Certification and General noob Questions
Hi all,
I am looking to start up a Pentesting section for an existing IT business and am trying to get as much info as I can.
I have some experience with basic principles, programs, procedures, laws etc, and have been testing myself on my own network and friends (with their permission, and agreement to help secure it for a beer or two).
I having been looking around at making more of this and would like to aim for a certification to move myself on. This is where I have been getting confused. The cert that seemed to me to be the one best suited to me was the GIAC GPEN cert. Whats the general opinion (if there is any) on this cert as a whole?
Also any other Certs that are considered industry standard?
Finally one more noob query that I realise might go unanswered but Even an new idea would be nice. Another group I am part of have been helping me with learning as much as I can and are now starting to challenge me. One of the members has set up what he considers a pretty secure network, and while I know that I could get in if I was within wireless range of him I have seriously lost the plot trying to do it from 1000 miles away. He has given me some clues, what security he is using etc. But i can't even get a port scan out of it.
To be honest the thing i am most interested in is the cert. The other bit is more of a i-cant-think-of-anything-and-this-brick-wall-is-starting-to-hurt-my-head question.
First off welcome to the forums, second there are tons' of threads here which contain info you seek, the only real requirement on your part is to search for them.Originally Posted by bambam_tf
BTW have a re-read of the rules (to be informed and safe) also check the General IT section.
To be successful here you should read all of the following.
ForumRules
ForumFAQ
If you are new to Back|Track
Back|Track Wiki
Failure to do so will probably get your threads deleted or worse.
I have the GPEN certification. In Australia it seems to be quite well regarded even though its very new. As well as technical stuff it covers the other aspects of a pen test quite well. As far as certifications go I think its probably one of the best ones to get relating to Pen Testing. Id personally also be impressed with people who have the OSCP certification (Pentesting With Backtrack - Ive done the course and will be attempting the cert soon), but I don't think its that well known here yet. The testing process for the OSCP certification is pretty impressive in my opinion.
The EC Councils CEH certification is also quite well known, but I have my doubts about the quality of the cert. From how it sounds, the CEH is just a test that covers your ability to remember lots and lots of hacking tools. There is also another couple of certs available from the EC Council I think, which cover some other aspects of the process. Those other certs are not that well known.
There is also a company in Australia called Pure Hacking who offer another cert which is based on the OSSTM (link below). I dont think its that well known either. EDIT - This is actually an ISECOM certification, Pure Hacking is just the training and certification provider in Australia. There are others in Europe and the US.
Training- Pure Hacking
Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".
The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.
Posting Permissions
