eCPPT or Go Straight to OSCP?

ZzBloopzZ

Hello TE,

I am torn between which certification to go for next: eCPPT or OSCP?

I took the eJPT beginning of this year and absolutely LOVED the content and structure of the exam. The way they designed the course I truly learned. In fact to really internalize something you need to go through it 3-4 times. eJPT you read the slides first, then watch the videos then do the lab. 3x by default if you do everything. Then you use some of the previous skills you picked up to do more advanced things through the course. It is my understanding the eCPPT is eLearnSecurity's main course where they spent the most effort on.

For next 6 weeks, I am going to be learning Python and Bash. Then spend a solid week on Linux fundamentals as i am rusty. I have been in IT for over 10 years and really done almost everything outside of programming/development. I am currently a pen tester at work but main focus on web apps. I use Kali almost daily.

Think I should do the eCPPT or jump straight to the OSCP? My main hesitations with eCPPT is do I really want to spend $1099 then have to pay $1100 weeks after passing for OSCP. I am in DC area and hardly anyone has heard of eCPPT but OSCP does have that killer reputation so I do need/want OSCP for sure.

I am excited no matter which cert I decide on first as these are something I want to do and not necessarily need to do.

Appreciate any feedback!

P.S. I know eLearn does black friday sales. Searching around I did not see the eCPPT course itself being on discount last few years. I know there is the full bundle but that is not worth it to me as not too interested in the other courses per reviews.

NetworkNewb

I'd definitely go straight for OSCP.

yoba222

I'm in the same boat but Linux right now and then Python for the rest of the year.

So OSCP or eCPPT & OSCP?

By my logic, would we be missing out on learning things doing only the OSCP? I don't know that answer.

ZzBloopzZ

yoba222 wrote: »

I'm in the same boat but Linux right now and then Python for the rest of the year.

So OSCP or eCPPT & OSCP?

By my logic, would we be missing out on learning things doing only the OSCP? I don't know that answer.

Yes, it is tough. I am starting to think to do eCPPT first then OSCP after. That way education/learning wise I will definitely "get it" ya know?

katawia

ZzBloopzZ wrote: »

Hello TE,

I am torn between which certification to go for next: eCPPT or OSCP?

I took the eJPT beginning of this year and absolutely LOVED the content and structure of the exam. The way they designed the course I truly learned. In fact to really internalize something you need to go through it 3-4 times. eJPT you read the slides first, then watch the videos then do the lab. 3x by default if you do everything. Then you use some of the previous skills you picked up to do more advanced things through the course. It is my understanding the eCPPT is eLearnSecurity's main course where they spent the most effort on.

For next 6 weeks, I am going to be learning Python and Bash. Then spend a solid week on Linux fundamentals as i am rusty. I have been in IT for over 10 years and really done almost everything outside of programming/development. I am currently a pen tester at work but main focus on web apps. I use Kali almost daily.

Think I should do the eCPPT or jump straight to the OSCP? My main hesitations with eCPPT is do I really want to spend $1099 then have to pay $1100 weeks after passing for OSCP. I am in DC area and hardly anyone has heard of eCPPT but OSCP does have that killer reputation so I do need/want OSCP for sure.

I am excited no matter which cert I decide on first as these are something I want to do and not necessarily need to do.

Appreciate any feedback!

P.S. I know eLearn does black friday sales. Searching around I did not see the eCPPT course itself being on discount last few years. I know there is the full bundle but that is not worth it to me as not too interested in the other courses per reviews.

My take is whether you're paying out of pocket or your company is paying, I will approach it as follows:
Download the eCCPT syllabus and go through line-by-line assessing/checking if my skills level are current with the syllabus. Browse through the "Sticky: List of recent OSCP threads". If they are not, I will "bite the bullet", go on a diet: air diet, dash diet etc... to save and take the eCCPT course. You're lucky to be working as a Web app Pen Tester so you're way ahead. Another consideration is that eCCPT is less on Web App content so your Web app can complement the eCCPT course in preparation for the OSCP.
I think you will then have less of a learning curve and not too stressed out when you approach the OSCP. I'm in a similar situation although I work primarily as a Vulnerability Analyst. I'm reviewing my foundation of linux admin, programming, etc... since I've been "away from these" for some time.
This is not a race...I'd rather approach this as the Ethiopians and Kenyans doing a middle to long distance running rather than a sprint like Usain Bolt. If your skills set are current, then you can do a "Bolt".
BTW: I like your approach of going through a course/labs 3-4 times to internalize the materials. I'm doing the same at my end. I'm also in the DC area so when you're about to start the OSCP you can ping me to check if I'm done with my foundations. For me I will at least go through the eCCPT course before taking OSCP.

ottucsak

Start with eCCPT first if you are not experienced enough. The OSCP book&videos are horrible and the course has a pretty steep learning curve.

NetworkNewb

ottucsak wrote: »

Start with eCCPT first if you are not experienced enough. The OSCP book&videos are horrible and the course has a pretty steep learning curve.

This ^^^ The only reason I would think about doing eCCPT is if I really wanted videos on certain subjects. Even then... that price is so high I would probably stick to the books and other options for learning. Can't imagine that cert is gonna be all that useful since it pretty much unknown to everybody.

I'll actually admit I did purchase it the eCCPT course when it did come out awhile back. Wasn't super impressed myself... (and even got the updated version in hopes it would be a lot better) But others seem to think differently. Personally, I'd pass. Just my 2 cents on it though.

TeKniques

I've never taken the eCPPT so my opinion may be a bit too subjective. That being said, if you are not ready to commit a decent amount of time to study for the OSCP then I would recommend to start with the former. I don't necessarily agree with the comment about the books and videos for the OSCP being horrible. All the subjects covered are more like primers and it is expected of you as the student to research and expand your horizons. It is unreasonable to expect the subjects to be covered in totality in the material. For example, there is a section on cross-site scripting in both the videos and pdf you are provided. However, the topic of cross-site scripting is so large that you could probably write a whole book on it to cover the vulnerability and potential exploitation in detail.

McxRisley

I'm with TeKniques, I don't agree with the above statement about the OSCP material either. It's actualy some of the best material out there, especially for stack based BoFs. They just don't spoon feed it to you, which is what everyone is looking for these days. As for the OPs question, I would say if you have the time, it wouldn't hurt to do the eCPPT first although it wont make hiring managers raise thier eyebrows like the OSCP will.

adrenaline19

Skip eLearn. They are a waste compared to OSCP.

UnixGuy

As a pentester you are expected to know a lot more than what's covered in any one cert! While OSCP get the name recognition by pentesting hiring managers it doesn't cover web based attacks - something you WILL be asked about in the interview.

I would say do eCPPT, then do OSCP, and consider doing a lot more certs in the web pentesting arena, eLearnSecurity got more web-based certs, and if you work for an employer that pays for training then consider SANS courses as well.

What I'm trying to say is, don't take a minimalist approach with pentesting certs, because people will expect a lot from you and the threat landscape is ever changing.

Enjoy the ride!

TeKniques

Completely agree with McxRisley

Another point to add to the discussion ....

While I agree that more knowledge in the vast area of penetration testing is worthwhile, I want to debunk the perception that the OSCP is void of web application penetration testing. The videos, pdf, and the labs cover web application penetration testing at an introductory level that unless you have any prior experience in penetration testing, won't seem that introductory level. Cross-site scripting, SQL injection, file inclusion, path traversal, and session tampering are all covered ... and I'd like to also point out, may be on the exam. These random statements saying that web based attacks aren't covered simply aren't true. It is true that advanced web application attacks are not covered and you will need to look at the OSWE course for that, which unfortunately is only offered at Black Hat currently.

josephandre

I'd say it depends on the financials. If you've got money to burn for education, or your company is paying... do both. It can't hurt. As you said, eLearns format and approach is really good. If money is a factor, then just do the OSCP. It's the king of the hill, and the ROI is much better. On top of that you can take it, if you don't fare well, you can utilize a million free resources to improve in the areas you struggled and extend/retake.

asurania

I was initially Planning to do the OSCP.
While doing my prestuding - I kept finding that i had a lot of knowledge gap.
Yesterday I Signed up for the eJPT - looked at the material and I was pretty happy.
I have changed my thinking and i will do the eJPT, eCPPT, and possibly the new pen testing extreme certification.
I will then look at the OSCP.

The end goal is first build your skill set. Get armed with knowledge, and elearningsecurity has seem to master that.
Once I have finished the above certification, then I will attempt OSCP - which is what employers want.

The only negative with the above strategy is = Cost.
Postive = Get In learn what you need at a faster pace, so you can move on.

OSCP is still the final goal, but first goal should be learn the job and skillset in the most effective and efficient manner

p1d0f

my advice is try to ejpt and then ecppt

Khohezion

I was in the same boat as you. I actually have couple of threads on this forum to journal me doing the eCPPT and the eWAPT...

I decided to do the elearn certs later and I am currently doing the OSCP. I do not regret it at all. Go for the OSCP and good luck.

Snoopy88

I start OSCP first . After then I suffer and not enjoy cause have time limit on oscp lab . After then I start eJPT and eCPPT , i feel enjoy and learn a lot plus no pressure . Previously I want to get Oscp as fast as possible , but then , I now enjoy e-learn , oscp cert is not important . I will take oscp when im
ready . I will advice go through e learn path , you will enjoy along the journey .

yoba222

I've been back and forth on this question for probably over a year now. I've finally decided on VHL* --> OSCP --> ECPPT.


* Virtual Hacking Labs

r3nzsec

I am now on the same boat. Done with eJPT and now taking eCPPT and after that, will take probably eWPT then OSCP at Q3 next year

Build your skillsets first, don't rush on getting these 4 letters after your name. Skillsets are more important