I spent last week in a training class for the Certified Ethical Hacker (CEH) exam. The first day of class they issued me an EC-Council backpack that contained two text books (1,800 pages worth), one lab manual and one t-shirt. It’s heavy as hell and I can see why they provide the (fairly nice) bag to lug it all around in.
I went into the class expecting to only learn the corporate developed ‘best practices’ for penetration testing and hacking. I walked out of the class believing that anyone could benefit from its teachings. Even a seasoned pentester is bound to learn something.
It teaches a best practices methodology to approaching a penetration test. Just about any category of tool that would be useful in a pentest is covered. Far too many, in some cases. Although, I think it is great to get exposure to more tools than one would generally exposure themselves to.
My pentest toolkit is now stocked with only the best tools and separated into the logical categories that the CEH teaches. It just makes sense.
In a near future post I will be explaining my toolkit, what it contains, how it is organized and how to make your own.
I also end up with some CPE (Continued Professional Education) points to keep my CISSP certification current.