RE: CEH Books

["Jay" <jay.tomas () infosecguru com>]

<rant> If you could learn to hack/assess from reading a book everyone would do it. Does a carpenter go get a book to 
learn to swing a hammer.?No he goes out and does it and probably smashes a few knuckles in the process.The  most 
important part of hacking/assessing is opening your mind see where it leads. There is a million ways to check for XSS, 
CSRF etc. You have to be determined and flexlible. Try things even though it shouldn't work.

e.g I was looking for XSS in a input field. Tried all the normal stale "><script>alert('XSS')</script> type syntax. - 
nadda.

Only after I padded it with 20 null characters (%00) on each side it did pop.

Reading should give you 'ideas' after that its up to you.

CEH is a baseline like most certs. It says I sat through a week of training and then I took a multiple choice test. May 
mean I know my stuff and want to documnt it to an extent. Or I May be good at tests and dont know sh@t about 
security.</rant>

Jay


----- Original Message -----
From: Michelle Duff [mailto:mduff () tampabay rr com]
To: manis () digital39 com,pen-test () securityfocus com
Sent: Fri, 24 Aug 2007 01:01:23 -0400
Subject: RE: CEH Books

Peter -

Sorry, I haven't read those books...when I can't find anyone who's read a
study book, I'll check out the reviews on Amazon.com - granted, the
reviewers may not always have a clue, but the more the book is reviewed I
can get an idea if it's what I need & if it's any good... I've had good
results w/ this method.

Amazon readers gave Michael Graves' Exam Prep book a good review:
http://www.amazon.com/Certified-Ethical-Hacker-Exam-Publishing/dp/0789735318
/ref=sr_1_1/102-9254239-5172111?ie=UTF8&s=books&qid=1187930981&sr=1-1

Amazon readers also gave Kimberly Graves' Review Guide good marks:
http://www.amazon.com/CEH-Official-Certified-Ethical-Hacker/dp/0782144373/re
f=sr_1_1/102-9254239-5172111?ie=UTF8&s=books&qid=1187931127&sr=1-1

Hopefully, someone here has read the books and can comment on them.

Good luck!

Michelle



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Peter Manis
Sent: Thursday, August 23, 2007 6:09 PM
To: pen-test () securityfocus com
Subject: CEH Books

I found two CEH books on Alibris and I was wondering if anyone had
experience with either.

Certified Ethical Hacker: Exam 312-50
by Michael Gregg

CEH: Official Certified Ethical Hacker Review Guide
by Kimbery Graves

Thanks,

 - Pete

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------