What after OSCP to pentests?

Hi,

#1 I started job as pentester and at beginning I made OSCP without problems (whole lab 50 hosts rooted in 1mo and exam done in 9h). This certificate was also my first certificate. So, what now is better and need more skills in pentests? I am interested in infrastructure/websites only because this are 2 main targets for most pentests

.

#2 I am also looking for some cheap certificates, don't need be better that OSCP, because more certificates looks better in CV

. Also just some general in infosec, not even need be in pentests subject.

My background:
~1y pentests
1.5y cert
1y computer forensics
0.5y Linux admin

Find more posts tagged with

Comments

W4K3Y

Hi there long time reader 1st time poster.

I am very impressed that you passed the OSCP so easily and quickly with your background all i hear is how ridiculously hard it is !

Can i confirm if you needed write your own exploits and need to know C programming language for the OSCP?

Back to your question If you want really cheap, security+ just buy a book i read it. I did it in about a week and half and passed the exam no more than £200 all in.

Also there is an official online provider that run CEH courses for just over 1k ( Lots of companies in the uk look for that on a cv for some reason) called learningpeople.

Security is in the spot light right now. Courses are all over the place just don't waste the cash on ones people have never heard of.

eth0

W4K3Y wrote: »

Can i confirm if you needed write your own exploits and need to know C programming language for the OSCP?

Exploits yes, C no. Really OSCP is easy, I made it after few mo that I was pentester like 4-5mo, don't remember

. It is like time machine, 90% hosts is same like 10-15y ago, so nothing special

W4K3Y wrote: »

Back to your question If you want really cheap, security+ just buy a book i read it. I did it in about a week and half and passed the exam no more than £200 all in.

Also there is an official online provider that run CEH courses for just over 1k ( Lots of companies in the uk look for that on a cv for some reason) called learningpeople.

Security is in the spot light right now. Courses are all over the place just don't waste the cash on ones people have never heard of.

But this security+ can be made online? What book exactly

?

From that what I know there is needed to learn about CEH because questions are so stupid

, same as above is possible to do online?

Question 1: Scanning is performed in which phase of a pen test?
Hint: Pen-test steps are different from the five hacking steps.
A. Pre-attack
B. Attack
C. Post-attack
D. Reconnaissance

Really, stupid as hell, what is difference in normal pentest between A and D, even B follow law

...

Online because I am from Poland there there everything is expensive, we have smaller salary and bigger price...

TheFORCE

Most of the certificates you have to attend a test center in order to take an exam. Very impressive that you passed OSCP in such a short time. Others on this site have been doing extensive lab work and had more experience than you and took them longer. I hope you are not another *****.

BlackBeret

If I were you I would look in to eLearnSecurity's Web Application Pentesting and Web Application Pentesting Extreme courses. https://www.elearnsecurity.com/

Or, there is also Offensive Security's OSCE, it seems like a logical progression.

For books you could try the Web Application Hackers Handbook.

mokaz

What about AccessData Certified Examiner --> Forensics // it's free and i'm looking for a studybudy

W4K3Y

Unfortunately mine require you to go to a test Center to take the exam.

I would say go for the OSCE then or just go through all of there courses if you just want things on the cv.

eth0

TheFORCE wrote: »

Most of the certificates you have to attend a test center in order to take an exam. Very impressive that you passed OSCP in such a short time. Others on this site have been doing extensive lab work and had more experience than you and took them longer. I hope you are not another *****.

"another *****"

?

I started when I was teenager 15y ago, and for this time it was just hobby and then I started as intern in world #200 website as admin and I was hired as full time admin in half of intern period.

OSCP is just infrastructure, I same way learned OWASP and I done a lot of bug bounty and found few 0days

.

Really, everything is just hobby, when this is your hobby and you spend most time in this, then belive me that nothing will be hard.

BlackBeret wrote: »

If I were you I would look in to eLearnSecurity's Web Application Pentesting and Web Application Pentesting Extreme courses. https://www.elearnsecurity.com/

Or, there is also Offensive Security's OSCE, it seems like a logical progression.

For books you could try the Web Application Hackers Handbook.

eWPTX probably I will take, but my friend told me that labs are so boring

OSCE imo is more for security researcher that pentester, almost never needed to got some job.

Yeah, I have this book and as above I know most of OWASP on good level

mokaz wrote: »

What about AccessData Certified Examiner --> Forensics // it's free and i'm looking for a studybudy

in short time I will be IT expert witness, I have also X-Ways certificate, but mainly I don't want focus on forensic since there is no much good paid jobs

W4K3Y wrote: »

Unfortunately mine require you to go to a test Center to take the exam.

I would say go for the OSCE then or just go through all of there courses if you just want things on the cv.

main problem that I am from Poland, and you know how it looks, you pay less that me for exam and your salary is much more

. What ever to be honest, I like tests like OSCP, why? Because you don't have stupid questions, just you can demonstrate skills or don't, you don't need think as trainers, also you can use your notes, google etc, for example I have problems with memorization and I know something but I need found it in google in some ~30 seconds

creamy_stew

CCNA:RS for sure. You obviously already know how most of it works. Name recognition, and you might learn something!

After that, probably CISSP.

eth0

creamy_stew wrote: »

CCNA:RS for sure. You obviously already know how most of it works. Name recognition, and you might learn something! After that, probably CISSP.

I think about do in next year (or start in this year) - gwapt (employer will pay because for me is impossible to do this with own money since this is price like for my 5y old car from 'C' segment lol), ewptx, ecppt and then (2017 or later) maybe OSCE but I am very lame in RE, so I still think about skip OSCE. CISSP maybe after some years, I just don't have experience to do it, this is theoretical certificate and I still have a lot more technical that theoretical skills

, even as you see my English language skills are poor and around B1 only

(really, good that OS guys don't care much about language skills when evaluate report to pass OSCP exam). I little think also about RHCSA and MCSA but I have mainly experience in Debian/Ubuntu, really I don't use Windows and I have sometimes problems with basics

. Maybe about this networks CCNA:RS (CCNA Routing and Switching, true?) will be somewhere next step with this RHCSA/MCSA, thanks

. For sure I will learn something, on OSCP I also learned how think when I do pentests, this really helped me a lot.

BTW, there is no some "Debian Admin" certificate that is respected?

Bodanel

@eth0

If you look for a linux certificate take Red Hat. It's a practical exam and if you can pass RHCSA you can work with Debian, Ubuntu whatever. You are given a number of tasks and a time frame. They only check if it works not how you do it.

UnixGuy

eth0: I really respect your work ethic! good job

don't waste your time with easy certificates. Challenge some SANS certs and pass the exams. For Linux, just get RHCE ,the money isn't worth for the rest. In fact I don't think you need certificates to be honest, just keep doing what you're doing.

eth0

@Bodanel: you have typo in certificate name probably "eCPPT"

, eCPPT is nice?

I think about following flow:

gwapt -> gpen
ewptx, ecppt -> osce

So probably in next year 2-3 certificates

Bodanel wrote: »

@eth0

If you look for a linux certificate take Red Hat. It's a practical exam and if you can pass RHCSA you can work with Debian, Ubuntu whatever. You are given a number of tasks and a time frame. They only check if it works not how you do it.

To be honest, I want only take this to have some Linux cert, I am Debian Maintainer/consultant already for some few years

. But anyway still RedHat is not Debian, so because of this I also think about just do some RedHat certs but there is a lot admin stuff like creating LVM etc, that will not help me in infosec so hmm still not sure

UnixGuy wrote: »

eth0: I really respect your work ethic! good job

don't waste your time with easy certificates. Challenge some SANS certs and pass the exams. For Linux, just get RHCE ,the money isn't worth for the rest. In fact I don't think you need certificates to be honest, just keep doing what you're doing.

But certs helps when you are look for job, probably now I will have more easy that before since I work as pentester in some big banking group but for example I am sure that OSCP will help me a lot when I will want change job. With OSCP I had this knowledge before because OSCP looks same like 10y ago, so what I mean there was 2 or 3 hosts on 50 that has some new bug like shellshock, but on exam are only old bugs, so even I updated Metasploit repository for some bugs when I was in OSCP lab :P.

Anyway lets still remember that on certificates you learn so much, my friend have around 20 "medium" certificates (I mean like MCSA, CEH etc) and from this he have great knowledge.

I heard that SANS courses are great, but are very expensive, for us in Poland is impossible to pay it from private money (I mean you can have certificate or good used car lol), only company can buy this for us, but then I have loyalty agreement on 3y and I can take max 1 SANS cert per year (or some 2 cheaper around 1k$).

mokaz

i've seen some jobs asking for these certs;
ISECOM - Certification

And theses jobs asked for knowledge on The Open Source Security Testing Methodology as well:
ISECOM - Open Source Security Testing Methodology Manual (OSSTMM)

Although to be honest i don't think that these will have any impact on any HR, just good if the job asks for it..

Althouhg, in your position what i'll pursue is a CPE (C2 level) (I've done it and this has a real impact on HR):
Cambridge English: Proficiency (CPE) | Cambridge English

Cheers,
m.

eth0

BTW guys, what is your experience with schools on recruitment? I have only Bachelor of Engineering in Computer Science, so no master since this is waste of time to study there in Poland, I will not learn anything useful, only some stupid knowledge like Novell Netware (so because of this nothing about Windows Server or Linux, so this is really stupid imo).

mokaz wrote: »

i've seen some jobs asking for these certs;
ISECOM - Certification

And theses jobs asked for knowledge on The Open Source Security Testing Methodology as well:
ISECOM - Open Source Security Testing Methodology Manual (OSSTMM)

Although to be honest i don't think that these will have any impact on any HR, just good if the job asks for it..

This can be nice, since most banks want pentests follow OSSTMM and OWASP

mokaz wrote: »

Althouhg, in your position what i'll pursue is a CPE (C2 level) (I've done it and this has a real impact on HR):
Cambridge English: Proficiency (CPE) | Cambridge English

I need some B1-B2 certificate max because C2 level I will have after some 15y maybe

...

mokaz

eth0 wrote: »

BTW guys, what is your experience with schools on recruitment? I have only Bachelor of Engineering in Computer Science, so no master since this is waste of time to study there in Poland, I will not learn anything useful, only some stupid knowledge like Novell Netware (so because of this nothing about Windows Server or Linux, so this is really stupid imo).

Beware at not hurting the older bears around here; i'm a CNE Monsieur

though i know what you mean it is indeed not very useful today but i always think that understanding the older technologies greatly helps at dissecting today's layers..

Bodanel

@eth0

Thks for spotting the typo. eCPPT is nice but i dont see it very different from OSCP. I have the read the pdf from OSCP from one of my mentors and I have more info on eCPPT course. This gives you more lab time but if you have OSCP I suggest you skip the eCCPT and take OSCE or EWPT.

As for Red Hat cert, trust me they will prove useful in infosec. I've already used some of the things I've learned there. Yes, lots of things you will not use them but you never know when you'll get into them and RH is very used in the corporate world and for GOOD reason. Also you will learn very much about linux in general even if it's a RH cert.

eth0

mokaz wrote: »

Beware at not hurting the older bears around here; i'm a CNE Monsieur though i know what you mean it is indeed not very useful today but i always think that understanding the older technologies greatly helps at dissecting today's layers..

Sorry, I mean only that almost noone use this system anymore, I know that was used some years ago and still is somewhere because of this. But what I mean learning today Novell and not Windows Server/Linux is weird...

Bodanel wrote: »

@eth0

Thks for spotting the typo. eCPPT is nice but i dont see it very different from OSCP. I have the read the pdf from OSCP from one of my mentors and I have more info on eCPPT course.

Beware because this is only around 1/10 what knowledge is needed to pass exam

...

Bodanel wrote: »

This gives you more lab time but if you have OSCP I suggest you skip the eCCPT and take OSCE or EWPT.

EWPT is too easy for me, I already have few 0days with bugs from OWASP, like XSS filter bypass

. So probably I will start with EWPTX (advance version of EWPT).

OSCE is more for security researcher that pentester and probably this will be my last step since I am very lame with RE, debuggers, C/C++ etc

Bodanel wrote: »

As for Red Hat cert, trust me they will prove useful in infosec. I've already used some of the things I've learned there. Yes, lots of things you will not use them but you never know when you'll get into them and RH is very used in the corporate world and for GOOD reason. Also you will learn very much about linux in general even if it's a RH cert.

Yeah, probably I will need do this. I was Debian/Ubuntu admin, so mainly I need refresh knowledge and learn RH way.

merphe

I am in the same situation.OSCP it was not difficult for me, I got all machines of lab and exam(100pt) in the first attempt.

Now, I have to choose what it is the next step.I think it should be network defense.I have seen eNDP from elearnsecurity, but I have not seen many reviews.I prefer online course/certification due to I have not many free time.Is there any alternative for network defense courses ?

Thanks!