OSCP vs HTB difficulty
zlykot
Member Posts: 32 ■■□□□□□□□□
Hey all,
I would like to understand the difficulty of OSCP compared to say medium difficulty HTB boxes. This is mostly to level set my expectations as to how much time is going to be needed to get certified. I have not purchased the PWK training, however I would like to get it done in the next ~30days.
Any advice would be great.
Thanks
T
I would like to understand the difficulty of OSCP compared to say medium difficulty HTB boxes. This is mostly to level set my expectations as to how much time is going to be needed to get certified. I have not purchased the PWK training, however I would like to get it done in the next ~30days.
Any advice would be great.
Thanks
T
Comments
-
datakan Member Posts: 17 ■■□□□□□□□□HTB systems are largley CTF based. Its mostly flags and hints obfuscated in odd places. You can get most HTB systems with the right fuzzing and word lists. That said, HTB systems generally take a lot longer for this reason and since you're playing with word lists and odd tools they can seem a lot harder.
OSCP lab systems are usually pretty straight forward. I've gotten every system except one in the lab so far and only one or two felt like a HTB system. It's a different setup entirely.
OSCP is focused on real world scenarios, stuff you may see on a pentest. HTB is based on stuff you'll see in competitions.
One thing I think HTB has over the OSCP lab is the challenges. I wish OSCP had challenges like those to help with learning some of the content. -
zlykot Member Posts: 32 ■■□□□□□□□□Thanks for the feedback. The enum part of HTB sometimes get to me, I think i spent 2 days on the pfsense box just running various wordlists... bit unnecessary...
I guess Ill just bite the bullet and buy the 30day lab. -
BuzzSaw Member Posts: 259 ■■■□□□□□□□With all due respect to datakan, I don't agree with the comments above.
"OSCP is focused on real world scenarios, stuff you may see on a pentest. HTB is based on stuff you'll see in competitions." -- I think this is largely not true in my experience.
On one hand, I can think of no less than 3 OSCP targets that were not much more than CTF style targets. Things that would have little to no use "in the real world" OTHER than getting your mind to think in a puzzle solving mode.
On the other hand, I actually used my notes from rooting one of the HTB boxes recently in the real world ... In fact, the exact syntax ...
Both can and will provide valuable insight, lessons, and knowledge. But, using one as a gauge for the other is hard. -
LonerVamp Member Posts: 518 ■■■■■■■■□□+1 what datakan said. OSCP/PWK is a training course with course materials, and with one or three exceptions, every lab box falls within the scope of what they want to teach you. HTB, on the other hand, has no scope, and often the authors of those boxes are trying hard to be tricky, cute, or clever, so the challenges often tend to be very unrealistic, bordering on puzzles or trivia.
Also, I think that's a wonderful suggestion to OSCP/PWK for challenges.
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs? -
datakan Member Posts: 17 ■■□□□□□□□□With all due respect to datakan, I don't agree with the comments above.
"OSCP is focused on real world scenarios, stuff you may see on a pentest. HTB is based on stuff you'll see in competitions." -- I think this is largely not true in my experience.
On one hand, I can think of no less than 3 OSCP targets that were not much more than CTF style targets. Things that would have little to no use "in the real world" OTHER than getting your mind to think in a puzzle solving mode.
On the other hand, I actually used my notes from rooting one of the HTB boxes recently in the real world ... In fact, the exact syntax ...
Both can and will provide valuable insight, lessons, and knowledge. But, using one as a gauge for the other is hard.
Not sure what you're disagreeing with me on. You pretty much said exactly what I did.
There are 54 boxes in the lab. 3-4 CTF like ones does not make it anything remotely like HTB, plus those 3-4 CTF boxes are doable in 1-2 hours for a reasonably competent person. HTB systems will take hours if not days just to fuzz them correctly.