Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Tag Archives: ECSA

EC-Council points

Over the last 6 months EC-Council have been implementing their new ECE points system for retaining your qualifications (ISC² style). Now I’ve blogged before a few times on the C|EH, ECSA and L|PT qualifications, so I don’t want to re-hash those view. However, the whole ECE points rollout has been one disaster after another. Although the system was meant to be released at New Year, nothing appeared. When the members on the forums asked questions, nobody answered. Emails where pretty much the same, with an occasional mindless response that made no attempt to even answer the question at all. However, we (the forum members) persevered, and were rewarded a few months late with the brand new ECE portal in all it’s glory. It was buggy, badly designed and the points were wildly disproportionate. If you did a course with EC-Council, or talked at an EC-Council event, you’d get 4 times the points than if you talked at something like DefCon. A truly WTF moment if I’ve ever had one. Anyway, things got better. To EC-Council’s credit, they took some of the comments from the forum users and actually made some changes to the points system. They added Security related Podcasts to the list, and changed the points allocations. Things were on the upturn.



Fast forward a few months and I’ve added a few things to the points list. After all, no matter what I think of the quality of the qualification it seems a waste to just not spend 5 minutes filling out the form to retain it. Well, maybe it is a waste, but that’s something I’ll consider in the future. Added to the points list are a number of security related books I’ve read, as well as the SANS GPEN course/exam and an article I’ve written for Linux Magazine about Snort IDS. No problems so far, everything is fine and dandy. That is until I write an article for Hakin9 magazine about security training. I added it to the ECE system yesterday while I was taking a 5 minute break from breaking a web-app.

I thought nothing of it… that is, until I get an email asking for a copy of the article. Suddenly EC-Council wants to see proof that I’ve written an article. They don’t want proof of the Linux Magazine article, the SANS course, or anything else I’ve done. However, an article on security training is something different it appears. I’m not so worried about loosing my C|EH/ECSA status (never bothered paying for the L|PT) if EC-Council dislike my article, but seems like they’re not a big fan of criticism when it comes to their courses.

I’ve replied asking them for clafficiation why they need proof for only this item and not the others. We’ll see what they give as a reason. Maybe they’re just getting their act together on checking these things, but I doubt it. If the article was about something else, I doubt they’d care to check. Things smell a little fishy to me.

Final Scheduled exam….

Today I took and passed my final scheduled exam… the world famous </sarcasm> ECSA (EC-Council Certified Security Analyst). The exam was pretty hard considering I thought we covered the material quite well. The reason was probably because the questions were so ambiguous and open to opinion, some others were just so far into the detail that nobody would ever remember them. Anyway, done and done.

I’ve scheduled another exam for Thursday morning (yeah I know, glutton for punishment eh). The Microsoft Systems Management Server 2003 exam (70-089). I did the course a few years back, and never got a chance to do the exam due to real life issues. Anyway, now I get the chance if I can swat up on things tomorrow. I’ve been using SMS for a while now in London and Munich, so hopefully I can do it. Anyway, it’s only $50 if I fail, so not the earth….

Friday evening, I’m home….. I can’t wait…..

Certified Ethical What ???

Well yesterday I took (and passed) my EC-Council Certified Ethical Hacker exam. What can I say about this exam that’s not already be said. Well lets start at the beginning shall we.

Learning Material

On day 1 of the course you get 4 books (yes that’s not a typo) totalling about 2400 pages. The book is badly written (considering it’s version 5 of the course). For each section of the book they list in rough detail (sometimes wrong) about a large range of tools. This is just too much information, especially considering most of the tools they cover are either useless, or just not good enough to compete with the likes of NMAP or Nessus. They could condense these books down to 1 or maybe 2 by dropping the extensive tools descriptions and concentrating on whats important and then just giving a list of others. Also the books and CD’s are quite obviously produced and packed in a terrible environment (they have an office here in India so I expect that’s where) of the 8 CD’s given with the book 1 worked, as the others were scratched out of the case… same with the books for the other 2 students as well.

Course Presentation

Poor…. that’s about the only thing I can say. There are hundreds of slides for each module, which forces the tutor to skip, or just roughly comment on each at such a pace that nothing is learnt. The detail is poor, and again they need to concentrate on reducing the content to what is required and not listing everything. Too much information means you will get nothing from the course unless you say “hold on, lets read this and go through it” meaning you’ll run out of time before the end of the books. From module 22 onwards the course is Self-Study (this is shown in the slides) leaving you 4 chapters to learn yourself with no assistance from the instructor, or the book in some cases (chapters 23-26 are only slides with no text to explain) It would be ok if these were just chapters not required, but these for me were the more interesting topics.

Trainer (Koenig-solutions, India)

Well, he was pretty useless to be honest. Students had to correct him constantly, and when we came across the sections on SQL injection and Linux he wanted to skip them as he didn’t know either topic at all. This may just be a Koenig-solutions problem, but then again it may not. How can he qualify as an instructor when he doesn’t know the subject. Poor authorised tutor management.


I had a few questions for EC-Council regarding their new ECE (EC-Council Education Points) system. So I emailed them. A nice man named Haja emailed me back and told me nothing. So I emailed again, and got the same exact reply. I also emailed another email address to try and get the books in PDF format. Haja replied and told me that I can buy them online at there store. Seems like Haja (the technical director) is the only person working there. Also seems that EC-Council just like money no matter what.


Take from this what you will, but I’m betting that another 5 years people will be saying EC Who ? 

Additional: ECSA

Today I started my ECSA (I already had this booked so had no chance to cancel) so far… my views are the same as the CEH. Poorly designed course, and courseware. The book even says to do the practise in the lab book (which doesn’t exist) The EC-Council really need a proof reader and somebody to redo all this courseware into something useable.