Pentesting Certifications

pentestpentest Member Posts: 23 ■■■□□□□□□□
I'm going through certifications in the pentesting field which would give me a hard challenge and where I can prove myself. I'm not really interested if it's recognized by HR. So far I've come up with:
  • GIAC Certified Penetration Tester (GPEN)
  • GIAC Reverse Engineering Malware (GREM)
  • Offensive Security Certified Expert (OSCE)
  • Offensive Security Certified Professional (OSCP)
  • Certified Expert Penetration Tester (CEPT)
  • Certified Penetration Tester (CPT)
  • Certified Reverse Engineering Analyst (CREA)
  • Certified Network Offense Professional (NOP)

Are there any other good ones which would fit into the above?

Comments

  • ibcritnibcritn Member Posts: 340
    I would consider this:
    • Offensive Security Certified Professional (OSCP)


    GPEN is also a very good certification. I took the class and learned quite a bit from Mr. Skoudis
    CISSP | GCIH | CEH | CNDA | LPT | ECSA | CCENT | MCTS | A+ | Net+ | Sec+

    Next Up: Linux+/RHCSA, GCIA
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,665 Admin
    Geez...isn't that enough? icon_lol.gif How about a cert in social engineering? That's certainly pen testing.


    Seriously, make sure that you understand the differences between those certs. They aren't all about exactly the same skills and technologies. Some are about (wired or wireless) network pen testing, (at least) one is about application pen testing, and some are just a general survey of pen testing and related areas, such as incident handling and response. There are also some tools used in pen testing that have their own vendor cert (such as Wireshark).
  • pentestpentest Member Posts: 23 ■■■□□□□□□□
    I've already completed most of them (CPT, CEPT, OSCP, OSCE, GPEN, CREA), so I was looking for any other certs towards those areas. A social engineering cert would be fun, but I'm not aware of any.

    I'm not sure if vendor or tool specific ones are what I'm currently looking for.
  • iVictoriVictor Member Posts: 45 ■■□□□□□□□□
    pentest wrote: »
    I've already completed most of them (CPT, CEPT, OSCP, OSCE, GPEN, CREA), so I was looking for any other certs towards those areas. A social engineering cert would be fun, but I'm not aware of any.

    I'm not sure if vendor or tool specific ones are what I'm currently looking for.

    GREM / CREA is not really pentest stuff but more of a research / offline stuff. You wouldn't do that on a typical pentest engagement, now would ya?

    And did you miss this:
    SANS 660
    This is the Right Time
  • pentestpentest Member Posts: 23 ■■■□□□□□□□
    We had quite a few pentests which involved binary auditing/ reversing and exploit development. Clients not always favor source code reviews.

    Sec 660 sounds interesting (as does Sec 710), unfortunately there aren't any certifications involved. There would be quite a few other courses which would fit into it, such as Offensive Security's Advanced Windows Exploitation (AWE), but I'm missing the challenge then. :)
  • iVictoriVictor Member Posts: 45 ■■□□□□□□□□
    Did you check out hackingdojo?
    This is the Right Time
  • NobylspoonNobylspoon Member Posts: 620 ■■■□□□□□□□
    Does Mitnick still teach the Certified Social Engineering Prevention Specialist course?
    WGU PROGRESS

    MS: Information Security & Assurance
    Start Date: December 2013
  • pentestpentest Member Posts: 23 ■■■□□□□□□□
    Yes, thanks for bringing this one up. From my understanding, it's not an advanced course (although there are several 'levels' you can reach), though (similar as with Certified Professional Penetration Tester (eCPPT)).

    I assume there aren't too many others as the ones mentioned in the initial post. Guess I'll try to get the ones I'm still missing and see what to do then.
  • kriscamaro68kriscamaro68 A+, Net+, Server+, Security+, Win7 MCP, Server 2012 Virtualization Specialist, MCSA 2012 Member Posts: 1,186 ■■■■■■■□□□
    pentest wrote: »
    I'm going through certifications in the pentesting field which would give me a hard challenge and where I can prove myself. I'm not really interested if it's recognized by HR. So far I've come up with:
    • GIAC Certified Penetration Tester (GPEN)
    • GIAC Reverse Engineering Malware (GREM)
    • Offensive Security Certified Expert (OSCE)
    • Offensive Security Certified Professional (OSCP)
    • Certified Expert Penetration Tester (CEPT)
    • Certified Penetration Tester (CPT)
    • Certified Reverse Engineering Analyst (CREA)
    • Certified Network Offense Professional (NOP)

    Are there any other good ones which would fit into the above?

    If your looking at collecting the entire set of pentesting certs then there is:
    elearnsecurity's ECPPT.
    Also as another user said Hacking DOJO.
    No mention either of CEH but it looks like you are way past that.
  • xopitoxopito Member Posts: 20 ■□□□□□□□□□
    God I gotta done one of that!
  • rogue2shadowrogue2shadow CISSP, GXPN, OSCE, OSCP, OSWP, eMAPT, CEH, CNDA, A+, Network+, Security+ Member Posts: 1,501 ■■■■■■■■□□
  • iVictoriVictor Member Posts: 45 ■■□□□□□□□□

    This is cool.! Their cost is half of that of SANS and curricula / process is realistic, IMO. Only aspect missing perhaps is their geographical coverage. It's still in its nascent stage. Hopefully it'd spread over soon.

    Till then SANS it is.
    This is the Right Time
  • blackholeblackhole Member Posts: 59 ■■□□□□□□□□
    JD - I want your take on CEH7 or SANS 504. Which one has better value given consideration as 7 is brand new.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,665 Admin
    blackhole wrote: »
    JD - I want your take on CEH7 or SANS 504. Which one has better value given consideration as 7 is brand new.
    A "better value" for what? For learning and practical training regarding incident handling, the GCIH is the better value. For a broad survey of InfoSec topics and recognition by employers, the CEH is the better value.

    What's your specific reason(s) for wanting either cert?
  • blackholeblackhole Member Posts: 59 ■■□□□□□□□□
    to supplement CISSP cert. my current job is to configure routers for large customers mpls/internet cloud on edge and private routers. firewalls VPN extensions etc etc. now I want to expand my horizon given CISSP cert prime importance so want something that will give me knowledge as well as value added when I make switch to full time security position.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,665 Admin
    blackhole wrote: »
    I want to expand my horizon given CISSP cert prime importance so want something that will give me knowledge as well as
    value added when I make switch to full time security position.
    What occupational field(s) do you think that might be? What are your prime interests?
  • blackholeblackhole Member Posts: 59 ■■□□□□□□□□
    that's why I need advise .... I don't want to be pen tester, ultimately i want to step in to risk-management and I want something that will give me boost. so making question easier given a choice of CEH7 or SAN 504 where you will lean ?
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    I've heard that CEH version 6 was basically just tools-oriented, while version 7 upped the class more (in terms of what, I'm not sure, so I can't comment much here).

    I'm finishing up the 504 course now and plan to sit for the GCIH exam soon. If you want to know "attack tools and methods" in the context of attack phases as well as a balanced perspective from a defender's / incident handler's perspective, I think the SANS route is probably better.

    It seems CEH is more recognizable on a resume, although I see some job postings also asking for GIAC certs.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • phoeneousphoeneous Go ping yourself... Member Posts: 2,333 ■■■■■■■□□□
    This may be a broad question but what is the job market like for pentesters, specifically network security? Is there a high demand? Is it mainly government that contracts for these spots?
  • DarrilDarril Member Posts: 1,588
    I was just reviewing the new PenTest magazine (PenTest Extra 01/2012 | Issues | PenTest Magazine) and it was advertising courses for the Social Engineering for Penetration Testers (S.E.P.P.) certification. I had never heard of this before so did a few searches and came up with this page among others. This page (Black Hat ® Technical Security Conference: USA 2012 // Social Engineering for Penetration Testers by Chris Hadnagy and Robin Dreeke) says that it "is a multiple day, hands-on exam (scheduled within 60 days of completing the course) with true-to-life practical tests that will prove you have accomplished the skills needed to earn your S.E.P.P. credentials."

    I can't vouch for it, but it certainly sounds like a multiple-day exam would challenge anyone, which is what the original poster was looking for.

    Does anyone else know anything about this cert?

    Darril
  • pentestpentest Member Posts: 23 ■■■□□□□□□□
    Thanks Darril, that seems to be an interesting one.

    Since my last post, Offensive Security has added two more certifications to their arsenal:
    • Offensive Security Exploitation Expert (OSEE)
    • Offensive Security Web Expert (OSWE)
  • beadsbeads Senior Member Member Posts: 1,503 ■■■■■■■■■□
    Just how would one test Social Engineering in the real world? Follow a potential attacker around with a video camera? I mean just how do you prove you social engineered anyone? Oh yeah. He got me. Let me do a video interview admitting I'd been had. icon_redface.gif
  • DarrilDarril Member Posts: 1,588
    beads wrote: »
    Just how would one test Social Engineering in the real world? Follow a potential attacker around with a video camera? I mean just how do you prove you social engineered anyone? Oh yeah. He got me. Let me do a video interview admitting I'd been had. icon_redface.gif

    A couple of techniques I've seen used in actual test are related to tailgating and phishing.

    Tailgating. In organizations that require users to enter a cipher code or use a proximity card badge to gain entry, the tester simply walked in with other employees without entering a code or using a proximity card. The fact that the tester is inside is proof that it was successful.

    Phishing/spear phishing. An email is spoofed so that it looks like it's coming from someone official and sent to multiple employees. As a classic phishing email, it explains some problem and includes an urgent requirement that user's respond with their username and password. The credentials received by individuals is proof that it was successful.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,665 Admin
    There are many companies that will do social engineering and phishing testing. Kevin Mitnick's company comes to mind. And I have professional acquaintances that work at phishme. You can certainly make a profession at social engineering.
  • SephStormSephStorm Member Posts: 1,732
    I think the question was more about how do you test SE skills for an exam.
  • gabyprgabypr Member Posts: 136 ■■□□□□□□□□
    Darril wrote: »
    I was just reviewing the new PenTest magazine (PenTest Extra 01/2012 | Issues | PenTest Magazine) and it was advertising courses for the Social Engineering for Penetration Testers (S.E.P.P.) certification. I had never heard of this before so did a few searches and came up with this page among others. This page (Black Hat ® Technical Security Conference: USA 2012 // Social Engineering for Penetration Testers by Chris Hadnagy and Robin Dreeke) says that it "is a multiple day, hands-on exam (scheduled within 60 days of completing the course) with true-to-life practical tests that will prove you have accomplished the skills needed to earn your S.E.P.P. credentials."

    I can't vouch for it, but it certainly sounds like a multiple-day exam would challenge anyone, which is what the original poster was looking for.

    Does anyone else know anything about this cert?

    Darril

    I havent heard of this certification, but sounds interesting. Lets see how this certification evolve and increase security awareness and practices.

    I didnt see the EC-Council Licensed Penetration Tester LPT certification Ethical Hacking, Information Security, Computer Security, Penetration Testing, Certified Ethical Hacker, Pen Testing, Penetration Tester, Ethical Hacking Training, Network Penetration Testing
    EC-Council Master in Security Science M.S.S [Done]

    Reading Project Management Professional (PMP) Certification Exam prep by Sohel Akhter
  • JayTheCrackerJayTheCracker Member Posts: 169
    good ones may be eCPPT, CEH, LPT, CPT, CEPT, OSCP, OSCE, GPEN, GWAPT, GAWN & GXPN
  • the_hutchthe_hutch Banned Posts: 827
    I've got a few to add. I'm surprised nobody has mentioned OSWP (Offensive Security Wireless Professional).

    In addition to that, there are all the SecurityTube options, by Vivek Ramachandran. These include:
    - SWSE (SecurityTube WiFi Security Expert)
    - SMFE (SecurityTube Metasploit Framework Expert)
    - SPSE (SecurityTube Python Scripting Expert)
Sign In or Register to comment.