CEH & hacker tools

Guys,

I have a quick question about CEH training. Do they provide you with actualy programs/tools to hack and learn or is it just mostly theory base and explaining how it's done?

Find more posts tagged with

Comments

keatron

You get tools.

JDMurray

But you don't get any tools that you can't already find distributed on the Internet.

keatron

JDMurray wrote:

But you don't get any tools that you can't already find distributed on the Internet.

Absolutely correct! Honestly you don't need all of the 300 tools included on the CD's. If you're trying to get into penetration testing or vulnerability "research", you should first understand the phases or steps that are commonly used when doing that kind of thing. From Recon, to Scanning, to Enummeration, to System Exploitation, to Maintaining access, to Covering your tracks, then find which tools work best for you at each of those phases. For example, I have a few things I like to use to assist in Recon, and other things such as NMAP and some other custom built stuff I like to use for scanning and firewall and IDS evasion, then system exploitation varies depending on what system and what OS is being exploited, etc etc. Occassionaly I'll run across a fellow exploit "researcher" or vulnerability "researcher" and pick up a useful tool or two from them (or vice versa). Over time you develop favorites, you find out what's good and what's not. Most importantly, you find what works best for you. Remember, "one man's trash is another man's treasure"

Keatron.

Crucio666

thanks for the reply.

i'm looking to self study for my CEH, i have 2 years in IT but not directly security related, a lot of sys admin.....i'm looking to get my CCNA first before i attempt the CEH.

keatron

Crucio666 wrote:

thanks for the reply.

i'm looking to self study for my CEH, i have 2 years in IT but not directly security related, a lot of sys admin.....i'm looking to get my CCNA first before i attempt the CEH.

One thing people often don't realize is the fact that it is very helpful to have sys admin experience when moving into security. Primarily, know an OS, and know how to be surgical with that OS from a shell or command line. Because after all, when you exploit a Windows box "properly", whadda ya get???? Command line access with System privilege (yes, this is actually better than admin privileges). So if you get this access, but have no idea how the OS works, or command line syntax, then you're really stuck at that point. So considering those things, I'd say go for it.

KGhaleon

There are hundreds of programs out there, so you'll probably be experimenting a bit. There are some programs which you'll need to know for the exam, though, like nmap(and all parameters).

KG