OSCP vs CRT

lewis2018

I've recently earned the OSCP cert and have begun to work toward Crest Registered Tester (CRT). Does anybody here have experience of sitting both exams?

I've heard from some that if you have OSCP then CRT is pretty easy.

deltzy

I've got both. I initially got the OSCP and then you can go for the CRT Equivalency, see details here.

Essentially you have to do the CREST CPSA Exam and then pay £100 to get the CREST CRT without the need to do the CRT exam. The CPSA exam is rubbish in my opinion, it's really broad in terms of it's content, not many study materials and the technology within the syllabus is outdated. It's multiple choice but not really hard, it's just hard to know when your ready for the exam.

lewis2018

I've got the CPSA exam next week. I'm not really expecting too much trouble with it as i know it is a pretty junior level cert. I've looked into the CRT equivalency but unfortunately that path doesn't earn you CHECK status which is incredibly important in the UK. So annoyingly i have to sit the CRT too. I'm hoping sitting the CRT will be a breeze after only doing the OSCP a month ago.

CPSA + CRT = CHECK

CPSA + OSCP = CRT (no CHECK status awarded)

SteveLavoie

Sorry for curiosity (sorry I am Canadian too eh),  What is the "CHECK" status?

lewis2018

CHECK is an approved UK government scheme that certifies you to be a either a member of a pen test team (CHECK Team Member) or a lead of a pen test team (CHECK Team Leader). Its very much sought after here just because it carries that seal of approval.

https://www.crest-approved.org/schemes/ncsc-penetration-testing/index.html

SteveLavoie

Thanks you @lewis2018!  I think it is a good initiative from UK government.   Does it have a good impact in the industry?

lewis2018

Kind of. Its nice to have an approved standard to work towards but I've heard some of the content that is tested is a bit dated. Also the OSCP is believed to be a harder certification to achieve but CREST CRT (and CHECK) is considered to be more important here

SteveLavoie

Well.. too often governement regulation lag . They are big machines and governement worker have too much office politics, red tapes and processus to be fast.

Mike7

An "advantage" of CREST exams over OSCP is that except for CPSA, all pentest exams are practical based and are conducted under supervision.  Despite offsec's best intentions, we still hear about OSCP who cheated, eg 

https://twitter.com/vysecurity/status/1231292380793327617?s=19

OSCP may be harder than CRT, but CREST do have higher level exams that are more difficult

alvinoo

I am currently OSCP, with CRT.
However, CRT going to expire in Feburary 2021 next year.
What will be the strategy to take CRT exam this time round?

Mike7

Take the CRT exam?  

CREST has strict NDAs that disallows any discussion about exam details. Basically, the practical exam is not difficult if you have been practising and understand the syllabus at https://www.crest-approved.org/examination/registered-tester/index.html


The other strategy is to take higher level CCT exam.