eCPPT or OSCP?

Hi Guys!

At the beginning of the year I was assigned to a team that handled vulnerability scanning/patching and instead of just clicking here and there, like my overlord... err.. team mates, were doing I started reading and learning more about InfoSec (in fact that's how I found this great forum) and really got me interested in learning more about it.

My boss suggested to take on the CISSP, but as I was reading it I kind of realized that unlike management related certs (Im looking at you ITIL), there was a big difference between saying you know and actually knowing the domains in the book.

So lately I have been thinking of entering the security world but would like to either take on the eCPPT or the OSCP challenge.

My IT background is mostly based on Linux, VMware and general admin stuff, also back in the day I took CCNA classes at college but still feel like I'm a total stranger to skills that maybe needed for any of the two.
Time won't be that much of an issue , since I'll be freelancing jobs for a couple of months, but after reading awesome threads published by MrAgent, si20 and MSP-IT really doubt i could just simply walk into the OSCP challenge.

So which one would you think be the best to start with? eCPPT or OSCP?

Find more posts tagged with

Comments

Zoovash

Since you have no experience with pentesting I would suggest take eCPPT first. They have a more friendly approach than OSCP. From the sounds of it, you're already in InfoSec, so Security+ could only help you from a HR perspective. Also, don't forget to build your own lab and practice, regardless of which cert you're going for.

si20

I've not done the eCPPT, but i'm currently doing the OSCP. The OSCP is very unforgiving. Admins will not give hints and will tell you to "try harder". This approach may work for you, or it may make you wonder what you're paying for. If you take the OSCP you WILL need to extend, pretty much everyone does.

OSCP is a much more well respected cert in the security world but you have to ask yourself whether or not you're ready to commit the next 90 days (or 60, or 30 depending on what you go for) to working exclusively on it. If you want to get some experience before the OSCP, i'd say go and work on the eCPPT. If I could go back in time, i'd pick the eCPPT before the OSCP.

JoJoCal19

I too am grappling with this decision. I had always thought I'd go straight for the OSCP but I've been thinking a little more on doing the eCPPT first.

SephStorm

Well, it can only hurt your wallet.

pandoso360

Thanks for the comments!
I'll start with the eCPPT first and work my way to the OSCP since I don't think my wallet is ready for it.

@si20 good luck on your journey! I'm pretty sure you'll pass the challenge!

NovaHax

OSCP... That is all

chopsticks

I'll

from both :>

veritas_libertas

I was thinking about doing the OSCP, but based on what I've been reading and seeing lately I'm leaning towards the eCPPT. I'm looking to be mentored through it, not forced dig for information.

ramrunner800

veritas_libertas wrote: »

I was thinking about doing the OSCP, but based on what I've been reading and seeing lately I'm leaning towards the eCPPT. I'm looking to be mentored through it, not forced dig for information.

OSCP certainly involves digging. Lots and lots of digging.

zxshockaxz

The plan so far is for me to take the eCPPTv3 exam starting the 19th. I'm not completely green to pentesting, but webapp pentesting was definitely my forte. I took this course because I wanted to get better at the network side of things, and I was too intimidated by the OSCP. I've watched my skill grow through out the course, and my reporting has gotten way better. Finger crossed for the exam. So, my point being, I decided to go with eCPPT before OSCP and I definitely feel alot more confident about taking the OSCP in the near future.

Just my 2 cents

JB3

^^ Good luck on the test, let us know how it goes!I just started the PTP a couple of days ago and am hammering through it. I'd like to take the test in a couple of weeks, but we'll see how much time I have to continue to throw at it (I am out of school for winter break). So far I am pretty impressed with it. Hopefully this will be a good stepping-stone to taking the OSCP this summer.

JoJoCal19

Good luck on the PTPv3 course and eCPPT test. I am thinking of using the $150 off coupon code and doing the payment plan with them.

Zoovash

I'll also start the eCPPT exam after New Year's Eve. I have the course since April, but life got in the way of actually starting the certification process. Good luck, @zxshockaxz !

zxshockaxz

Thanks all. I've also had the course for a good a mount of time. I bought it after the launch webinar and got the big discount. I think I paid around $700 for the elite package?
I think these certs are gaining recognition rather quickly. If you ask me, the knowledge the provide is well worth the money. I think have that all in one package for like 4k right now. Thats cheaper than a single SANS course.

Zoovash

They provide quality training materials if you ask me. Yes, they tend to hold your hand at times, as opposed to OffSec, but someone without formal experience in pentesting might appreciate that. Their discounted Add-On Course is insane, too bad I don't have the money and need to settle for just 1 course, still undecided between WAPT and ARES.

JB3

Those who have or currently taking the PTP/eCPPT, what are your study methods? Do you read the slides for each section, take notes and then goto the labs related to what you just read? Or do you go through all the slides and then go into the labs?

zxshockaxz

JB3 wrote: »

Those who have or currently taking the PTP/eCPPT, what are your study methods? Do you read the slides for each section, take notes and then goto the labs related to what you just read? Or do you go through all the slides and then go into the labs?

I took a very relaxed approach to studying, to be honest. I purchased the elite package which came with 120 hours and voucher that does not expire. I began by just reading through the slides completely, then went into the labs. Ive probably read through each section at least 3 times each if you total up all of the times I reference them. The labs are really where the majority of learning takes place. I have ~50 hours remaining and purchased the exam sometime around mid April of 2014. I've taken a longer time than I'm sure most people do, however I'm finally about to sit the exam.
I've also had the privilege of being able to practice in a live environment at the workplace.

What I have found to be the most helpful for me was to go through each lab a few times so I could do the tasks without getting help, and once I reached that point, I quit reading the lab manuals and just began picking a random lab and attempted to pop any and all boxes.