I learned how to exploit web pages, web servers, Windows and UNIX environments. I was taught networking concepts (LAN, WAN) and different packet exploits. The Lab environment was sound and real world. Most importantly is that the labs worked. I cannot tell you how many times in training the labs did not produce the required results. We would then go over the labs to see what was happening and learn the concepts that went into the exploit.

By the third day I had enough training to change the way I looked at a network. The class was changing the way I saw a network. I was not just learning about an exploit, I wanted to know how to modify it. I was not thinking like a security specialist, I was thinking like a penetration tester. This was the most important thing that I took away from this class. I would go back to my hotel thinking about my own enterprise environment. I would cringe at potential vulnerabilities that I might have. I was introduced to a frame of mind, not a tool set. The instructor always reminded the class to be professional in their penetration testing. Follow the agreed rules.

During some of the programming days I waned to know more about root kits and different viruses. Tim taught up how to modify code and what to look for in a buffer overflow exploit. After the lecture Tim took time out of his lunch to show me more code. All I had to do was ask, Tim was happy to answer all my questions. I probably cannot write a virus but I have a better understanding on how virus scanners work. By looking at exploits and vulnerabilities I am now better able to secure my corporate environment.

After taking this class I have an opportunity to take the CPTS test and become certified. The problem with many certification classes is that they tend to teach you how to pass a test. I personally feel that certifications can dilute the teachings of a class. I was never instructed on how to take a test, I was taught how to penetrate a network. With what I have learned in the class I have no doubt that I will pass the certification.

Back at work I was brought into my boss's office to debrief him on what I learned. I told him that learned a different frame of mind. I now have a better understanding on what I am up against to secure my corporate computing environment.

Sincerely,

Tim Gallagher
Systems Engineer
Computer Science Corporation

CPTE (Formerly CPTS) Review

Review: Certified Penetration Testing Specialist - CPTS

The Certified Penetration Testing Specialist (CPTS) class is an excellent way to gain a basic introduction to the seventeen aspects of network penetration evaluation. Perhaps its greatest strength is that by it's step-by-step process, it clearly elucidates why each part of the IT infrastructure is so important for securing the IT enterprise. Each weakness in the infrastructure provides a potential that a penetration tester (and potential hacker) can expose (and make use of). One begins to see that every part of the network becomes so critical and how network security policy needs to include every single person in an organization.

CPTS is an excellent way of gaining a fuller understanding of the penetration testing methodology. Not only are the instructors extremely helpful in class, they are an excellent source of material for continuing work towards network penetration testing. The instructor set up additional materials for the
class which I found very helpful for the in class exercises.

The instructor for the CPTS class was top notch. He thoroughly knew his subject matter and was able to patiently explain every aspect of penetration testing and how they interrelated. The material was a real eye opener and his careful, methodical approach was not only easy to
understand, but also provided a very clear understanding of the process of penetration testing. His real life experience that he brought to the class was very helpful in understanding what it means to be a penetration tester. He even provided important web sites to locate penetration-testing tools.

But perhaps the best thing about the CPTS class is that they teach a way of thinking about penetration testing. By learning about all the aspects of the penetration testing, one learns about how the penetration tester works and thus provides a perspective that is helpful for understanding how both systems and network security postures (and policies) influence overall IT security.

Certified Penetration Testing Specialist (now CPTEngineer) 

I attended the CPTS course at C-TREC in Houston from July 10 to July 14, taught by Michael Gregg.

As a security professional I have several certifications, like MCSE 2003 +security, Security+ and the EC-Council's Certified Ethical Hacker.The reason that I was still looking for a pentest training, was because of the fact that after the CEH training I felt that I wasn't ready to do the actual thing.

Needless to say that I am feeling really happy that I could participate in Mile2's training program. In fact it was by far the best training that I have ever attended. I think that the big difference between the CEH and CPTS certification is that the CEH program provides you with a lot of tools (which you can find yourself on the internet) where the CPTS program teaches you actually how to use them in a structured manner.

They do that by providing you with up-to-date materials (which are put together by security professionals) and real challenging hands-on exercises which make you understand the tools and the methodology of pentesting.

Although the CEH class was taught by a very good teacher who used more of his own materials then the EC's (because the CEH materials were out of date or full of errors) the CPTS training was thoughtfully put together and with the hands-on exercises it was made easy to understand the different parts of doing a pentest.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 

Without any doubt I soon will take the CPTE course.

Martin de Kok
Security Professional
Netherlands
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Certified Digital Forensics Engineer

The instructor was great!  I do part time teaching at a local college and am adapting some of her styles to my presentations. The Forensics training on September 13, 2010 was exceptional.  Genevieve Turner was a fantastic instructor and knew the subject matter inside and out.  Her relating to real world experience brought the information full circle... I was able to use techniques learned to recover 2449 files for a coworker from a corrupt DVD.

Rick White (CDFE)