Compare cert salaries and plan your next career move
_Dark_Knight_ wrote: » I totally agree. Thanks for the welcome
dynamik wrote: » Anytime. So, set a date for the OSCE yet? That GPEN you have is nice as well. For anyone looking for a more straight-forward pen testing course, I'd highly recommend that. I think the GPEN and OSCP compliment each other immensely.
L0gicB0mb508 wrote: » Some interesting responses, and I do respect everyone's opinion on the class. I'm pretty well finished with it, I haven't set a date for the challenge yet. Anyway, on with the hate (just kidding). I have no issues with a class that challenges you to think outside the box. Actually I really prefer a challenge. I love the challenge this course has provided, but that was never my issue here.My issue is I paid for someone to teach me about ethical hacking. I paid for some expert level knowledge to be passed in my direction. I didn't pay for a class that tells me to go read the foundational material from a wiki page. I expected that to be taught, that's why I paid for the class. If you ask for help you get the old "try harder". This is my opinion of course. So far everyone but me seems to really think it was awesome. Maybe I'm just missing something, I dunno.
_Dark_Knight_ wrote: » I completely understand where your coming from. I felt the SAME way in the initial stages hell what am I saying through out the ENTIRE course. But it was one HELL of ride.
JockVSJock wrote: » I was at a infosecurity outing where I live and two guys talking two had alot of praise for these certs. I was wondering what others though of these say Vs the SANS certs? thanks
JDMurray wrote: » For anyone who is not an OS or app pen tester by profession, I would recommend the following course of action to be performed for a month or two before you actually start the PWB (OSCP) course:View the tutorial videos at Offensive Security to get an idea of what the class materials are like. Download and install BackTrack 4 on a laptop or VM and update/upgrade it over your Internet connection. Read/watch the BackTrack 4 Guides and Howtos. If you are unfamiliar with Ubuntu (Debian) Linux or KDE, should learn how to configure networking, install and upgrade software packages using both the GUI shell and the command line. If you do not know Linux at all, you invest in an Intro to Linux book or class to learn all you can about using and managing a Linux box. The objectives of the CompTIA Linux+ certification is an excellent reference of Linux commands and features you should know. Browse through the tools on BackTrack available in the /pentest subdirectory and the KDE menu. Become familiar with the use of the more common pen testing tools. Know how to write simple bash shell scripts or other types of UNIX or Linux shell scripting. Knowing either Perl or Python is a great help in the OSCP class; they are used by several of the assignments. Spend some time learning to write very basic programs in either or both of these languages. Install the LEO XML editor, view the LEO demo video and the Leo Screenbook, and familiarize yourself with using LEO. You’ll need to install Python 2.x if you haven’t already. Understand the fundamental organization and operational principles of computer architecture (e.g., stack, heap, CPU registers). Understand the lifecycle of a running program and how it “lives” in the computer. Learn the basics of Intel x86 assembly language and how it is used to create an operation program. Learn how to use Ollydbg or IDA Pro to load and step through the execution of a program. YouTube has a lot of videos on these disassemblers. Books on reverse engineering do as well. Become familiar with the structure and content of the Milw0rm and Exploit Database and SecurityFocus Web sites. Read through the posts in the forums at forums.offensive-security.com. You will gain access to more forums after you have signed up for the course, and read through the posting on those as well. If you are not on IRC then now’s the time to learn how by visiting the Offensive Security channel at [URL]irc://freenode/offsec[/URL]. For an IRC client, I use the ChatZilla add-on for FireFox. If you manage to accomplish most of these tasks before starting the actual PWB class, you will be well ahead of most of your fellow classmates. Much of your introductory work will already be completed and you won't waste valuable lab time trying to figure out how to do things like use Linux commands, write shell scripts, or install software. Instead, you will be ready and confidant to connect to the virtual lab and start working on the PWB modules.
L0gicB0mb508 wrote: » These are a lot cheaper and more "hands on" than most of the SANS stuff. They also don't hold your hand nearly as much. It's pretty enjoyable once you get passed the delivery of the content. That's really been the only complaint I have had. Update on my progress. I've finished all the course videos and most of the labs. I should be scheduling to take this in the next week. I'm messing around in the labs as we speak. Just messing around I was able to get a shell on 3 servers, so I feel pretty confident on the lab. This course has definitely helped me in my technical understanding of attacks. No matter what, it's been pretty fun.
veritas_libertas wrote: » How did the exam go?
Bl8ckr0uter wrote: » I don't think he took it or he didn't pass. I think he said something about his experience going to poop and he started to hate Offensive Security. I'd really want to take this course but I know I will only be able to afford the 30 day length. I have quite a few books that I am going to read to prepare for it. Maybe by the time I get to the point when I am ready to take it, I will have more cash on hand. Are you planning on going for it Veritas?
veritas_libertas wrote: » No, just curious. We had someone give a presentation at our Greenville ISSA, and during the presentation he talked about his experience getting the OSCP. He seemed to really like the whole experience.
ipchain wrote: » Save a bit of money and go for it - it's an adventure you won't regret embarking on! I will post a review once I get through it all and take the exam, but so far so good!
Bl8ckr0uter wrote: » Would you say that it has been worthwhile and worth the money? Moreso than GPEN? Also (as I know you are a Senior security resource) all other things equal if you saw someone with OSCP, CCNP, CCNP:S vs someone with SSCP,CCNP,CCNP:S which person would you lean towards for a JR security analyst role (again all other things being equal including personality, experience, etc)?
Bl8ckr0uter wrote: » I guess I should as in your opinion which holds more value for JR level security analyst SSCP or OSCP?
ipchain wrote: » In my opinion, OSCP holds more value than SSCP and CISSP. Some people might disagree with me on this, but I value 'technical' certifications a lot more than those who are solely based on 'theory'. Give two lines of shellcode to a CISSP and he/she will be clueless. Give them a copy of BackTrack 5 and ask them to encode a payload...the list goes on and on. Reading a 1200 page book in preparation for SSCP or CISSP isn't worth your time and money, unless it is a requirement to keep your job. I'm still looking for answers as to why I did it... Don't want to hijack this thread, so I apologize to the OP if I deviated from the original topic.
Bl8ckr0uter wrote: » Part of the issue is that HR people don't care about OSCP for the most part. They only want CISSP and maybe GSEC or CEH.
Bl8ckr0uter wrote: » +Rep. Thank you very much for your perspective. I think I know which way I am going to go.
rogue2shadow wrote: » I'm 100% starting this in January with the 90 day package. Maybe we should start up a thread about the lab experience and the pain we endure throughout it (of course without revealing any specifics).
Compare salaries for top cybersecurity certifications. Free download for TechExams community.
