Is It OSCP Time?

globalenjoiglobalenjoi Member Posts: 104 ■■■□□□□□□□
Hey all,

I'm hoping to get some feedback for some OSCP decision making. I'm thinking about purchasing the PWK course with 60 days of lab time. I'm taking the GWAPT next week and once I'm done, my training schedule should be free for the next few months. At the GWAPT training, I was encouraged to go ahead and start the course...

I'm curious though... am I ready? Over the last year, I've completed the GPEN and GCIH. I've been working my way (slowly) through the eLearnSecurity PTP course material, and just started the System section with all the buffer overflow stuff. I feel pretty comfortable with the pentest stuff, but I know I still have a lot to learn. I've been doing web app pentesting as a job for about 6 months now. Am I at a point where I could realistically pay for the course and 60 days of lab access, and be ready for the exam at the end of the lab time?

Appreciate any input or feedback!


  • ottucsakottucsak Member Posts: 146 ■■■■□□□□□□
    If you have PTP why don't you finish that first? The curriculum is more or less the same and you get some preparation for the PWK.
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    With where you're at now, I'd say you're definitely ready for the PWK course. But I'd also say you should just finish working through the PTP course as it will only help and you'll be able to make better use of your PWK course time.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • globalenjoiglobalenjoi Member Posts: 104 ■■■□□□□□□□
    ottucsak wrote: »
    If you have PTP why don't you finish that first? The curriculum is more or less the same and you get some preparation for the PWK.

    It's just a matter of timeline, really. I take the GWAPT next week, freeing me from that obligation. I'll likely attend another SANS training in November, so I'm trying to fill that time gap. While I don't think any certs will make any difference in my current job, I do like the idea of getting the OSCP this year. My thought was that if I waited to finish the PTP course first, I'd likely encounter overlap between the PWK course and my SANS training (either GPYC or GXPN). From what I've read, it sounds like it's best to start the PWK course and give the exercises and labs 100% of your training focus, rather than doubling up.

    I have a chunk of the PTP course completed, with just the System and WiFi sections left to go. The Wifi section doesn't seem like it'll be very useful for the OSCP, but the System section definitely does. Is it worth waiting to finish that section? I really don't know much about the quality of info in the PWK course. The PTP material isn't perfect, but it definitely seems thorough.
  • EANxEANx Member Posts: 1,077 ■■■■■■■■□□
    60 days from Nov 1 is Sept 1 so give yourself another six weeks and evaluate then. If you just have the two sections to go, it seems that you could wrap them and the exam up within six weeks, giving you plenty of time to do 60-days in the OSCP before your SANS course.
  • ottucsakottucsak Member Posts: 146 ■■■■□□□□□□
    If you already own it, then think of the PTP as an OSCP bootcamp. If you can tackle the exam, you are ready for the PWK course. It's also pointless to go back to PTP after the OSCP as it's much easier, so I would just get over it now. I would also keep a small buffer time after the OSCP lab, so you can try again if you fail. A lot of people fail for the first time.
  • globalenjoiglobalenjoi Member Posts: 104 ■■■□□□□□□□
    I appreciate all the feedback! I think I'll take the advice here and delay the course for a few weeks while I finish up the PTP stuff, or at least the System section. I have a feeling that buffer overflows are a weak spot that I'll need to improve anyway.

    Related, but is the eCPPT exam worth taking? I bought the training specifically for the training, without giving much thought to the exam and cert.
  • ottucsakottucsak Member Posts: 146 ■■■■□□□□□□
    It's a timed practical hands-on exam, where your pass/fail depends on whether you can hack and write reports that provide value as well. It's easier than most PWK lab machines (especially without restrictions), but has all the bread and butter stuff from buffer overflow to linux exploitation and pivoting. I would personally take it especially if it's already paid for, to see in what areas might need more focus before PWK. If you are prepared, you can pass it in a few days including reporting.
Sign In or Register to comment.