After popping shell on almost every box in the Attack-Secure student lab I finally got shell on the computer which held the key.txt file which had the hash I needed to earn my Attack-Secure Penetration Tester (AS|PT) certificate. I went to bed with a smile that was still plastered on my face when I woke up 🙂
I still have a bit of unfinished business in the lab that I’d like to clean up and I still haven’t watched the 8th and final video of the series (exploit development) but I can give my opinion on what I have seen and experienced.
Attack-Secure.com is relatively new to the penetration tester training market but the instructor Mohamed Ramadan has proven his skills by collecting several valuable “bug bounties” including finding a flaw in the Facebook app on the iPhone.
Before I give me thoughts about the course, let me answer two questions that I’ve been asked about the course.
Q: Is the AS|PT certification recognized by employers?
A: Probably not at this time but I wouldn’t be surprised if it is more recognized in the near future as more and more people are exposed to the course.
If you already have penetration skills and are just looking for a certificate to help you get a job, then the CEH is probably the way to go. I didn’t have those skills and wanted to learn them so this course was perfect for me.
As a result of taking this course, I don’t think I’ll have any problems passing the CEH exam. Most importantly, as a result of taking this course I now kind of know what I’m doing.
Q: How is the English in the instructional videos?
A: It never bothered me but you don’t have to take my word for it, you can check it out for yourself for free. Mohamed has a one hour YouTube video of him hacking the Kioptrix 4 distro at http://www.youtube.com/watch?feature=player_embedded&v=SR7tmgDloIA .
I watched a good chunk of the video before I signed up for the course and it gave me an idea of what to expect in the course videos. The videos have a “live and unedited” feel which I personally love. I really felt like I was sitting behind Mohamed and looking over his shoulder as he demonstrated these techniques. Because the videos show the tools running in real time instead of just cutting to the results I was able to get a feel for how long tools take and what results I could expect.
With those two questions out of the way, here are my thoughts on the course: it rocks!
The Attack-Secure Samurai Skills course is the best value I’ve ever received for any technical training. I bought the course during one of the 50% off sales so for a little under $400 I got 17 hours of instructional videos, corresponding PDFs AND 90 days of lab time to run all of the tools I needed to learn and practice the techniques I needed to practice. That is a ridiculously good value.
Speaking of the 90 days of lab time….. When I saw the 50% off sale I decided that it was a no risk opportunity and worst case, I was out $400. I had some other stuff going on in my life (all positive) so when I signed up I asked Mohamed if I could please receive the materials now but delay my 90 days of lab time until I had time to utilize it. He responded right away with “Absolutely, just shoot me an email when you’d like me to start your lab time.”
That experience was the first of many times that I found Mohamed knowledgeable, responsive, friendly and helpful. Not “Run exploit XXX” helpful, just “keep trying, you’ll get it” helpful. When I sent emails asking for boxes in the lab to be reset, I would sometimes get a response within minutes. It took a bit longer sometimes but we’re on opposite sides of the earth and the man needs to sleep sometime 🙂
I had a blast doing this course, learned a ton and will be at the front of the line to get the upcoming “Ninja Skills” course.
If you’re in the same situation I was (heavy on desire, light on skills) then watch the video I linked above. If you like that style of demonstration then do yourself a favor and sign up. You’ll get a lot more videos and a place to work on your new found samurai skills.
I’ll post an update of the exploit development section as soon as I watch them. If you have any specific questions about my experience with the course, feel free to ask them here and I’ll do my best to answer them.