The Hacker Academy Review (from a EH/Pentest beginner): Just started 08/20/11

YuckTheFankees

I know many have heard of THA (the hacker academy) but the reviews for THA are few and far between. There is a good review on ethicalhacker.net but thats from a professional, not a beginnger. In my opinon, I prefer reviews from someone with the same skill level. Thats why Im starting this thread reviewing THA from a beginners POV. Also, I see alot more beginners than more experienced individuals asking about sites like hacking dojo and thehackeracademy...thats another reason I think this thread would be helpful.

Ill update this on lunch..about the first 2 modules

partsmutt

Cool, thanks for offering up some info.:) After my bad experience with EC-Council, I'm looking for some other good learning opportunities.

YuckTheFankees

Okay lets begin...

So as of right now they have 9 modules ranging from a basic overview of pentesting to reverse engineering and digital forensics.

The first module is "hacking fundamentals" which as you can tell is going to be a basic overview. I initially thought to skip this section because I already knew the basics about the career, certs, blah blah..but I decided to watch the videos and I am glad I did. Yes I knew 90% of what was on the videos but the 10% I didnt know made it worth while. It was about hackers who have made the news and others interesting things about getting into the field (plus the videos are anywhere from 5-20 mins, why not watch everyone?)

Along with every video is a lab, and they are actually pretty solid (I thought I was going to skip most of them and just watch the videos, but I have learned alot more through the labs). The labs for the 1st module are a little light and blah, but its a section about the very very basics..what do you expect?

Module #2: Reconnaissance

This module was all about gathering information you could find on the internet about your victim.

• looking up locations, servers, employees, physical and logical addresses
• finding detailed information about the victims servers
• learning how to use google the right way and getting better search results

The tools you will use in this module include but not limited too: WHOIS, ARIN, google, bing, yahoo, dig(unix/linux), nslookup(linux/unix), FOCA, maltego.

I have never tried pentesting before so I really liked this section..researching about a company and trying to find flaws through documents was pretty fun.




Tonight I'm starting module 3: Network Pentesting...there are 8 sections in this module..so Ill post after I finish 2-4 sections.

leave comments if you have any questions

hiddenknight821

YuckTheFankees wrote: »

Module #2: Reconnaissance

This module was all about gathering information you could find on the internet about your victim.

• looking up locations, servers, employees, physical and logical addresses
• finding detailed information about the victims servers
• learning how to use google the right way and getting better search results

The tools you will use in this module include but not limited too: WHOIS, ARIN, google, bing, yahoo, dig(unix/linux), nslookup(linux/unix), FOCA, maltego.

I have never tried pentesting before so I really liked this section..researching about a company and trying to find flaws through documents was pretty fun.

Have you read Hacking Exposed 6th Edition? They talked about Reconnaissance too. They pretty much discussed the same techniques you mentioned.

YuckTheFankees

Ive read many books about Reconnaissance (hacker reloaded, bactrack 4, metasploit, many others)..but Im not really using this course for the 1st two modules..I'm taking it to learn modules 3-8. I have read books about network and server pentesting, rev. engineering, forensics, and everything else..but nothing hands on. I'm hoping I get that from this course. I'm really using this course so I'm prepared for the eCPPT, and then the OSCP.

hiddenknight821

YuckTheFankees wrote: »

Ive read many books about Reconnaissance (hacker reloaded, bactrack 4, metasploit, many others)..but Im not really using this course for the 1st two modules..I'm taking it to learn modules 3-8. I have read books about network and server pentesting, rev. engineering, forensics, and everything else..but nothing hands on. I'm hoping I get that from this course. I'm really using this course so I'm prepared for the eCPPT, and then the OSCP.

You have to be kidding me?! I didn't finish reading the Hacking Exposed yet, but I thought at least some of the books you read show you how to do some of the hand-on stuff. Backtrack 4?! If you can give me the exact ISBN, so I can make sure I don't waste my money on it.

YuckTheFankees

They do give examples but when someone is doing it in front of you in a video and talking about it. Its alot easier to learn and pick up. Ill get the number after work for you.

YuckTheFankees

I was referring to this book

Amazon.com: BackTrack 4: Assuring Security by Penetration Testing (9781849513944): Shakeel Ali, Tedi Heriyanto: Books


I hope this helps

nicklauscombs

thanks for the initial reviews and keep them coming! i'm definitely interested in seeing what they have to offer.

YuckTheFankees

So I've completed 6 of the 8 sections in the Network Penetration module as of tonight. I'm beginning to have mixed feelings about THA after going through these last few sections.

So here's how it works..There's a video between 5-30ish minutes, sometimes the video explains the material pretty well and sometimes..mm not so well. A couple videos made me wonder "why did they even make this video?". There are also a couple videos where they begin saying "we debated about even making a video about this section but we went ahead and made it anyways"..then the video is like 4-5 mins long and doesn't really give any information.

After the videos are over, the instructor tells you to complete the lab. During some of the labs, you can get confused or maybe you don't even know what the hell is going on because the video didn't really help and the lab instructions were a little shallow. When you listen to one of the first videos, they do state "we are not here to hold your hand"..and the mean it. I've never used most of these tools before and sometimes I can get lost in the lab..so I end up googling, watching youtube videos, and security tube. After doing my own research, I realized there are so many videos out there for free and that will walk you step by step through each and every tool. So I'm beginning to watch these other videos and putting THA on the back burner.

I don't want people to think I'm bashing THA because I really like their set-up but I wish they would "hold you hand" a little bit more. Some people may say, oh you can just email them if you have questions..and to that I say....I'm doing the module right now, I don't want to stop and wait 24-48 hrs before I can continue.

Also, the past couple of days I have been skipping around the sections and modules to see what the other videos may be like...and yes the topics seem really interesting but I just wish the videos would cover more.


From what I have seen so far, I would say if you are beginning in pentesting and have never used backtrack or most of the pentesting tools...I don't know if you would like THA as much as someone who has a little bit more experience with the platform and tools. Beginners would be best off buying backtrack 4, metasploit, and other pentesting books...read the chapters and once you get to a tool or concept you dont know...just google and watch videos about the concept or tool. Its been working really well for me the past couple of days. Especially if you want to learn ASM or metasploit, check out Welcome to SecurityTube!. The founder has a whole course about both of them.

the_Grinch

Seems THA is a good way to get ready to take OCSP. Reviews I have read all seem to point to doing research outside of the videos in order to fully understand a concept. Given the idea of THA though, I figured there would be more hand holding. If nothing else, you're getting great experience for your future pentesting career. You'll definitely run into having to read whitepapers and find videos (if they exist) on the newest exploits. Cheers to you though for paying it forward and helping people looking to take the same route you do! Solid review so far.

SephStorm

I've liked THA so far, but I haven't gotten as far as you have. I'll be more prepared to write an accurate review later, after i've slept and went through the material...

YuckTheFankees

I cancelled before the 1st month was over, its not worth 99 a month(maybe 30-50). I did like the video's but they were so short and just left you thinking...thats it? Yes they did have a lab afterwards but the customer is doing a majority of the work. I just cant fathom forking out that kind of money for a 10 min video and 5 questions for each module. If they held your hand a little bit more, made the videos longer, and provided some other things..then yes I wouldnt mind paying the 99.00 a month.

onesaint

So, what's next for training regarding EH?