OSCP - thinking of just going for it ...

I'm keen to become a pentester at some point. I did consider CEH and GPEN but due to self funding I decided I'd gain much more by going for OSCP with 90 days lab access.

I'm very comfortable with Linux and command line. Networking knowledge is OK (not amazing but not bad either). My knowledge of hacking is becoming better and I've been working heavily with tools like Nmap, Hydra, Nikto, some metasploit (but not much) and a few other things.

With so many certifications out there I've become quite overwhelmed as I keep thinking of doing the CHFI (hacking forensic investigator) as it's basically what I do as a day job, then I think about the Linux+ as I'm fairly decent with this area.

To be honest I think I'm just trying to get some certifications to make myself a more attractive prospect for employers, however I'd obviously gain most from the OSCP.

....................

As a result I'm thinking of just signing up now for the 90 days access and OSCP exam. Just diving in, to really focus me and start working towards this.

This + CISSP are the two huge certifications are my most wanted and the hardest in terms of time and learning.

Do you think I'm in a good position to sign up to the OSCP and start, or should I calm down a bit and maybe do something else first?

Thanks,

Find more posts tagged with

Comments

Blucodex

I'm closing in on 2 weeks and it's a very self fulfilling experience. As with anything, you will get out of it what you out in. Expect a lot of research outside of the training to be successful in the lab. There won't be any hand holding.

If you think you'll enjoy a ton of research and out of the box thinking on your own than go for it. If you're not a self motivator you may not like it.

I took the last few days off because work has been crazy but will be hitting it hard again starting this afternoon. I think it's a lot of fun and I'm learning a ton.

NetworkNewb

YOLO! If you want to go after it, go after it! If you get stuck on an area and have to spend more time digging into a certain topic, so be it. The sooner you start the sooner you'll get it. Good luck!

PCTechLinc

I don't know about your area, but unless you have a job in Forensics or WANT one, I would go for either OSCP or CISSP instead of CHFI. You'll get a LOT better ROI, especially since you are self-funding.

JasminLandry

Like NetworkNewb said, if you want it go for it!

BuzzSaw

OSCP is by nature a course designed to both challenge you, but also TEACH you. Yes, there is a lot of self learning, but it gets you pushed in the right direction.

I get that dropping money on something when you dont feel totally ready is a little scary. But on the other hand, you are supposed to take OSCP (Well PWK) to learn.

I'd say if you're feeling froggy, then jump.

Also, if you want to get a pretty good idea of what it's like, hop on the #offsec IRC channel (yes ... IRC) - You can ask questions in there, and that community is pretty legit. I love hanging out in there. You will learn alot.

The other thing, you could check out Mubix's website. He has some really good stuff. he also has a "starting in infosec" page that has links to ALL sorts of stuff for people wanting to break into security ... (see what i did there??

) you will read and hear from some of the top people in the field on what they think it takes to actually get started

https://room362.com/start/

BuzzSaw

CyberCop123 wrote: »

I'm keen to become a pentester at some point. I did consider CEH and GPEN but due to self funding I decided I'd gain much more by going for OSCP with 90 days lab access.

I'm very comfortable with Linux and command line. Networking knowledge is OK (not amazing but not bad either). My knowledge of hacking is becoming better and I've been working heavily with tools like Nmap, Hydra, Nikto, some metasploit (but not much) and a few other things.

With so many certifications out there I've become quite overwhelmed as I keep thinking of doing the CHFI (hacking forensic investigator) as it's basically what I do as a day job, then I think about the Linux+ as I'm fairly decent with this area.

To be honest I think I'm just trying to get some certifications to make myself a more attractive prospect for employers, however I'd obviously gain most from the OSCP.

....................

As a result I'm thinking of just signing up now for the 90 days access and OSCP exam. Just diving in, to really focus me and start working towards this.

This + CISSP are the two huge certifications are my most wanted and the hardest in terms of time and learning.

Do you think I'm in a good position to sign up to the OSCP and start, or should I calm down a bit and maybe do something else first?

Thanks,

One other thing, if you want to sort of get a feel for what forensics would be like, download an open source IDS \ IPS like SecurityOnion ... monitor and capture some traffic.

This would be very much like what an analyst or investigator would pour through to find things.

Dr. Fluxx

I am also self funding for the OSCP.
My choice was either OSCP, CEH, or CISSP.
CEH?
lol..for so many reasons you can find everywhere. BUT...if a company paid for it...id take it.
CISSP?
Seems that many people have it...but its a multiple choice test...that seems top hard to show that its THE cert to have (in a way like the CEH, but much more difficult). I know that ill eventually have to get it but theres something shallow about it that i cant put my finger on. It is definitely in my future but, id rather a company pay for it as opposed to me funding it.

OSCP.
You cant get any more practical than this. Much like a CCIE and various cisco exams, this is as real as you can get. Hands on labs, you can train for it somewhat via actual, and not theoretical execution of which, many are hands on learners so the concepts may stick a bit more.
Its hands on and you simply can not beat that at all.

saraguru

I am a newbie in the Pentesting area, and my 2 months lab time for OSCP just ended yesterday. I would say that if you are self-funding and wanna get a more practical experience that just go for OSCP. I think it is far cheap when compared to other certs out there and their extensions and exam retake are very very cheap. So, you don't have to restrict yourself to complete it in 60 or 90 days and take your own time. And if you are new to pentesting then I'm 200% sure you'll find it sooooo much beneficial