Re: CEH program and Sybex Study Guide

[Enis Sahin <enis.c.sahin () gmail com>]

After my first year working in a security consultancy job a colleague
of mine suggested that I took the OSCP course and we all had a good
laugh about it. A year after that I was asking my employer to pay for
the course and anxious to get into it. After another year I found
myself trying to edit binaries manually to bypass AV and looking at
the costs of CTP (cracking the perimeter, next course after OSCP) so
that I can get a structered training on such advanced stuff.

OSCP is hard but not that inaccessible. When you start getting
involved in this stuff and doing research on your own time the
relative difficulty decreases rather quickly and to your own surprise.
Get CEH to have a basic understanding of what everything is. And then
spend some time reading books, practicing with your own virtual
machines and try to go beyond Nessus scanning. Then you'll see that
instead of being scared of the course you'll "want" the course.

You don't have much chance to get a pentesting job with just a CEH,
make no mistake. I've interviewed a CEH trainer for a pentesting
position and was surprised to see that he was lacking the most basic
practical skills to be able to work with us. Don't be imitated (that
7+ years is certainly not true) and work at your own pace with your
self motivation. You'll be at the level you want to be in a shorter
time frame than you've imagined.

Cheers.
Enis

http://www.enissahin.com | http://twitter.com/enis_sahin


On 9 October 2011 15:34, Sven Aluoor <aluoor () gmail com> wrote:
> On Thu, Sep 29, 2011 at 5:43 PM, Michele Orru <antisnatchor () gmail com> wrote:
> > because it's a noob certification.
>
> Question: will I find a pen testing job after passing CEHv7? I have
> neither know how about pen tests nor experience. I work as a UNIX
> admin.
>
> > go for OSCP if you want something serious.
>
> the Offensive Security Certified Professional is really complicated.
> For experienced (7+ years) auditors.
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------



--
http://www.enissahin.com | http://twitter.com/enis_sahin

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------