Re: [PEN-TEST] FW: [PEN-TEST] Forensic analisys and related training

[hellnbak () HUSHMAIL COM]

> find it valuable.  This previous email is one person's
> opinion and not the opinion of the masses (based on
> the reviews and feedback I have received).

Actually, I do recall seeing about three posts from other individuals agreeing
with my statements.

> In terms of out of date, you have to understand the
> goal of the course.  It is to describe and explain
> exploits so that you can better protect your site.  Only
> by understanding the offense can you build a better
> defense.  Since the class is only 2 days we cannot
> cover every single exploit, so instead we cover the
> most popular exploits or the ones that we see most
> often.  This is not just the work of myself but several
> other security professionals.  Yes, some of the
> exploits have been around, but if they are still being
> used on a frequent basis, we felt that it was important

I agree with this statement when you speak of the *nix exploits in the course.
 But as far as windows and NT goes, Redbutton?, GetAdmin?, WinNuke?  While
in their day, these have been good exploits, any box that is past NT Service
Pack 3 is not vulnerable to these.  Windows 9x boxes have not been vulnerable
to WinNuke for quite some time.


> Finally and probably most important is the false
> statement about l0phtcrack and @stake.  Actually I
> do just the opposite, I give a huge pitch for l0pthcrack
> when I cover password cracking.  A direct quote "for
> what you get buying a copy of l0phtcrack is the best
> money you can spend, it is well worth every penny".  I
> just got done teaching this course 2 days ago in
> Monterey and several students told me about this
> posting and was laughing about the last statement
> because I talk very positive about the L0pht and not
> negative.

To quote Eric Cole, SANS Parliment Hill - Ottawa:  "I strongly reccomend
that you consider the background of L0pht and @Stake before coming to any
conclusions.  Many would have a hard time trusting any hacker group to offer
professional and trustworthy services."

To further back this point up SANS even has an article, "What hat is DilDog
wearing" on their web site http://www.sans.org/infosecFAQ/dildog.htm

If this isn't slandering someone I don't know what is.  Personally, I find
it very irresponsible of SANS to use their position as so called industry
"experts" (aren't we all these days.......) to slander certain companies
and people.

> There are always those that are unhappy and I
> definetly did something to upset this individual, but
> overall most people enjoy the course and if you would
> like additional details, please contact me directl

And from an AOL email address yet.  I am sorry Eric, I am sure that you
do have a lot of knowledge and a lot to offer, but I just can't take anyone
with an AOL email address serious these days.  My original post was not
meant as an attack on you personally, but on the courseware that SANS is
offering and on the glorified money grabbing certification that they are
promoting.

The bottom line is, after taking the course and passing the certification
I am not convinced that I need to bother with any further SANS training
or certifications nor do I need to bother taking the certification seriously
within my organization.