Re: [securityxploded] Please assist me in choosing a good certification in security

[amit malik]

Hi Karthik,

I am not sure about any good authority in India on this subject. But you can try SANS GREM or if possible check out MANDIANT guys they are pretty good.

You can also look into our free course on this subject. It is not for certification but if you work sincerely on the material then I think you can get more knowledge than any other certification exist currently in the market. :) 

On Sun, Oct 7, 2012 at 7:00 PM, Karthik k <karth...@gmail.com> wrote:

Hi team,

I worked for symantec (Norton safeweb)  for 7 months i have some knowledge regarding malware analysis and i now wish to get a certification in the field of security which one will you people suggest ??

Regards
Karthik.K

--
--
---------------
SecurityXploded - http://securityxploded.com/
An Infosec Research & Development Portal
 
 
 

--
Thanks & Regards,

Amit Malik                                    

http://www.securityxploded.com
http://www.securityphresh.com

[Mustafa Qasim]

Karthik,

For a best REAL SKILLS foundation go for OSCP. After that you can decide to dig deeper in Malware Reverse Engineering or Exploit Writing etc.

On Sun, Oct 7, 2012 at 6:30 PM, Karthik k <karth...@gmail.com> wrote:

Hi team,

I worked for symantec (Norton safeweb)  for 7 months i have some knowledge regarding malware analysis and i now wish to get a certification in the field of security which one will you people suggest ??

Regards
Karthik.K

--
--
---------------
SecurityXploded - http://securityxploded.com/
An Infosec Research & Development Portal
 
 
 

--

Mustafa Qasim

m...@mustu.info
http://blog.mustu.info

[HAREN BHATT]

Go for SANS-REM.

Regards,
Haren.

Sent from mobile. Please excuse spelling mistakes.

[HAREN BHATT]

For Mandiant he might need to go abroad and attend the training but for SANS On-Demand is always is comfortable. Though the cost approx. $3500 even for on-demand you can watch the same training course multiple time. Make sure you have Lenny Zelster's on-demand training in your bucket.

Regards,
Haren.

Sent from mobile. Please excuse spelling mistakes.

[Yogesh Khatri]

SANS is a reputed institute and GREM holds some value because of that. But as someone who has given the GREM and passed it quite easily, I can tell you the test is a JOKE for anyone who knows real RE. 

The test will 'test' you on mostly theoretical concepts and then some 'hardcoded' knowledge like 

Trojan xyepdkhf.exe listens on which port? 

a. 35 b. 993 c. 9234 d. none of the above.

If you took the course with them, then its one of the trojans they covered in class, if not there is no way of knowing! So if you are simply going to give the certificate exam (as I did), I suggest you grab a hold of the copy of their notes/material, you will need it for the exam.

Yogesh Khatri

www.swiftforensics.com

[Karthik k]

Hi team.

thanks for you valuable suggestions but sans is not affordable for me
when I look into oscp that's pretty good but don't know what it
cost .does anyone knows what oscp cost and prerequisites for that or
simply can I go for CEH from EC council ???

thanks & regards
Karthik

[Karthik k]

[Mustafa Qasim]

OSCP will cost around $900 with 60 days of acess to the best hacking lab and training videos.

I've done CEH bt didn't found it really rewarding. Believe me if you want to get REAL offensive security skills then start saving for OSCP. You will not be the same after doing OSCP. It rewards you with the exposure and hard core skills which are not provided in any other cert. If you are lazy and just like to talk about second thn go to CEH stuff. If you wnt to be a kick-ass hacker then go for OSCP.

For you I think you should do two things. First start saving money for OSCP. Second download CEH video trainings and completely go through the training, understand the concepts and practice thr labs. Download the OSCP course outline and stick it in front of ur study table, office desk and beside ur bed. Do ur research and study on the topics as much u can bt nt only study do practice.. Then when u hve the money go for OSCP 60 days lab package.

Ahh thts enough to be punched frm my mobile keypad...
Sent from my BlackBerry® Smartphone provided by Ufone

[b0nd Garage4Hackers]

Hi Karthik,

OSCP fees - http://www.offensive-security.com/information-security-training/penetration-testing-with-backtrack/

Cheers

[ehhmad]

Hello everyone,

So, do you guys recommend OSCP for a beginner too ? I mean for a guy who has basic knowledge about security and about the various tools that are used in pen-testing and stuff ? How good is this for beginners ?

Regards,

Ehhmad

[Mustafa Qasim]

If someone is beginner then I would highly recommend him to download the CEH video training and eBooks and study them throughly. But at the end what everyone want is to be ABLE TO DO something REAL about security and you need to have at least the skills of OSCP to start your journey. 

Before any certification any training the stuff you need to achieve for survival and progress in Hacking is the "pain in a**" which doesn't let you withdraw and keep digging stuff. If you don't have the spark within you then better go for the lazy infosec stuff like CISA and do fill auditing papers.

[sunny sher]

hey just go to innobuzz they have some hacking cources with live labs
it will cost you around
$ 240 just go to their site and check their broucher

[Nagareshwar Talekar]

I would suggest you to sit at home and build your skills than chasing certifications.  If you have got real skills then opportunities come after you sooner or later.

--
With Regards
Nagareshwar Talekar
Founder,  SecurityXploded

http://SecurityXploded.com
http://SecurityPhresh.com

[Arvind S Raj]

Hello Sunny,

On Fri, Oct 12, 2012 at 9:30 PM, sunny sher <sher...@gmail.com> wrote:

hey just go to innobuzz they have some hacking cources with live labs
it will cost you around
$ 240 just go to their site and check their broucher

Is Innobuzz any good? Have you attended the courses Sunny? I have not and neither do I know anyone who has but the topics seem along the same lines as what Ankit Fadia covers in his infamous AFCEH-lots of information covered in a superficial manner.

[sureshkumar]

Hello friends,

innobuzz is good for basic.

--

--
---------------
SecurityXploded - http://securityxploded.com/
An Infosec Research & Development Portal
 
 
 

--
Thanks & Regards,
M. Suresh Kumar
+919739866596

[Arvind S Raj]

Hello Suresh,

On Sat, Oct 13, 2012 at 3:06 PM, sureshkumar <reddy.su...@gmail.com> wrote:

Hello friends,

innobuzz is good for basic.

Could you elaborate what qualifies as "basic"? Ankit Fadia's course is probably covers the basics of using internet and how to be safe online perhaps(I'm just giving an example) but it certainly doesn't make one a security expert. Is it worth Rs. 12,500? If it's mostly stuff like "how to use nmap", "how to use Olly" and so on, one can learn those from the internet easily at no cost.

Also, have you attended any Innobuzz workshop? Could you share your experience(off list would be better perhaps since it's mostly just me who is interested in this)?

[sureshkumar]

Hello arvind,

Innobuzz cource cost is 10k, lot of tools u ill learn, nmap, olly db, backtrack, wifi hacking, n lot more, u ill got basic depth knowledge,

--

--
---------------
SecurityXploded - http://securityxploded.com/
An Infosec Research & Development Portal
 
 
 

[Arvind S Raj]

Hello Suresh,

I suppose you've not checked the latest rates. It's 12500 on their site now(www.innobuzz.in/ethicalhacking.html). And like I said earlier, there are tons of guides out there to learn Nmap, Olly Debugger and Backtrack. One doesn't need to pay Rs. 10000 to learn something that can be learn for free. And basic depth knowledge-isn't that kind of contradictory? Also, have you attended their workshop?

Arvind S Raj
Research Associate

Amrita Centre for Cyber Security, Amritapuri

http://arvindsraj.wordpress.com

[Urlan Salgado de Barros]

Hello people,

For a beginner, I recommend CompTIA Security+. It's pretty basic and it'll give you the initial knowledge on information security. By the way, coursera.org has a beginner course about information security (information assurance).

Link: https://class.coursera.org/inforiskman-2012-001

An another courser about Cryptography is going to start on January 21 2013: https://www.coursera.org/course/crypto2

Good luck and good study.

Urlan

2012/10/12 Nagareshwar Talekar <tnagar...@gmail.com>

[Urlan Salgado de Barros]

$12500?!?! It's veeeeery expensive. As Arvind S Raj has said, anyone can learn about tools on the Internet. For example:

http://www.securitytube.net/

Urlan

2012/10/13 Arvind S Raj <sraj....@gmail.com>

[Maddy]

 

Hi All,

 

I am looking for some guidance for OSCP, has anyone in the comunity cleared this certification?

 

Thanks.

[Andriy Brukhovetskyy]

hello

I have been passed OSCP 2 months ago, is a very nice course and is oriented a self study/research
what exactly are you interested in?

regards

El 18/11/13 14:42, Maddy escribió:

 

Hi All,

 

I am looking for some guidance for OSCP, has anyone in the comunity cleared this certification?

 

Thanks.

--
--
---------------
SecurityXploded - http://securityxploded.com/
An Infosec Research & Development Portal
 

---
You received this message because you are subscribed to the Google Groups "SecurityXploded" group.
To unsubscribe from this group and stop receiving emails from it, send an email to securityxplod...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[N. V. R. K. RAJU]

I would suggest you to have a build a strong technical base rather or before going into certification.

As you are already in malware analysis you could continue in the same field and look for growth in terms of much deeper understanding of malwares working and look for exploits code writing, reverse engineering and then look for certification in Incident response handling or Forensics Investigation.

To start of your technical base do some UNIX certification and go for Python or Ruby scripting. This should set your base and then based on your interest you may pick up from here to your interesting area.

Certain good resources are sponsored by security tube.net

FYR

http://www.securitytube.net/groups?operation=view&groupId=5

http://www.securitytube.net/groups?operation=view&groupId=6

http://www.securitytube.net/groups?operation=view&groupId=7

http://www.securitytube.net/groups?operation=view&groupId=10

And I would recommend any security geek a mandate scripting at least perl/python

http://www.securitytube-training.com/online-courses/securitytube-python-scripting-expert/index.html

Regards,

Raju

--

Regards,

Raju

[Dinesh Theerthagiri]

Team,

Certification is always a good choice to have one. It'll definitely help in future for  you growth that's no doubt. 

Well, I am also planing to have one Certificate "GIAC Web Application Penetration Tester (GWAPT)" . I would like to know has anybody done this ? 

or is there any other course / Certificate equivalent to GWAPT. 

OR can you guys please suggest me good for web application security.

Thanks,

T.Dinesh

[Muhammed Muhammed Bassem]

Web penTesting , GWAPT and WFT 

Network penTesting , OSCP and GPN 

--

--
---------------
SecurityXploded - http://securityxploded.com/
An Infosec Research & Development Portal
 
---
You received this message because you are subscribed to the Google Groups "SecurityXploded" group.
To unsubscribe from this group and stop receiving emails from it, send an email to securityxplod...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--

Muhammed M.Bassem . BSc , GSEC 

Software Engineer 

This email may be confidential or privileged. If you received this communication by mistake, please don't forward it to anyone else, please erase all copies and attachments, and please let me know that it went to the wrong person. Thanks.

[Maddy]

Hey Andriy,

 

I would really appritiate if you can share your experience with the exam [ I'm sure it must have been pretty fun :) ], like how it was, the things you learned, and something you can suggest to other students.

 

Thanks.

[Maddy]

Hi Dinesh,

 

I have not done any of the WAPT certification, but i do have a plan for this one http://www.elearnsecurity.com/course/web_application_penetration_testing/. You should have a look at it.

 

Please correct if i am wrong, but GWAPT is just theory based, and they don't give hands on with virtual labs, right?

[Andriy Brukhovetskyy]

Hello Maddy. Yes is very funny, first time i don't passed because I trued to do it in hard way, but second time I do it in 4 hours :)

In exam I had a bit of everything, BoF, priv elevation, web application hacking, *bypass, etc..., but after course is not so hard if you learn how to do a good enumeration.
Thing what I learn is what if you know how to do a good enumeration you can get root/system easy, I learn base about tunnelling, exploit dev, web application hacking, and much more.

In lab you have a bit of everything of OS: different *unix/Windows/MacOsX, it's really nice course, is hard but when you finish it you will have a good skills.
I have a few post related with OSCP check my blog http://www.doomedraven.com/. And one of very important things is they show you, what thinking out of box is very important in pentest

What I can suggest for all people what thinking about start OSCP, they can start with sectube exploit megapremier and metasploit, then corelancoder exploit dev parts 1-3 and after that everything is a self research, and depend how many time you have in day for it, and a bit of web application hacking will be very useful, know using linux, bash and a bit of python is will help, and save a many of time. I recommend start with 60-90 days, I prefer 90 because you really have many things to learn there

if you have any other/more specific question, send me a mail :)

best regards

El 20/11/13 18:31, Maddy escribió:

[Aparajit Thirukonda]

Guys i need the best one to start with security certification . Cheap and best ! Help me out.

Tanks in advance

aparajit

[Krishna Kumar]

Hi Maddy,

I had earlier collected some reviews on OSCP. You can go through them as each one has their own stories and its really interesting to have an idea. There was one very recently too which is the very first link.

All these reviews suggest you be comfortable with Linux, basic networking concepts and also to have fiddled with them quite a bit. 

I have done GWAPT and unlike someone suggested the training includes a lot of hands on and practice lab environment but the exam is multiple choice with questions based on concepts and scenario based and not very straightforward and obvious.

eWPT is something which is new and seems to have a lot of new things which I will be checking out soon. This exam is more hands on and you have to complete the challenges and its practical unlike GWAPT. But GWAPT with the SANS Training is a totally different experiene and the Day 6 of Capture the Flag is fun :). And yeah its highly recognized.

You can check the review of that too in this link https://www.ethicalhacker.net/features/root/course-review-elearnsecurity-web-application-penetration-testing-wapt.

You can reach me through mail if you need more info or help. ALL THE BEST for your certifications :).

OSCP Reviews:

http://needsec.com/offensive-security-pwb-oscp-the-offsec-labs-are-no-joke/

http://www.dafthack.com/blog/pentestingwithbacktrackoscpreview

http://www.inshell.net/2013/05/oscp-course-and-exam-review/

http://www.iodigitalsec.com/blog/offensive-security-pwb-course-and-oscp-certification-review/

http://proactivedefender.blogspot.in/2012/01/oscp-my-review.html

http://www.bnxnet.com/2012/11/05/offensive-security-certified-professional-pwb-review/

http://www.en-lightn.com/?p=941

http://blog.g0tmi1k.com/2011/07/review-pentesting-with-backtrack-pwb.html

http://jedicorp.com/security/pwb-oscp-course-review/

http://blog.pauldrapeau.com/oscp/

http://duncanwinfrey.com/penetration-testing-with-backtrack-review-oscp/

http://www.hackyeah.com/2010/12/brief-review-of-the-pwb-class-and-the-oscp-certification/

http://www.networkadminsecrets.com/2010/12/offensive-security-certified.html

http://alexlauerman.blogspot.in/2011/03/oscp-offensive-security-certified.html

http://security.crudtastic.com/?p=218

http://crittersecurity.com/2011/07/30/oscp-pass/

Regards,

KK

 

[Maddy]

Hey Andriy,

Thanks for sharing your experience with everyone, and the posts you have made on your blog are awesome... :D

I would like to get in touch with you for some help in exploitation as i really such in that part and it is the most important part of OSCP.

[Maddy]

Hey KK,

These are really nice links, thanks for sharing them with us.

And whatever i was able to gather about GWAPT it seemed like any other question answer based certification :-P, i should have done more research on this...

And do let us know after clearing the eWPT i have a plan to do it after couple of months :D.

[Andriy Brukhovetskyy]

Hi

if u want we can speak by mail or hangouts for any info what you need

best regards

[Maddy]

Thanks, i'll get in touch with you. 

[Penetrate Penetrate]

Is there a certification for Mobile Security as well?

[Maddy]

I guess this is what you are looking for

 

http://www.giac.org/certification/mobile-device-security-analyst-gmob