Calling all Penetration Testing with BackTrack (PWB)/OSCP students!

Quantumstate

I've never seen any employers asking for the OSCP. I know it is a prize, but it only seems to be valued in the blackhat community.

YuckTheFankees

The way I see it; I've never heard one negative remark about the course and the employers that need to know about the course, usually know about it.

ipchain

YuckTheFankees wrote: »

I officially bought the OSCP course, starting the 12th. Do they grant access to the lab guide and video's before the start date (I know I can't use the actual lab until then)?

** I emailed them asking if I could start sooner and I just received an email stating I'm starting on the 5th

Awesome, best of luck! Keep us posted on your progress, will you?

Killj0y

Good luck to all taking the OffSec course. It will be a fun, painful ride. Side Note: I agree with YuckTheFankees. Every Sec meeting group or conference I go to, the OffSec courses get a lot of respect and praise. I think the word is getting out. If HR could look past CISSP, I think it would get more praise however.

demonfurbie

i think after im done with wgu ill head to the off sec wireless one

its not perse hr people its the DOD that really likes the CISSP and hr people just go along with it

the_Grinch

Believe me OSCP is known regardless of whether HR sees it or not. I recently spoke with an IT Security Manager at one of the Federal Reserve Banks and he was planning on putting most of his staff through the course.

YuckTheFankees

Update: I've only had the course for about 3 days and I have roughly 15 hours of study time invested already, I'll add another 5 hours tonight. I still have about 4 hours of video to go + reading the pdf for the modules + gaining more experience with BASH and Python (I can write small task with both of them at this time) + learning buffer overflows. Sooo, I probably have about 25-40 hours of additional studying before I can feel comfortable with the lab, maybe even more. Which I'm completely fine with because everyone suffers through it.

Having read over 20 or so reviews for the course has definitely helped with my preparation and mental toughness for the course. Knowing that a lot of students had no prior knowledge of buffer overflows before the course, has helped me push through the material until I understand it and can start editing exploits.

Update: Today will be my 16th day with the course and so far the course has met my expectations. I have currently put 42 hours into the course and I am happy to say I have gained root on 5 boxes so far . Every time I gain root on a system, my confidence in the lab goes up ten fold. Given, they might not of been the hardest systems in the vulnerable network but never-the-less, I have learned SO MUCH in the last 2 weeks.

At this point in time, I am thinking about taking the OSCP exam somewhere near the end of September/beginning of October.

dbrink

Very cool. I'm just getting starting to work my way into learning this stuff so anything like the OSCP is way down the road for me. It is nice to see the progress you guys are making....

MrBrian

I have the OSCP on my radar after I finish the CCNP.. that means I'll be ordering the PWB course somewhere Thinking of the ccna: security as well.

I've been wanting to learn Python lately too, so going for the OSCP seems logical and will push me to learn Python on the side.

the_hutch

MrBrian wrote: »

I've been wanting to learn Python lately too, so going for the OSCP seems logical and will push me to learn Python on the side.

A lot of us opted to take SPSE (SecurityTube Python Scripting Expert) before attempting OSCP. The biggest advantage here is that you learn python in advance so you don't have to waste valuable (and expensive) lab-time learning it on the side, and that comparred to other certification programs, SPSE is a very good price.

I just started it, only about 5 videos (2.5 hrs) in, but so far I've been really impressed with how the material has been presented.

Diode

I also am studying for OSCP certification but like Hutch I am taking the SPSE route first since I lack experience with Python. I also need to improve on batch scripting. I'm allowing myself 4-6 months including this month I'm taking to catch up on Python before I take the OSCP examination.

Hutch, I couldn't help noticing how many certifications you have from EC-Council, how much did they raise your pay? I was considering going for a few myself.

What's your pay mark at the moment if you don't mind me asking.

Personally I'm a bit under $50k annual salary.

I want to know if the EC-Council certs make a difference. Thanks.

Diode

the_hutch wrote: »

A lot of us opted to take SPSE (SecurityTube Python Scripting Expert) before attempting OSCP. The biggest advantage here is that you learn python in advance so you don't have to waste valuable (and expensive) lab-time learning it on the side, and that comparred to other certification programs, SPSE is a very good price.

I just started it, only about 5 videos (2.5 hrs) in, but so far I've been really impressed with how the material has been presented.

Giving myself a month to do catch up on this alone.

MrBrian

the_hutch wrote: »

A lot of us opted to take SPSE (SecurityTube Python Scripting Expert) before attempting OSCP. The biggest advantage here is that you learn python in advance so you don't have to waste valuable (and expensive) lab-time learning it on the side, and that comparred to other certification programs, SPSE is a very good price.

Hey thanks a lot, I guess I didn't read that elsewhere yet. I really enjoy watching Vivek's vids. I went through the first 10 vids of his Wireless lan penetration megaprimer while labbing on the home network and loved every minute.. so I think I'll probably go this route indeed.

the_hutch

REMOVED UNNECESSARY QUOTED REPLY FROM PREVIOUS POST

Yeah, its awesome. I'm fairly new to programming (the only real language I knew going in was SQL which is a query language, not a programming language). But only about a month in and I'm already writing my own SYN Flood utility (already works, I'm just polishing the script at this point).

sagarkha

Guys, as far as programming skills are concern, I know Perl, VB6 and a little bit of Shell as well do i still need to master Python before enrolling for PWB/OSCP.

ipchain

sagarkha,

You do not need to master python for OSCP. Having an understanding of it will help, but you can pick up what you need during the course.

agameofyou

Just wanted to say thanks for the thread. I've been a member here since 2005 but mostly (primarily) lurk. Haven't been on for quite some time. I just start the PWB course and I'm excited and nervous as can be! Looking forward to a great experience.

ipchain

agameofyou,

Best of luck. Hope you enjoy the course as much as I did.

the_Grinch

Any updates?

jasong318

Just registered for the course, anyone have any updates on how things are going?

absane

I just registered with this forum because of this thread. I started the PWB/OSCP course almost 10 days ago. I am currently doing the SMTP exercises... which puts me about 1/3 of the way through the lab manual and videos. I have to slow down now because I need to learn a little bit about Python.

I am actually quite surprised at just how much I am learning so quickly. I came into this course with no InfoSec experience. I do, however, have some "jack-of-all-trades" knowledge of things here and there like cryptography, TCP/IP, networking, Linux, C++, hacker mind-set, etc. I am not an expert in anything but I do understand at least a tiny bit about most things. I learned it all as a hobbyist and not part of a career. As a matter of fact, my career has nothing to do with computers.

When I registered for the course I gave myself two weeks to prepare before it started. I prepared by doing the following:

1) Turning my work computer into a Linux box (which forces me to use Linux at least 8 hours a day)
2) Read up on TCP/IP
3) Learned a bit of bash scripting
4) Played around with Backtrack
5) Bought a book on the assembly language
6) Eating a more healthy diet (very important I think)
7) etc...

I am merely taking this course for fun and with the hopes of becoming a Pentesterg in the future.

I think that it is very important to have fun while taking this course. If you aren't having a fun, then the course will be long and wearisome.

jasong318 wrote: »

Just registered for the course, anyone have any updates on how things are going?

How far along are you now? What are your thoughts?

jasong318

REMOVED UNNECESSARY QUOTED REPLY FROM PREVIOUS POST

I'm 3 weeks in and loving every minute! Although there wil be times were you alternate between utter joy at rooting a box and utter dispair as you send 7-8 hours and get no where There is definitely a lot of selflearning as they don't spoon feed you the info that you need to complete all the challenges, but that has been very rewarding in discovering on my own exactly what i need to do. Definitely make sure to check out the forums and IRC channel when you sign up. There are lots of good resources and people to help point you in the right direction if you get stuck (if you have put in the work that is

naftalir

i would recommend anybody interested in learning python visit:
Udacity | Free Online Courses. Advance your College Education & Career

or

http://www.coursera.org

and look at there programming courses which are all good and all FREE!

Enjoy!

an_animal

has ipchain ever posted his review on the ocsp exam?
Is anybody studying for this exam at the moment?

dt3k

an_animal wrote: »

has ipchain ever posted his review on the ocsp exam?
Is anybody studying for this exam at the moment?

He never did, he hangs out in #offsec on freenode and I see him answering peoples questions all the time though.

jasong318

In the course at the moment, have about two weeks left. Have gotten all of the machines in the student lab (except sufference, curse you!), dev network and it department. Still working on getting access to the admin department though (end goal). Word to those taking it or those about to, take a break every now and then and save yourself from burnout!

dt3k

REMOVED UNNECESSARY QUOTED REPLY FROM PREVIOUS POST

Do you feel that your CCNP Security level of understanding as it relates to the Cisco world benefited you during the course, or is it two completely different worlds?

jasong318

Two different worlds. I think it helped for some sections that confuse some students, such as tunneling and proxying, but no, studying for CC** Security anything doesn't really help prepare for the OSCP (in my opinion). YMMV

dt3k

REMOVED UNNECESSARY QUOTED REPLY FROM PREVIOUS POST

I know it's a silly question, but for you personally, would you say getting your NP Security or will getting your OSCP be more challenging?

jasong318

Hhhmmm.... for me, the NP was easier as in I do Cisco security on a daily basis. That being said, it's a lot of studying. As for the OSCP, it will be tougher for me as pentesting is a smaller part of my daily job function and you're forbidden from using some tools on the exam that I rely on (MSF, Nexpose, etc.). Which I suppose will be good as it will force me to getting familiar with the manual testing process...