pharaoh fortune slot
ExamNotes.net
Welcome, Guest. Please login or register.
November 21, 2017, 03:20:24 PM

Login with username, password and session length
* Home Help Search Login Register
+  ExamNotes.net
|-+  Other IT certifications
| |-+  CISSP
| | |-+  Certified Ethical Hacker?
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] 2 Print
Author Topic: Certified Ethical Hacker?  (Read 41214 times)
bass2k1
Senior Member
Full Member
***
Offline Offline

Posts: 229

0


View Profile WWW
« on: March 24, 2003, 05:07:38 AM »

What are your thoughts on this Certification? Do you think it will be able to stand it's ground in the Security Arena? In short, is it worth the effort and $$$?

Regards

Sebastiaan.Rothmn@BHPBilliton.com
Logged
Hacker
Moderator
Sr. Member
****
Offline Offline

Posts: 382

2


View Profile WWW
« Reply #1 on: March 25, 2003, 04:48:21 AM »

Links?
Logged

FREE certification support from our many Certified Experts here!
bass2k1
Senior Member
Full Member
***
Offline Offline

Posts: 229

0


View Profile WWW
« Reply #2 on: March 25, 2003, 05:08:08 AM »

http://www.eccouncil.org/CEH.htm

Regards

Sebastiaan.Rothman@BHPBilliton.com
Logged
Dann
Senior Member
Full Member
***
Offline Offline

Posts: 178

0


View Profile
« Reply #3 on: March 25, 2003, 09:46:14 PM »

While, by taking the certification, does'nt mean that we will have a strong foot into the IT Security. The knowledge and exposure, gain from the course definately will help you in term in this path. Frankly speaking, do we really know how hacker hack the system, what tools are they using, how they exlore the expoilt and cover their tracks?

In US, the intenseschool is also running this course. According to them, is one of the popular hacking course so far. They are other company offering the same stuffs like foundstone.

So,even if the person is a CISSP or SSNP or something else. Do, they really know and confident to protect their organization network from the hacker. A hacker will use all means and ways to get into your network. And the CISSP dun even know how hacker thinks, how the hell is he going to protect his network.

In singapore, most of the CISSP are well rounded, they took classes on hacking, risk assessment and other courses. To fully equip their knowleges on IT Security

Go for the knowledge instead of certifications.
Logged
bass2k1
Senior Member
Full Member
***
Offline Offline

Posts: 229

0


View Profile WWW
« Reply #4 on: March 26, 2003, 01:31:53 AM »

Poinnt taken, but looking at it from an employment angle...isn't a company rather going to employ someone based on the formal qualifications rather than knowledge they claim to have?
Logged
Dann
Senior Member
Full Member
***
Offline Offline

Posts: 178

0


View Profile
« Reply #5 on: March 26, 2003, 09:05:45 PM »

While, i agree with you, the formal qualification is also important. Additional certifications and knowlege definately will also help in the career path in long run.

Summary, experience, qualification, knowledge and certifications are important to us, if we wish to excel in this IT industry.

Cheers !!!
Logged
comblues
Member
Jr. Member
**
Offline Offline

Posts: 54

0


View Profile WWW
« Reply #6 on: July 08, 2003, 11:10:43 PM »

Starting a 6-month intensive burn the brain course...

Fully Hands-on.

Goal 4 Cert in months and full y functional in at least 2 OS's (but hey why not learn a little about Novel and OS2, cause you can...)

Recon
Audit
Attack
Clean-up
Hide in Plain site
Defense

Hard Drive Forensics
Virus, Worms, and Trojans, on my...

And what about Social Engineering?  Nice trick for an interview...

After all business is war and "all's fair in love and war"... where the end justifies the means...

Ever heard of the OSSTMM...

I intend that all students use it for a bible...

Nice to have a thorough guideline to audit and to build a solid defense...

Think castle and moat...

Then think Ninja and Samuri...

Now you have an Ethical Hacker...

The Ethics of a Samuri, coupled with the skills and armament of a Ninja...


Hide in Plain site - Check
Weapons of Mass Destruction - check
Strong Armor - check
A few more secrets...

After all, it takes a Hacker to find a Hacker...

Final Exam - Find a Hacker Tool's Archive - Hack in (anyway you can) and retrieve at least 3 Gigs of the best tools you can find...

Bonus Points for 0-Day Tools...

Anyone care to ante up...

Oh yes...  I might advise that your personal PC or Palm be armored before such an undertaking into a Dragon's Hoard...

Care to live the adventure?
Logged

Comblues

CCNP+MCNS CCDP CCDA CCNA CSE
MCSE+I, MCSE, MCP+I, MCPS MCT
MCSA/MCSE 2000 + messaging
MCSA 2003
CCEA CCA LBS ICAS RMS IMS CCSP
Certified Ethical Hacker
Cisco Voice Certs: UCSE
A+ Network+ I-Net+
Certified Internet Security Specialist
Cisco WLAN SE/FE
CCIE-Written:RS
Cisco Global Product Support AVVID Field Engineer (VoIP, R&S, CAT 4224, and ICS 7750)
wirelessboy
Senior Member
Sr. Member
****
Offline Offline

Posts: 264

0


View Profile
« Reply #7 on: July 08, 2003, 11:38:34 PM »

dear comblues

CCNP+MCNS CCDP CCDA CCNA CSE
MCSE+I, MCSE, MCP+I, MCPS
CCEA CCA LBS ICAS RMS IMS CCSP
A+ Network+ I-Net+
Certified Internet Security Specialist
Cisco WLAN SE/FE
CCIE-Written (88%)
Cisco Global Product Support AVVID Field Engineer (VoIP, R&S, CAT 4224, and ICS 7750)

wow! boy, i am impressed and motivated with ur certs. congrats and all the best for ccie lab and other certs

regards
Logged

Wirelessboy
Towards a Wireless World
Delphis
Senior Member
Full Member
***
Offline Offline

Posts: 103

0


View Profile
« Reply #8 on: July 09, 2003, 03:59:04 PM »

Comblues,

You're on, save for the final.  The only way you're going to find 3 gigs of Hacking/Cracking tools from a single person is if they're nothing more then a script kiddie.

So where shall we start?
Logged
Hoooooo
Member

Offline Offline

Posts: 36

0


View Profile WWW
« Reply #9 on: July 09, 2003, 07:31:23 PM »

Let's go!






Hoooooo

Certified GED
Logged
comblues
Member
Jr. Member
**
Offline Offline

Posts: 54

0


View Profile WWW
« Reply #10 on: September 04, 2003, 12:46:36 PM »

Well Guys:

I spent a week in a CEH Training Class (not a bootcamp).

Then spent the weekend reviewing the tools, their respective creators, and trying to use as many as possible (there are over a hundred) and then sweated as I waited until Tuesday to take my exam.

I passed at 92% on my first attempt.

1 Cert Completed.

A few more to go...

Looking for the following:

Security+
TICSA
Microsoft MCSA/MCSE + Security (already MCSA/MCSE) so I need either 2 or 3 exams.

CCSA/CCSA - Just because I like Checkpoint too!

But the GSEC is officially the 4th Cert.

BTW - I got to get my Sniffer Certs completed in about the same time.

As far as the trove of tools - I came about it from a sortie with a Trojan/Worm tools that I noticed seemed to visit a variety of sites but none were the same on any two of the machines hit.  (Over 30 overall).

So I tried my luck and hit paydirt.

Now I have an arsenal of viruses and worms that are immune to virii checkers.

So these troves do exist.  But it does appear they are mobile?

Good luck finding one.

Look at your worms.  Particularly ones with the sdbot or some other bot.

Seems they go and download 2 files from the trove.
Logged

Comblues

CCNP+MCNS CCDP CCDA CCNA CSE
MCSE+I, MCSE, MCP+I, MCPS MCT
MCSA/MCSE 2000 + messaging
MCSA 2003
CCEA CCA LBS ICAS RMS IMS CCSP
Certified Ethical Hacker
Cisco Voice Certs: UCSE
A+ Network+ I-Net+
Certified Internet Security Specialist
Cisco WLAN SE/FE
CCIE-Written:RS
Cisco Global Product Support AVVID Field Engineer (VoIP, R&S, CAT 4224, and ICS 7750)
Ciaban
Junior Member

Offline Offline

Posts: 12

0


View Profile WWW
« Reply #11 on: September 07, 2003, 08:04:34 PM »

Delphis is right.  Most hacker tools are for script kiddies (the talentless and lazy).

   Any respectable "Ethical Hacker" or "Security Geek" will write their own code to bypass anti virus programs.  For example, look at NT systems.  They are the easiest systems to break into.  They are IMPOSSIBLE to secure if you have NetBIOS enabled unless you have an outside firewall blocking the port traffic.  Just research port 445 and hidden admin shares (C$).  A simple 10 line program using PSEXEC.EXE can scan and list all holes in a subnet and copy and execute any code you want.  If you really want the job done, write an additional 10 lines of code that will cycle through the 255 chr() values in increments until it gets done.  Theoretically, this is perfect for a middle man attack for IP spoofing since you don't need to see the output from the program, you just want the project to succeed.  So basically, unless you have a polymorph engine to encapsulate a script kiddie program, this level of attack is the only way to truly test the castle walls.  Anything less is a half witted way to stumble through your job

   The CEH is nothing more then a script kiddie certification.  I plan on getting it because is is something to break the ice at dinner parties.  A true InfoSec person should be comfortable with coding and networking alike, and should be able to access low level secured systems without the use for well know parlor tricks.  The industry needs more skilled Security professionals, not snake oils salesmen.  The CEH certification should be a base - low level -  novice certification with 1-3 levels of certification past it dedicated to system security at levels beyond simply knowing what the 14 year olds are using these days.

I don't mean to come accross as an arse, but this type of certs can become very dangerous very quickly when people want to show others how much they don't really know, all in the name of InfoSec when it should actually be called CSK for Certified Script Kiddie.  To know how a hacker thinks, don't use the tools.  Understand how and why the "vulnerabilities" are security risks, not memorizing the output and interface of an enumeration program.  Simple utilities like Telnet and learning how to program socket connections are more important then ǣhow to with netbus.
« Last Edit: September 07, 2003, 09:18:38 PM by Ciaban » Logged

Jeremy Martin
Information Security consultant
www.infosecwriter.com


"Real programmers use copy con program.exe"
gat0r
Senior Member
Full Member
***
Offline Offline

Posts: 109

0


View Profile WWW
« Reply #12 on: September 12, 2003, 06:16:47 PM »

what "real" hacker didnt out being a script kiddie.  everyone has to learn, you people with your arrogant attitudes can eat a dick.
if you can honestly say you became a real hacker without fooling around with some kiddie tools or checking out C code to see how they did that, then you are really friggin talented and should probably have something better to do that post on this forum
Logged
Ciaban
Junior Member

Offline Offline

Posts: 12

0


View Profile WWW
« Reply #13 on: September 12, 2003, 09:49:52 PM »

LOL gat0r
You didn't read the full post. "The CEH certification should be a base - low level - novice certification with 1-3 levels of certification past it dedicated to system security at levels beyond simply knowing what the 14 year olds are using these days."

It's like a nurse taking a 50 question test, passing and thinking they can do brain surgery.  

And sorry gat0r, I'm not gay.  Thanks for the offer though.
Logged

Jeremy Martin
Information Security consultant
www.infosecwriter.com


"Real programmers use copy con program.exe"
gat0r
Senior Member
Full Member
***
Offline Offline

Posts: 109

0


View Profile WWW
« Reply #14 on: September 15, 2003, 01:56:45 AM »

yeah you are real XXXXing cool...
Logged
Pages: [1] 2 Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.13 | SMF © 2006-2011, Simple Machines LLC Valid XHTML 1.0! Valid CSS!