SMFE (SecurityTube Metasploit Framework Expert)

Has anyone taken this exam? I've almost finished working through the entire publicly available course, and am trying to decide if I should take the exam. Has anyone here ever taken it? I know its hands-on, but I haven't been able to find any information on how difficult it is...
«1

Comments

  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Be the first! ;)
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • cgrimaldocgrimaldo Member Posts: 439 ■■■■□□□□□□
    What do you mean by publicly available course? Do you mean free content available on their site? Forgive my ignorance...
  • dmoore44dmoore44 Member Posts: 646
    cgrimaldo wrote: »
    What do you mean by publicly available course? Do you mean free content available on their site? Forgive my ignorance...

    Correct - there's an Intro to Metasploit series - i've watched a few and they're pretty well done.

    Hutch, if you decide to go for it, let us know your thoughts. I'd be interested in hearing about it.

    And as an aside... does anyone outside the TechExams know anything about the SecurityTube certs? I'm still trying to determine if they're worthwhile...
    Graduated Carnegie Mellon University MSIT: Information Security & Assurance Currently Reading Books on TensorFlow
  • gabyprgabypr Member Posts: 136 ■■□□□□□□□□
    The material and the certification sounds very interesting. Im planing maybe after i finish my masters enroll on the class and try the exam. I like also the Offensive Security materials and certifications. With these two trainings a person should have a complete overview of security and pen testing.

    If you take the course and exam let us know. Im interested.
    EC-Council Master in Security Science M.S.S [Done]

    Reading Project Management Professional (PMP) Certification Exam prep by Sohel Akhter
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    As far as the certs go, right now they would be fairly unknown. But if I were to put my money on it, they will become like OSCP is. The right people know what OSCP is and when they see it you are good to go.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    I watched all of the metasploit videos over the last week, pretty good material. I don't know if I would ever take the exam, I rather put the $250 towards another 30 days in the OSCP lab icon_lol.gif.
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    If he covers creating exploits in Metasploit, I would pay for the certification because they is a soon to be hot skill to have.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • the_hutchthe_hutch Banned Posts: 827
    the_Grinch wrote: »
    If he covers creating exploits in Metasploit, I would pay for the certification because they is a soon to be hot skill to have.
    I agree with this. This is really the only cert out there for metasploit. As far as notoriety, securitytube is more well known in the international community, and unfortunately just not as mainstream in the states.
  • YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    Vikem (I probably spelled his name wrong, sorry!) did mention that he's coming out with an exploit development certification sometime in the future, I'm excited for that!
  • the_hutchthe_hutch Banned Posts: 827
    Vikem (I probably spelled his name wrong, sorry!) did mention that he's coming out with an exploit development certification sometime in the future, I'm excited for that!

    That's kinda what SPSE is....
  • YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    Ahhh, the course may have a little exploit development but I'm referring to a whole course dedicated to exploit development..
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    I'd like to see him come out with an Metasploit Exploit Development certification. Python is great for an initial proof of concept, but a lot of companies like a Metasploit exploit so it can be run quickly. Plus, the companies that pay for exploits like that as well!
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • the_hutchthe_hutch Banned Posts: 827
    the_Grinch wrote: »
    I'd like to see him come out with an Metasploit Exploit Development certification. Python is great for an initial proof of concept, but a lot of companies like a Metasploit exploit so it can be run quickly. Plus, the companies that pay for exploits like that as well!
    I completely agree. You work in any real world pen testing environment, you are going to rely heavily on metasploit. This is honestly why I think OSCP should allow you to use it. I understand that prohibiting the use of metasploit contributes to the impressiveness of the certification. But at the same time, its not real world. Any pentester is going to have metasploit in their toolkit, regardless of whether you can complete objectives without. Its just more streamlined.
  • the_hutchthe_hutch Banned Posts: 827
    Ahhh, the course may have a little exploit development but I'm referring to a whole course dedicated to exploit development..
    Its not just a little bit of exploit development, once you get past the two introduction modules, that's mostly all it is. Sniffers, traffic injectors, fuzzers, SQL injectors, cross-site scripting tools, etc... SPSE is about as close to an exploitation development course as you can get (with a few extra exercises on the development of security tools). The only way it could really be more general is if it covered exploitation development across multiple languages. Which sounds like a cool idea in theory, but doesn't seem realistic to me. Exploit development across multiple languages seems way too broad of scope for a single certification.
  • YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    We might have two different definitions of exploit development. To me, the type of exploit development course I am looking for will deal with buffer overflows, heap overflows, format string attacks dealing with DEP, bypassing ASLR, etc....The student would have to understand assembly, C/C++, and usually a scripting language (python).
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    It sounds like you guys are talking about discovering exploitable vulnerabilities versus developing code to exploit known vulnerabilities. The latter is far more interesting.
  • the_hutchthe_hutch Banned Posts: 827
    We might have two different definitions of exploit development. To me, the type of exploit development course I am looking for will deal with buffer overflows, heap overflows, format string attacks dealing with DEP, bypassing ASLR, etc....The student would have to understand assembly, C/C++, and usually a scripting language (python).

    Yeah, I think JD underlined it pretty well. I guess you're talking more along the lines of target specific exploit code. That would be actually be a pretty killer course. However, something that I don't think I'd be nearly prepared to take at this time.
  • YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    After your view of the SPSE course, I bought it. lol icon_thumright.gif
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    I think OSEE would probably be what you are looking for in the realm of exploit development. In regards to Metasploit, I understand why they ban it's use. Years ago, with just some a couple of Google searches and a couple of hours I was able to setup the automated exploitation. This was prior to Backtrack and specifically Fasttrack being out. But yes in the real world you would definitely use it to nail some low hanging fruit and ultimately if you can develop for it, it is nice to be able to hand your team new exploits as you discover them.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • the_hutchthe_hutch Banned Posts: 827
    After your view of the SPSE course, I bought it. lol icon_thumright.gif

    I think you'll like it. I've been pretty happy with it so far.
  • the_hutchthe_hutch Banned Posts: 827
    the_Grinch wrote: »
    I think OSEE would probably be what you are looking for in the realm of exploit development. In regards to Metasploit, I understand why they ban it's use. Years ago, with just some a couple of Google searches and a couple of hours I was able to setup the automated exploitation. This was prior to Backtrack and specifically Fasttrack being out. But yes in the real world you would definitely use it to nail some low hanging fruit and ultimately if you can develop for it, it is nice to be able to hand your team new exploits as you discover them.

    I think OSEE would be awesome. But I don't really see myself doing it anytime in the near future, just because there is no online version.
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Yeah I am wondering if they will do any online version at some point. My guess is they won't, but I guess you never know!
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • I2SecureI2Secure Member Posts: 13 ■□□□□□□□□□
    the official course is you have to purchase but the free ware is also much same in premiun u ll learn much things
  • the_hutchthe_hutch Banned Posts: 827
    I2Secure wrote: »
    the official course is you have to purchase but the free ware is also much same in premiun u ll learn much things

    What did you just say? To clarify...all of Vivek's courses (with the exception of SPSE) have videos that are openly available. Actually purchases the course will give you access to additional forums, access to labs (usually at an additional cost), and the test and certification. And you do have to purchase the course to take the exam. You cannot just purchase the test (I already asked).
  • JinverarJinverar Member Posts: 95 ■■■□□□□□□□
    After watching the first two modules of the SPSE, I also bought into the Metasploit Expert course. I am just waiting for the go ahead email. It's going to be a challenge to try both at once for the Fall time. Plus handling all the ladies who love IT Security guys. I am very good with metasploit as it is. I showed a few people up during the Sans 504 Capture the flag events. I managed to capture all flags. I relied heavily on armitage during that. I already know i'm going to love this course. Probebly more than the SPSE.

    The SPSE was ticking me off a bit because the forum seems to be hard to navigate though the modules on the forum side of the house. Basically you have to navigate your own file stucture and the instructors. Not sure if the metesploit expert is the same....
    Jinverar, TSS
  • the_hutchthe_hutch Banned Posts: 827
    agreed...the forums are terrible. I logged into them once, and haven't gotten on since. I pretty much use outside resources for any questions I've had
  • JinverarJinverar Member Posts: 95 ■■■□□□□□□□
    Has anyone done the exam for the metasploit framework expert certification? I just got the mock exam pictures...It's fun to know when and what your next hack will be. It seems like a fully hands on practical exam using metsploit to break into multiple routers and servers.


    The feeling is excitment knowing you have more computers to penetrate and the goal is exploitation. Is that why Lukes father joined the dark side? Is that why IT Security is so sexy? Pretty sure you just post these pictures up in your living room and invite a girl over. Then let Security Tube do the rest haha. I will test that out on the weekend.
    Jinverar, TSS
  • JayTheCrackerJayTheCracker Member Posts: 169
    interesting.....

    can show us some screen shots??
  • JinverarJinverar Member Posts: 95 ■■■□□□□□□□
    Registered in taking the exam on 8th january 2013....Can I get any advice from people who have taken it?
    Jinverar, TSS
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    Metasploit cert? sounds interesting. Those courses seem good! I will definitely check those out.
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
Sign In or Register to comment.