Home page logo

pen-test logo Penetration Testing mailing list archives

From: "Bartholomew, Brian J" <BartholomewBJ () state gov>
Date: Mon, 9 Feb 2004 07:14:35 -0500

Actually I did not, due to the fact that Track 4 was useless.  I do however
have a great respect for people who have taken the GIAC Certs as they are
very difficult (especially the GCIA).  But, as for the material covered, and
the way it was taught, SANS Track 4 is NOT a good course to take to learn
the basics behind pen testing.  The question was asked about which to
take...OPST or CEH (not GCIH).  The answer I gave described the courses I
had been through, including Track 4 and an "opinion" as to which of the
classes were better.  

Also I would have to say that you are in the same boat as I sir since you do
not carry the GCIH.  So, your defense on that specific Track has as much
credibility as mine if we are going off of "certifications" as you hinted in
the previous email.  I was in your shoes about a year ago and thought SANS
was the greatest thing since sliced bread, until I took Track 4.  The
difference between Track 3 (your certification) and Track 4 (the one we are
discussing) is too large to quantify.  

So, as stated in my last email, I suggest you take my advice and not waste
your, or your company's money on SANS Track 4.  Take the time and try to
attend one of the OSTMM specific courses as they are much, much better.
Good day to you.

Brian J. Bartholomew
US Department of State
Bureau of Diplomatic Security
DS/SI/ACD SA-20 Special Programs
Ph: 571-345-2598
Cell: 202-369-6349
1801 North Lynn St.
Arlington, VA 22201

-----Original Message-----
From: Don Parker [mailto:dparker () rigelksecurity com]
Sent: Monday, February 09, 2004 2:31 AM
To: Bartholomew, Brian J; 'pen-test () securityfocus com'
Subject: RE: OPST vs CEH

Hello Brian, did you actually bother to certify after taking whatever SANS
training it 
was that you took? The SANS training is among the best out there, however
the challenge 
starts when you do the certification process. This has not only a difficult
portion, but also two demanding exams. From what I have seen of the OSTMM
and the CEH 
neither one of them measure up. The OSTMM does seem to offer business
training as well 
though in addition to the other obvious training. Though I would say that is
best left 
to a place which actually specializes in business training such as a


Don Parker, GCIA
Intrusion Detection Specialist
Rigel Kent Security & Advisory Services Inc
ph :613.249.8340

On Feb 6 , "Bartholomew, Brian J" <BartholomewBJ () state gov> wrote:

I have taken the CEH but not the OPST.  The CEH is kinda simplistic, and
pretty easy to pass.  I have not taken the OPST, however, I have heard that
it is much more in depth and more difficult to pass.  

I do think the course designed with the CEH exam (I took one through Intense
school) is one of the better courses I have taken (in comparison with
Foundstone, SANS, etc.).  Those "other" courses are too mainstream and none
of them speak of the OSTMM except for the CEH oriented classes.  

To sum it up...If you are looking for letters after your name and a good
base to start with, go for the CEH (it can't hurt).  If you want to take a
more detailed, OSTMM sponsored test, take the OPST.  What the hell, take
both if you really like a challenge :)

Brian J. Bartholomew
Bureau of Diplomatic Security
DS/SI/ACD SA-20 Special Programs
Ph: 571-345-2598
Cell: 202-369-6349
1801 North Lynn St.
Arlington, VA 22201

-----Original Message-----
From: circut () hackthisbox org [mailto:circut () hackthisbox org]
Sent: Friday, February 06, 2004 11:01 AM
To: kenzo
Cc: pen-test () securityfocus com
Subject: Re: OPST vs CEH

I've taken the CEH class. It's pretty good, but it focuses more on hacking
windows then it does linux or unix. The instructor and environment was
good though. They don't really talk too much in depth about buffer
overflows or privledge escalation on linux. But I think the class was
worth it. NEver taken any of those other tests.


On Wed, 4 Feb 2004, kenzo wrote:

I'm thinking about taking one of these certs. OPST (OSSTMM PROFESSIONAL
 or CEH (certified ethical hacker)
I've read about the two, and they seem to be kind of the same thing.
I know that some people in here were talking about the opst, but what
the ceh?
Has anyone taking the CEH or both?
Please let me know.







Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]