eCPPT or Go Straight to OSCP?

Hello TE,
I am torn between which certification to go for next: eCPPT or OSCP?
I took the eJPT beginning of this year and absolutely LOVED the content and structure of the exam. The way they designed the course I truly learned. In fact to really internalize something you need to go through it 3-4 times. eJPT you read the slides first, then watch the videos then do the lab. 3x by default if you do everything. Then you use some of the previous skills you picked up to do more advanced things through the course. It is my understanding the eCPPT is eLearnSecurity's main course where they spent the most effort on.
For next 6 weeks, I am going to be learning Python and Bash. Then spend a solid week on Linux fundamentals as i am rusty. I have been in IT for over 10 years and really done almost everything outside of programming/development. I am currently a pen tester at work but main focus on web apps. I use Kali almost daily.
Think I should do the eCPPT or jump straight to the OSCP? My main hesitations with eCPPT is do I really want to spend $1099 then have to pay $1100 weeks after passing for OSCP. I am in DC area and hardly anyone has heard of eCPPT but OSCP does have that killer reputation so I do need/want OSCP for sure.
I am excited no matter which cert I decide on first as these are something I want to do and not necessarily need to do.
Appreciate any feedback!
P.S. I know eLearn does black friday sales. Searching around I did not see the eCPPT course itself being on discount last few years. I know there is the full bundle but that is not worth it to me as not too interested in the other courses per reviews.
I am torn between which certification to go for next: eCPPT or OSCP?
I took the eJPT beginning of this year and absolutely LOVED the content and structure of the exam. The way they designed the course I truly learned. In fact to really internalize something you need to go through it 3-4 times. eJPT you read the slides first, then watch the videos then do the lab. 3x by default if you do everything. Then you use some of the previous skills you picked up to do more advanced things through the course. It is my understanding the eCPPT is eLearnSecurity's main course where they spent the most effort on.
For next 6 weeks, I am going to be learning Python and Bash. Then spend a solid week on Linux fundamentals as i am rusty. I have been in IT for over 10 years and really done almost everything outside of programming/development. I am currently a pen tester at work but main focus on web apps. I use Kali almost daily.
Think I should do the eCPPT or jump straight to the OSCP? My main hesitations with eCPPT is do I really want to spend $1099 then have to pay $1100 weeks after passing for OSCP. I am in DC area and hardly anyone has heard of eCPPT but OSCP does have that killer reputation so I do need/want OSCP for sure.
I am excited no matter which cert I decide on first as these are something I want to do and not necessarily need to do.
Appreciate any feedback!
P.S. I know eLearn does black friday sales. Searching around I did not see the eCPPT course itself being on discount last few years. I know there is the full bundle but that is not worth it to me as not too interested in the other courses per reviews.
Comments
So OSCP or eCPPT & OSCP?
By my logic, would we be missing out on learning things doing only the OSCP? I don't know that answer.
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP
Yes, it is tough. I am starting to think to do eCPPT first then OSCP after. That way education/learning wise I will definitely "get it" ya know?
My take is whether you're paying out of pocket or your company is paying, I will approach it as follows:
Download the eCCPT syllabus and go through line-by-line assessing/checking if my skills level are current with the syllabus. Browse through the "Sticky: List of recent OSCP threads". If they are not, I will "bite the bullet", go on a diet: air diet, dash diet etc... to save and take the eCCPT course. You're lucky to be working as a Web app Pen Tester so you're way ahead. Another consideration is that eCCPT is less on Web App content so your Web app can complement the eCCPT course in preparation for the OSCP.
I think you will then have less of a learning curve and not too stressed out when you approach the OSCP. I'm in a similar situation although I work primarily as a Vulnerability Analyst. I'm reviewing my foundation of linux admin, programming, etc... since I've been "away from these" for some time.
This is not a race...I'd rather approach this as the Ethiopians and Kenyans doing a middle to long distance running rather than a sprint like Usain Bolt. If your skills set are current, then you can do a "Bolt".
BTW: I like your approach of going through a course/labs 3-4 times to internalize the materials. I'm doing the same at my end. I'm also in the DC area so when you're about to start the OSCP you can ping me to check if I'm done with my foundations. For me I will at least go through the eCCPT course before taking OSCP.
This ^^^ The only reason I would think about doing eCCPT is if I really wanted videos on certain subjects. Even then... that price is so high I would probably stick to the books and other options for learning. Can't imagine that cert is gonna be all that useful since it pretty much unknown to everybody.
I'll actually admit I did purchase it the eCCPT course when it did come out awhile back. Wasn't super impressed myself... (and even got the updated version in hopes it would be a lot better) But others seem to think differently. Personally, I'd pass. Just my 2 cents on it though.
I would say do eCPPT, then do OSCP, and consider doing a lot more certs in the web pentesting arena, eLearnSecurity got more web-based certs, and if you work for an employer that pays for training then consider SANS courses as well.
What I'm trying to say is, don't take a minimalist approach with pentesting certs, because people will expect a lot from you and the threat landscape is ever changing.
Enjoy the ride!
Another point to add to the discussion ....
While I agree that more knowledge in the vast area of penetration testing is worthwhile, I want to debunk the perception that the OSCP is void of web application penetration testing. The videos, pdf, and the labs cover web application penetration testing at an introductory level that unless you have any prior experience in penetration testing, won't seem that introductory level. Cross-site scripting, SQL injection, file inclusion, path traversal, and session tampering are all covered ... and I'd like to also point out, may be on the exam. These random statements saying that web based attacks aren't covered simply aren't true. It is true that advanced web application attacks are not covered and you will need to look at the OSWE course for that, which unfortunately is only offered at Black Hat currently.
While doing my prestuding - I kept finding that i had a lot of knowledge gap.
Yesterday I Signed up for the eJPT - looked at the material and I was pretty happy.
I have changed my thinking and i will do the eJPT, eCPPT, and possibly the new pen testing extreme certification.
I will then look at the OSCP.
The end goal is first build your skill set. Get armed with knowledge, and elearningsecurity has seem to master that.
Once I have finished the above certification, then I will attempt OSCP - which is what employers want.
The only negative with the above strategy is = Cost.
Postive = Get In learn what you need at a faster pace, so you can move on.
OSCP is still the final goal, but first goal should be learn the job and skillset in the most effective and efficient manner
I decided to do the elearn certs later and I am currently doing the OSCP. I do not regret it at all. Go for the OSCP and good luck.
ready . I will advice go through e learn path , you will enjoy along the journey .
* Virtual Hacking Labs
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP
Build your skillsets first, don't rush on getting these 4 letters after your name. Skillsets are more important