Is It OSCP Time?

Hey all,

I'm hoping to get some feedback for some OSCP decision making. I'm thinking about purchasing the PWK course with 60 days of lab time. I'm taking the GWAPT next week and once I'm done, my training schedule should be free for the next few months. At the GWAPT training, I was encouraged to go ahead and start the course...

I'm curious though... am I ready? Over the last year, I've completed the GPEN and GCIH. I've been working my way (slowly) through the eLearnSecurity PTP course material, and just started the System section with all the buffer overflow stuff. I feel pretty comfortable with the pentest stuff, but I know I still have a lot to learn. I've been doing web app pentesting as a job for about 6 months now. Am I at a point where I could realistically pay for the course and 60 days of lab access, and be ready for the exam at the end of the lab time?

Appreciate any input or feedback!

Find more posts tagged with

Comments

ottucsak

If you have PTP why don't you finish that first? The curriculum is more or less the same and you get some preparation for the PWK.

JoJoCal19

With where you're at now, I'd say you're definitely ready for the PWK course. But I'd also say you should just finish working through the PTP course as it will only help and you'll be able to make better use of your PWK course time.

globalenjoi

ottucsak wrote: »

If you have PTP why don't you finish that first? The curriculum is more or less the same and you get some preparation for the PWK.

It's just a matter of timeline, really. I take the GWAPT next week, freeing me from that obligation. I'll likely attend another SANS training in November, so I'm trying to fill that time gap. While I don't think any certs will make any difference in my current job, I do like the idea of getting the OSCP this year. My thought was that if I waited to finish the PTP course first, I'd likely encounter overlap between the PWK course and my SANS training (either GPYC or GXPN). From what I've read, it sounds like it's best to start the PWK course and give the exercises and labs 100% of your training focus, rather than doubling up.

I have a chunk of the PTP course completed, with just the System and WiFi sections left to go. The Wifi section doesn't seem like it'll be very useful for the OSCP, but the System section definitely does. Is it worth waiting to finish that section? I really don't know much about the quality of info in the PWK course. The PTP material isn't perfect, but it definitely seems thorough.

EANx

60 days from Nov 1 is Sept 1 so give yourself another six weeks and evaluate then. If you just have the two sections to go, it seems that you could wrap them and the exam up within six weeks, giving you plenty of time to do 60-days in the OSCP before your SANS course.

ottucsak

If you already own it, then think of the PTP as an OSCP bootcamp. If you can tackle the exam, you are ready for the PWK course. It's also pointless to go back to PTP after the OSCP as it's much easier, so I would just get over it now. I would also keep a small buffer time after the OSCP lab, so you can try again if you fail. A lot of people fail for the first time.

globalenjoi

I appreciate all the feedback! I think I'll take the advice here and delay the course for a few weeks while I finish up the PTP stuff, or at least the System section. I have a feeling that buffer overflows are a weak spot that I'll need to improve anyway.

Related, but is the eCPPT exam worth taking? I bought the training specifically for the training, without giving much thought to the exam and cert.

ottucsak

It's a timed practical hands-on exam, where your pass/fail depends on whether you can hack and write reports that provide value as well. It's easier than most PWK lab machines (especially without restrictions), but has all the bread and butter stuff from buffer overflow to linux exploitation and pivoting. I would personally take it especially if it's already paid for, to see in what areas might need more focus before PWK. If you are prepared, you can pass it in a few days including reporting.