ohmohm Member Posts: 12 ■□□□□□□□□□
I'm currently working on OSCP and must decide on a SANS course for this years work budget.

I have slight interest in malware. Have decent assembly background. I'm also looking to take OSCE at some point next year. Which would benefit me more?


  • Options
    JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    If you want to do OSCE then GXPN would be the best option. Since advanced pentesting and reverse engineering are both on the advanced side of things, I would finish up your pentesting track by doing GXPN > OSCE, then jump into the RE side of things.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • Options
    xXxKrisxXxxXxKrisxXx Member Posts: 80 ■■■■□□□□□□
    I'd pick between the GXPN and the OSCE and wouldn't do both. Both are considered Advanced Pentest Courses and hold serious recognition. If I had to decide between the 2 I would go with the GXPN - especially since your employer is paying for it. Out of pocket wise, the OSCE is a great option. The CTP course hasn't been updated since it rolled out and they have no plans on updating it. SEC660 on the other hand is updated quarterly so you'll be getting the most recent solid material. I want to say CTP came out in 2009. 8 years no course updates is never good. The OSCP is the perfect background to have before approaching either of these 2 courses.

    The assembly background is good for all 3 of these course options. I'd pick the course based on the type of work you get to do and also see yourself doing down the road.
  • Options
    UnixGuyUnixGuy Mod Posts: 4,567 Mod
    what's your work background? What current certifications you have? What's your career goal? Both GXPN and GREM are great but we need to know why do you want to do either

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • Options
    McxRisleyMcxRisley Member Posts: 494 ■■■■■□□□□□
    The OSCE hasnt been updated since it was released BUT what most people miss here is that the course isnt about exploiting current vulnerabilities and such, it's about learning the methodology and process of how to research and create your own exploits in a given situation. If you want current exploits then the Advanced Windows Exploitation course is what you want but be warned, it is considered the most difficult offsec course. Also with the GXPN you dont have to prove your worth to register like the OSCE, you can just pay the fee and sign up for the course.
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
Sign In or Register to comment.