The Certified Ethic Hacker training I got was 5 intense days of 8 hour classes taught by New Horizons. The idea of the class is to teach people the techniques to be a hacker in order that they then use those powers for good. In fact, you have to sign a contract stating that you will use your new hacker powers for good and not evil (not the specific legal terminology...).
It was a very interesting and intense class. It taught a lot of great information, and for people that knew less than I about hacking going into the class it must have been really difficult. The class taught the basics of a ton of exploits/vulnerabilities and attacks. It also mentioned close to 100 pieces of software useful for hacking. We also got some time actually using computers to create and attempt attacks including creating viral loaded attachments, backdoors, and the basics of good social engineering techniques.
The problems I had with the class are that it was much too microsoft centric, it included incredibly inaccurate information about *nix, and the test was one of the biggest pieces of shit I've ever taken. It had questions that were provably incorrect, it had questions requiring a single answer when multiple answers were correct, it had questions so poorly worded that I couldn't figure out what they were even asking for sure, it had questions we didn't cover in the class and I don't mean we covered X specific version of a theory and they asked about the Y specific version of a theory. I mean they asked things like "is X true" when X was something we never covered at all.
So...coming out of this class I'm positive nothing is unhackable (I was pretty sure of that before). I'm pretty sure I can hack just about any microsoft server to at least some degree, and anybody with some experience and skill at this definitely can. Since the class was so microsoft centric, I can't make those statements about *nix boxes, and having been an admin for Microsoft servers and *nix servers I know that microsoft boxes are less secure by default but that both can be hacked, but I'd say that *nix boxes are probably a bit harder/more time intensive to hack.
And now I've got a truly huge number of extremely complex decisions to make about what we need to do here at work to make things more secure, and the sure knowledge that it'll be an uphill battle to get any of it approved by management. Very fun.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
no subject
Date: 2008-08-19 03:42 pm (UTC)It was a very interesting and intense class. It taught a lot of great information, and for people that knew less than I about hacking going into the class it must have been really difficult. The class taught the basics of a ton of exploits/vulnerabilities and attacks. It also mentioned close to 100 pieces of software useful for hacking. We also got some time actually using computers to create and attempt attacks including creating viral loaded attachments, backdoors, and the basics of good social engineering techniques.
The problems I had with the class are that it was much too microsoft centric, it included incredibly inaccurate information about *nix, and the test was one of the biggest pieces of shit I've ever taken. It had questions that were provably incorrect, it had questions requiring a single answer when multiple answers were correct, it had questions so poorly worded that I couldn't figure out what they were even asking for sure, it had questions we didn't cover in the class and I don't mean we covered X specific version of a theory and they asked about the Y specific version of a theory. I mean they asked things like "is X true" when X was something we never covered at all.
So...coming out of this class I'm positive nothing is unhackable (I was pretty sure of that before). I'm pretty sure I can hack just about any microsoft server to at least some degree, and anybody with some experience and skill at this definitely can. Since the class was so microsoft centric, I can't make those statements about *nix boxes, and having been an admin for Microsoft servers and *nix servers I know that microsoft boxes are less secure by default but that both can be hacked, but I'd say that *nix boxes are probably a bit harder/more time intensive to hack.
And now I've got a truly huge number of extremely complex decisions to make about what we need to do here at work to make things more secure, and the sure knowledge that it'll be an uphill battle to get any of it approved by management. Very fun.