1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

CEH books

Discussion in 'Other IT certifications' started by zebulebu, Aug 1, 2007.

  1. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Well chaps, I've just got work to pay for two books in prep for my CEH course next week. I have to say that the Sybex one is absolute pants - its only got about 200 pages and NONE of the stuff in it is remotely useful for anything other than a quick refresher - maybe the night before the exam - on any topics you might not be overly familiar with.

    The ExamPrep from QUE is a little bit better - certainly a lot more substance to it, though most of it is common sense. I certainly hope the exam doesn't go too deep into XSS or SQL Injection - two areas I'm not that hot on - because there is absolutely sod all in either book beyond the real basics of each.

    I also bought three other books at the same time (went a bit nuts with my procurement card!) - two of which look extremely useful (The Tao of Network Security Monitoring and Security log Management) and the other (Juniper Netscreen Firewalls) is an updated version of my Syngress NetScreen 'bible'
     
    Certifications: A few
    WIP: None - f*** 'em
  2. Crito

    Crito Banned

    505
    14
    0
    An interview with Michael Gregg about his CEH book:

    http://gocertify.com/article/certified_ethical_hacker.shtml

    [​IMG]

    It's the only thing I used, other than the official curriculum, that is.
     
    Certifications: A few
    WIP: none
  3. Crito

    Crito Banned

    505
    14
    0
    The "Hacking Exposed" books go into a lot more detail than required to pass the exam, if you're looking for extra credit or something. ;) There's even a little known SQL Server secret in the "Hacking Exposed: Windows Server 2003" book that I've never seen published anywhere else. With it you can sniff and simply XOR passwords back into plaintext. :oops:
     
    Certifications: A few
    WIP: none
  4. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    That might be why it's called a "Review Guide" and not a "Study Guide" like most of Sybex's other titles.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  5. Crito

    Crito Banned

    505
    14
    0
    You should also know that CEH is generally frowned upon for government work. It might actually cost you a gig (contract/assignment) rather than help you land one. For me that's fine, as my principals won't allow me to aid wannabe fascist pigs, regardless of the amount of money they throw at me, but you or your boss might feel differently. So be forewarned... :dry
     
    Certifications: A few
    WIP: none
  6. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    That might be the case in the States Crit, but over here almost every Security job advertised - public or private - lists the CEH as a desired qualification.

    Of course, lots of them also list the CISSP (yaaaaawn) which I'll probably end up taking next year.
     
    Certifications: A few
    WIP: None - f*** 'em
  7. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Yeah - my bad on that one. I just saw 'Sybex' and pulled out the procurement card... but hey - I ain't paying (for once) so what the hell.
     
    Certifications: A few
    WIP: None - f*** 'em
  8. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    LOL - you mean the A5 XORing that M$ laughably calls 'encryption'? I guess that's probably the best example I can give of why SQL Server's native authentication should never be used if possible :)
     
    Certifications: A few
    WIP: None - f*** 'em
  9. Crito

    Crito Banned

    505
    14
    0
    In the private sector I'm sure that's true. But I think you'll find the same hacker vs. security professional (black hat vs. white hat) animosity exists in your government as well.

    That's why I wear a Red Hat, just to confuse the !@#$ out of 'em. :twisted:
     
    Certifications: A few
    WIP: none
  10. Crito

    Crito Banned

    505
    14
    0
    A white hat thinks right and wrong is determined by the law. If the law says all black people have to sit in the back of the bus, then any black person attempting to sit in the front of the bus is a criminal and deserves to be shot. If the law says it's wrong to put bugs up peoples butts, then all you have to do is pass a law saying it's legal to put bugs up people's butts and it suddenly becomes OK. If you call the law the Patriot Act, so much the better, as anyone complaining about bugs up their butt automatically becomes unpatriotic too. White hats think in boolean logic. Legal is right, illegal is wrong. Give them three values like right, wrong and does not apply, and white hats become very confused.

    A hacker knows right and wrong are absolutes. It the law says black people have to sit in the back of the bus then the law is wrong and anyone attempt to enforce it is a Nazi. If it's wrong to put bugs up people's butts before some traitorous act is passed, then it's wrong afterwards too. A hacker won't let the law stop him/her from doing what's right.

    That said, I suppose even white hats have their place in society. I wouldn't want a hacker doing regulatory compliance work like, say, with HIPAA or SOX. On the other hand, I'd rather have a hacker defending a hospital network, as they'd likely act to save lives first and worry about the legal ramifications later.
     
    Certifications: A few
    WIP: none
  11. dmarsh

    dmarsh Terabyte Poster

    3,782
    302
    184
    I totally agree Crito, unfortunately legislation creates a hell of a lot of jobs, many of them IT related these days, the types that recruit for these jobs are gonna want people that understand security from a book and a couple conferences, prob not anyone with any real knowhow...
     
    Certifications: CITP, BSc, HND, SCJP, SCJD, SCWCD, SCBCD, SCEA, N+, Sec+, Proj+, Server+, Linux+, MCTS, MCPD, MCSA, MCITP, CCDH

Share This Page

Loading...