Heorot.net's Penetration Testing Fundamentals Course

Anybody done this course and have feedback?

I'm thinking about having some of my guys take this for $295 i figure can't go wrong. It even includes there pen test book in the intro price. Designed to be done in a week and then there is an intermediate course. I'm even thinking about pausing my CISSP for a few weeks and doing it myself.

"By the end of the week-long course, the student will be able to conduct and document a penetration test independently, using the ISSAF methodology as taught in the class. Successful completion of the course includes the student providing a finished document to the instructor of their independent penetration testing project as detailed by the ISSAF standards.

Instruction is provided through pre-recorded video format, which can be viewed during your schedule. Each student will have access to the videos for 30 days from the date of enrollment"

Find more posts tagged with

Comments

dynamik

Wish I could help, but definitely keep us posted. Have you looked at their book at all? The last Security Lab book I got was really weak and I already knew everything in it.

JDMurray

Actually, you may want to wait until after you are CISSP-certified to take the heorot.net course. It's worth 40 (ISC)2 CPE credits.

GAngel

I havn't looked at anything from them as yet. I hope that's not the case. the CEh book was very light as well so i'm not expecting much but I do like that they take a different approach than CEH. I'll get a little familiar on doing it without using common exploits.

JD I saw that and it would make far more sense but i'm all booked up until march with other stuff unfortunately. If it's any good I'll do the intermediate course for the 40 credits next year.

impelse

I recommend you that training, I took it and it is good. This training will not show you how to use exploits, this training WILL SHOW YOU how to attack the servers using bad configurations or low security practices in your target.

The idea is that must of the System/Network admin they patch their systems but some of the follow bad or low security practices.

It's a good training. Also you can get the training buying the book in amazon (this book include the videos and the program), but with this book you can not get their certification (they give you a target to attack and get root access).

GAngel

impelse wrote: »

I recommend you that training, I took it and it is good. This training will not show you how to use exploits, this training WILL SHOW YOU how to attack the servers using bad configurations or low security practices in your target.

The idea is that must of the System/Network admin they patch their systems but some of the follow bad or low security practices.

It's a good training. Also you can get the training buying the book in amazon (this book include the videos and the program), but with this book you can not get their certification (they give you a target to attack and get root access).

That's really good to know. Did you take the foundation/intermediate or did they call it something else when you took it?

I'll be signing up end of this week.

impelse

Not, I will make the intermediat with the book Amazon.com: Professional Penetration Testing: Creating and Operating a Formal Hacking Lab (9781597494250): Thomas Wilhelm: Books

The training is included in the book.

GAngel

Quick update:

I finally signed up for the training last night. I'm just waiting on an email that tells me where I can access the info and the book to arrive. Hopefully up and running by early next week.

dynamik

Cool! Keep us posted

GAngel

Just got granted my access email. Havn't had time to look yet but will be spending the afternoon tomorrow getting right into it.

impelse

This guy did a podcast, check it out

Thomas Wilhelm)

PaulDotCom: Archives

GAngel

I can say already that this course provides a hands on that ceh certainly lacks. I've already been messing about in nmap,netcat and hydra and I'm only now about to start the hands on portion.

You certainly won't be an expert with this course but you must know the tools in order to pass the lab that is clear. The sections on finding exploits without using an exploit program has been the best so far. The training seems really geared on how to do the pen test properly and I think it would be great with OSCP for the more technical side which i should be taking early in the new year.

CEH was more about how to harden a system this is about finding a mis-configured system and trying to enumerate it further not exploiting a vulnerability.

I can't wait for the book to arrive.

impelse

You will not desapointed about the book. I am also planning to take OSCP next year too.

dynamik

Yea, it looks like the fundamental course goes through the ISSAF and the intermediate course covers the OSSTMM. I'm curious to see how you think the course compares to the book. The courses are out of my price range.

Your experience sort of sounds like the GPEN (from what I've seen). In addition to the technical side of things, it sounds like that focuses a lot on methodology, legal issues, etc. as well.

I do start my OSCP in a week, and I'm pretty excited about that

impelse

I took the first training and it's the same that the training that is in the book (updated) the difference is the support that you can get from them and the certification (this guys have good support)

GAngel

dynamik wrote: »

Yea, it looks like the fundamental course goes through the ISSAF and the intermediate course covers the OSSTMM. I'm curious to see how you think the course compares to the book. The courses are out of my price range.

Your experience sort of sounds like the GPEN (from what I've seen). In addition to the technical side of things, it sounds like that focuses a lot on methodology, legal issues, etc. as well.

I do start my OSCP in a week, and I'm pretty excited about that

I'll let you know. I won't be able to go through everything right away with cissp still ahead but i'll do an overview to see if it lines up. If i was paying for them myself I'd read this book and then the ceh prep guide. I think the only extra bit the course prly has over the book is the cert I believe everything else is to be found in the book except some of the hands on tutorials from other students.

You should be excited about OSCP i've been dying to take that course.

GAngel

If anybody plans on doing this training it was designed for Back Track 2. I was using 4beta and was wondering why I was bashing my head against the wall at times is all i'll say.

This fundamentals training is not easy. But being about 50% through the hands on this ec-council are not even close with V6.

impelse

Jajajajaajajaajaj.

Did you read the post in Heorot.net forum about the password list for the live cd?

I spent one complete week trying to crack the password with BT4 and I never could do it, until I got BT2 and was done in less than two hours, jajajajaja.

The password is most of the difference, the rest you can do it with BT4 (sometimes some tools does not show up)

GAngel

impelse wrote: »

Jajajajaajajaajaj.

Did you read the post in Heorot.net forum about the password list for the live cd?

I spent one complete week trying to crack the password with BT4 and I never could do it, until I got BT2 and was done in less than two hours, jajajajaja.

The password is most of the difference, the rest you can do it with BT4 (sometimes some tools does not show up)

I read about it last night on the forums.

That's where I got stuck myself

. Hydra in 4 is the command line version only. I spend half a day learning the commands.

Just got a hold of BT2 and will give it another go tonight.

GAngel

Well I've just finished the test pen test now that I'm using bt2 I flew through the second half with a couple hiccups here and there mainly due to the fact I havn't messed with linux commands in 5+ years.

I'll spend the weekend on the actual pen test project i have to submit. It's a fundamentals course but you will be able to kill the ceh exam if done after this.