Career Advice - - Please Help

Hello Everyone,

Sorry for another career advice thread.

A little about my background first; I have been in IT for about 10 years last 5 as system admin windows side (bored to death). Recently passed RHCSA so decent at linux. Also hold security+, CCNA, MCSA have completed watching CEH video's and will write the test soon.

Anyways, I could use some advice as to what cert to take next after CEH. I am looking at two possible career paths in security.

1. Pen tester - OSCP or GPEN.

2. I'm also, considering forensics not sure what cert is best but love what I'm seeing from Sans. I also love the idea of getting the bad guys even going to trial appeals to me. I think I may be able to stomach some of the hard to see stuff if I focus on the greater good. I have zero experience in either field but both appeal to me.

Here are the factors I am struggling with. Which one is more employable, pros and cons of each. Also, OSCP looks great but with a wife and 3 kids not sure if I have the study time required I hear its intense. I have the money to pay for SANS and like the idea of on-site training for a few weeks away from distractions and coming back with a cert.

Any help would be greatly appreciated.

Find more posts tagged with

Comments

yoba222

ravenx76 wrote: »

. . . I have the money to pay for SANS and like the idea of on-site training for a few weeks away from distractions and coming back with a cert. . .

For the money, you get 6-days of in-class training and a pile of books. You then get a 4-month expiration date to study what you were exposed to if you feel like taking the exam for the cert.

636-555-3226

SANS classes are great, but they're really expensive to spend your own money on. GPEN is a different beast than the OSCP. You won't take the GPEN and be able to do really good pentests based solely off of that class. it's very much an entry-level, here's a high level approach to all kinds of pentesting stuff, including writing reports. OSCP is much more in-depth and hands on, but it's a time eater that i've wanted to do for awhile but just don't have the time to dedicate to it (same boat as you with the family situation, esp. with summer now here).

honestly my recommendation may be to start downloading and using all the standard pentest tools and getting really good with them. some things to practice with (many of which are included in GPEN studies). real-world experience beats certs any day of the week.

command-line is key. cmd/powershell/bash, including scripting. need to be 301-level with all before i'd recommend doing a pentest for a client, and i'd be expert level before doing a pentest for a client with a mature security posture

python & ruby basics. lots of tools written in these languages, and you'll need to know the basics to troubleshoot issues that arise in real-life use

putty, wireshark, tcpdump

nmap is very easy to learn and is really, really useful

netcat's a given since that's what you'll use to communicate with compromised hosts a lot of times.

nessus

recon-ng/maltego

veil-framework

mimikatz

spiderlabs responder, bettercap

powersploit

bloodhound - this is a must in any modern windows-environment, except for mine where it's useless

empire

i prefer trustedsec’s PenTesters Framework (PTF) instead of a dedicated kali build. kali is just a linux machine pre-built with all kinds of random tools. i rock my own distro (usually ubuntu since it's got a lot of support) and add my tools on top of it

hashcat & john the ripper (wordlists available @ https://github.com/berzerk0/Probable-Wordlists)

thc hydra

other tools available for web app or network hardware tests (zap, yersinia), but i just listed a bunch of random normal pentesting tools above. there's lots more out there, don't stop with that list.

Also strongly recommend you find the developers of the above tools and follow them on Twitter. I hate Twitter but have to admit that in terms of keeping up-to-date with new types of tools, Twitter's the best way to follow that kind of stuff.

don't just learn the commands & switches - practice using all the tools together on any of the multiple vulnerable vms downloadable from the internet. metasploitable 2 & metasploitable 3 are really good starting points with complete walk-throughs available for when you get stuck. hack them then move onto the other vuln vms out there

also for pete's sake learn how to defend against any of the tools you use above. knowing how to hack into a network is great if you're north korea, but when i pay you tens of thousands of dollars for a pentest i also expect that final report to tell me how to FIX what you pwned.

ravenx76

Thanks for reply - So your saying the 6 days in class does not prepare you for exam another few months after are needed generally speaking?

ravenx76

Thanks for detailed post.
I'm leaning towards OSCP I really am looking for a course that takes me from noob to employable.