Offensive Security declined my registration seemingly without a reason

xtCt7mhTxtCt7mhT Member Posts: 3 ■□□□□□□□□□
Hi all!

After saving up time and money for a few months, I was excited to finally register for the PWK course today.
I received the confirmation mail and the instructions for the VPN connectivity pack.
But shortly after, I was met with disappointment as this mail came in:

Thank you for registering for our PWK course.

OffSec Services Limited is a private company, and as such, we reserve the right to choose our students based on criteria we've compiled from our experience in the field. We are also bound by strict legal obligations, which we must adhere to given the nature of our training.

We have received your registration request and after a thorough review, your registration has been declined. Your payment has been refunded in full and will appear in your account within the next 3 to 5 business days.

Our decision is final; please do not submit further registrations, as they will not be addressed.

We wish you all the best in finding alternative training from another vendor.

Sincerely,

The Offensive Security Team
I politely asked for the reasoning behind this, but they refused to answer:
As our review process is proprietary, we are not at liberty to discuss this matter further.

I know they do some kind of background check, but as a young student without any criminal record or history in unethical hacking, I do not understand what would make them decline my registration.
Yes, they are a private company and probably do not need to explain their decisions, but I find this quite discriminating.
Were I live, the OSCP is almost always a requirement for landing a pentesting job, and they are denying me that opportunity.

Any advice is appreciated.
Thanks!


Comments

  • shochanshochan Member Posts: 933 ■■■■■■□□□□
    Maybe you should do a background check on yourself to see what is on your record.  I am not sure the best company or website to do that with, but that's what I would try.  Good luck.


    2020 Goal ~ Linux+
  • MrsWilliamsMrsWilliams Junior Member Member Posts: 192 ■■■■□□□□□□
    edited June 2019

    I know they do some kind of background check

    Who told you that? If they did a background check on you, wouldn't you know exactly what type of background check they did? 

    All I sent them was a passport copy. That did a background check on me based off of the information I submitted online (work/school email) and a passport copy? 

    They must really be GOOD! >:)

    You are sounding real suspect right now...  :|

    Personally, I have NEVER heard of anyone getting denied. So, I personally think it's more to the story. That is just me..


  • PC509PC509 CISSP, CEH, CCNA: Security/CyberOps, Sec+, CHFI, A+, Proj+, Server+, MCITP Win7, Vista, MCP Server 2 Oregon, USMember Posts: 801 ■■■■■■□□□□
    If they did a background check, you're supposed to be able to know the source (at least in the US) and reasons for denial if it was due to information in the background check. I also think you're supposed to give permission for them to do so. 

    Where are you located? Any chance your ISP was from a country with sanctions? There's got to be more to the story and some other explanation. You probably won't get it from them, but there might be something you're neglecting to mention. I know I had something in my past that came up previously. Not real proud of it (nothing horrible by any means), but it has caused issues in the past. 
  • chrisonechrisone Senior Member Member Posts: 2,070 ■■■■■■■■■□
    Hmmm I am assuming you used a university email? maybe something didn't line up or they have caught cheaters from the university domain you have previously used? 
    Certs: CISSP, OSCP, CRTP, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2020 Goals:
    Courses: VHL (completed), CQURE: Windows Security Crash Course (completed), BlackHills InfoSec: Breaching the Cloud (completed), eLearnSecurity: WAPTv3 (completed), eLearnSecurity: IHRP (completed), eLearnSecurity: THPv2 (in-progress)
    Certs: VHL: Advanced+ (completed), OSCP (completed), AZ-500 (failed 1st attempt), eLearnSecurity: eWPT (failed 2x, no further attempts), eLearnSecurity: eCIR (complete), eLearnSecurity: eCHTPv2
  • xtCt7mhTxtCt7mhT Member Posts: 3 ■□□□□□□□□□
    shochan said:
    Maybe you should do a background check on yourself to see what is on your record.  I am not sure the best company or website to do that with, but that's what I would try.  Good luck.
    I might actually do that, thanks!

    Who told you that? If they did a background check on you, wouldn't you know exactly what type of background check they did?
    I think I read that somewhere, I might have to revisit the terms of service that I accepted.
    Also when they said they are "bound by strict legal obligations", it gave me this impression.

    All I sent them was a passport copy. That did a background check on me based off of the information I submitted online (work/school email) and a passport copy?
    They didn't even ask for a passport copy in my case.
    So even if they did some sort of check, they would have had no way of uniquely identifying me, which makes this even stranger.

    PC509 said:
    If they did a background check, you're supposed to be able to know the source (at least in the US) and reasons for denial if it was due to information in the background check. I also think you're supposed to give permission for them to do so. 

    Where are you located? Any chance your ISP was from a country with sanctions? There's got to be more to the story and some other explanation. You probably won't get it from them, but there might be something you're neglecting to mention. I know I had something in my past that came up previously. Not real proud of it (nothing horrible by any means), but it has caused issues in the past. 
    I must admit, I didn't read the ToS when I signed up, will check this later if it says something about a background check.
    I am from central Europe and my IP was also from here, definitely no sanctions.
    Also have a couple of colleagues and fellow students with similar educational and professional backgrounds that did the OSCP without a problem.

    chrisone said:
    Hmmm I am assuming you used a university email? maybe something didn't line up or they have caught cheaters from the university domain you have previously used? 
    I doubt it actually, it's not a big university (at least not many itsec students) and blacklisting a whole university seems a bit excessive.
    And even if that was the case, I wouldn't want to register using a different email and hoping it slips through, because they explicitly told me not to try.


    To be fully honest guys, I think i know the root of this issue...
    Although I was born and live in Europe, my name is pretty common in the middle east and I'm pretty sure that someone with my name is on some kind of list :/
    I have had similar issues with bank accounts in the past, where "their system" would refuse to accept my name, and I had to provide a passport copy to proceed.
    I don't know what kind of check they did, but each time they would tell me that they can't give me more information about it and they need a passport copy to validate my identity.

    The thing I don't understand is why OffSec seems so uninterested to resolve the issue, by asking for e.g. a passport copy.
  • xtCt7mhTxtCt7mhT Member Posts: 3 ■□□□□□□□□□
    edited June 2019

    They must really be GOOD! >:)

    You are sounding real suspect right now...  :|
    BTW, I find it quite amusing that you are surprised how they would check and refuse someone based on the little information they have, while you just threw me into suspicious-bucket without any information about me. :p

    And actually I did find another case where someone was declined, but in that case it seemed to be due to poor communication skills.
    community.infosecinstitute.com/discussion/118876/registration-in-oscp


  • MrsWilliamsMrsWilliams Junior Member Member Posts: 192 ■■■■□□□□□□
    edited June 2019
    xtCt7mhT said:

    They must really be GOOD! >:)

    You are sounding real suspect right now...  :|
    BTW, I find it quite amusing that you are surprised how they would check and refuse someone based on the little information they have, while you just threw me into suspicious-bucket without any information about me. :pDidn't I say it was more to the story, or you have selective reading?  My suspicions are growing by the minute >:) True Story!!!

    And actually I did find another case where someone was declined, but in that case it seemed to be due to poor communication skills.
    community.infosecinstitute.com/discussion/118876/registration-in-oscp 


     :D  :D:D:D

    The poster you listed sent offensive security his school ID  :D:D:D

    Yeah, he should have not been allowed to test for doing such a thing. Reading it literally made me laugh.  What was he looking for an educational discount at iHOP? That was a funny read. Thank You.

    You and the joker who sent them his school IT can read the acceptable documents and (privacy) information they collect:

    https://www.offensive-security.com/privacy-policy/

    Sometimes people forget some of the things they say can be #FactChecked #DontTustEverythingYouReadOnTheInternet

    I am done here and not coming back. These minutes of my life I will not get back. Next Post !
Sign In or Register to comment.