eLearn Security vs Offensive Security
NovaHax
Member Posts: 502 ■■■■□□□□□□
I just received confirmation that I have passed the 7-day eLearn Security web application penetration testing challenge and have officially been awarded the eWPT. And after taking both this and OSCP...I feel like I should compare the two...since it was not at all what I had expected.
COURSE MATERIAL:
- Offensive Security's course material consists of a large PDF document and a series of videos
- eLearn Security's course material consists of a series of slide shows and a series of videos
WINNER??? - eLearn Security
I think that eLearn's course material was better presented and easier to digest. The slideshow approach was more straight to the point without the extra fluff.
LABS:
- Offensive Security offers a massive playground with 50+ systems of all different configurations. Don't expect any guidance here...TRY HARDER.
- eLearn's labs are very focused. Launch a single system sandbox and perform a very focused task. You know what you are going to be doing going into it, and you just have to master that one thing. You need guidance...just keep "asking Cicero" for tips and he will eventually tell you exactly what you need to do to complete the challenge. Don't worry about trying harder...instead, TRY ASKING FOR HELP...
WINNER??? - Offensive Security
Personally, I think that OffSec, though more frustrating...does do a better job of preparing you for the challenge. Its tempting to click for help when you are frustrated...and the fact that its there, will probably hurt you more than help you.
CHALLENGE EXAM:
- OSCP is a 24 hour challenge with an additional 24 hours allowed for reporting. In the end...the OSCP challenge is NOT NEARLY as difficult as some of the boxes in the OffSec PWB/PWK lab environment.
- eWPT is a 7 day challenge with an additional 7 days available for reporting. In the end...the eWPT challenge is SIGNIFICANTLY harder than anything you did in the lab environment. Though you have covered everything needed to pass the exam, the only time you will string the exploits together (instead of working with them in an isolated sandbox) is during the challenge. If you mastered each of the objectives, you can probably pull it off...but it will be difficult. The 7 day reporting period is overkill...I had my report turned in after 2 days.
WINNER??? - ITS A TIE
The eWPT exam is (at least in my opinion) significantly harder than the OSCP exam was. But then again, you also have a lot longer to do it. I think they were probably equally difficult given the amount of time you are provided. I passed both on my first attempt, but both were down to the wire (only had 3 hours left when I completed OSCP, and down to the last day on eWPT).
FINAL VERDICT:
Despite what I have commonly heard...eLearn's training is definitely not inferior to OffSec's. Its a different approach to learning, but all-in-all, each provides you with enough to get you going. And you aren't going to pass either without some serious persistence. Both are awesome courses. Also, they are very different courses. eWPT is only on Web-Apps and OSCP is almost exclusively on service testing (a very small intro to web-apps). There is no appropriate order here. One is not harder than the other. So take what interests you more...or take them both
Hope this helps...
COURSE MATERIAL:
- Offensive Security's course material consists of a large PDF document and a series of videos
- eLearn Security's course material consists of a series of slide shows and a series of videos
WINNER??? - eLearn Security
I think that eLearn's course material was better presented and easier to digest. The slideshow approach was more straight to the point without the extra fluff.
LABS:
- Offensive Security offers a massive playground with 50+ systems of all different configurations. Don't expect any guidance here...TRY HARDER.
- eLearn's labs are very focused. Launch a single system sandbox and perform a very focused task. You know what you are going to be doing going into it, and you just have to master that one thing. You need guidance...just keep "asking Cicero" for tips and he will eventually tell you exactly what you need to do to complete the challenge. Don't worry about trying harder...instead, TRY ASKING FOR HELP...
WINNER??? - Offensive Security
Personally, I think that OffSec, though more frustrating...does do a better job of preparing you for the challenge. Its tempting to click for help when you are frustrated...and the fact that its there, will probably hurt you more than help you.
CHALLENGE EXAM:
- OSCP is a 24 hour challenge with an additional 24 hours allowed for reporting. In the end...the OSCP challenge is NOT NEARLY as difficult as some of the boxes in the OffSec PWB/PWK lab environment.
- eWPT is a 7 day challenge with an additional 7 days available for reporting. In the end...the eWPT challenge is SIGNIFICANTLY harder than anything you did in the lab environment. Though you have covered everything needed to pass the exam, the only time you will string the exploits together (instead of working with them in an isolated sandbox) is during the challenge. If you mastered each of the objectives, you can probably pull it off...but it will be difficult. The 7 day reporting period is overkill...I had my report turned in after 2 days.
WINNER??? - ITS A TIE
The eWPT exam is (at least in my opinion) significantly harder than the OSCP exam was. But then again, you also have a lot longer to do it. I think they were probably equally difficult given the amount of time you are provided. I passed both on my first attempt, but both were down to the wire (only had 3 hours left when I completed OSCP, and down to the last day on eWPT).
FINAL VERDICT:
Despite what I have commonly heard...eLearn's training is definitely not inferior to OffSec's. Its a different approach to learning, but all-in-all, each provides you with enough to get you going. And you aren't going to pass either without some serious persistence. Both are awesome courses. Also, they are very different courses. eWPT is only on Web-Apps and OSCP is almost exclusively on service testing (a very small intro to web-apps). There is no appropriate order here. One is not harder than the other. So take what interests you more...or take them both
Hope this helps...
Comments
But thanks for the review nevertheless.
I observed previously that the subject addressed by the two courses was different. It seemed to me I would get more value from taking a course covering different content than to take the equivalent from a different training provider. That being said, most of my thoughts were in regard to each provider's approach to training...and not the actual content.
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
Didn't you take it when it was still PWB? I haven't taken the exam yet, but maybe it's changed with the Kali update.
This is true. The training material for PWK has been completely redone. Though I can't speak to it personally, my understanding is that the approach is the same though...a PDF guide and videos. Not sure how different the labs are (though honestly, its tough to imagine a better lab setup).
It was worth the time though. Good to know e-Learn is credible.
Peer review process is important.
Some people do take comparable certs, if there is no limiting factors such as time and money. If I am in pentesting, I can see myself taking all related courses from offensive security, ec-council, elearn security, and sans. Even if I know the subject due to one course, there's still value in finding out different methods from the other cert or something that was not covered by the other cert.
But since I am not solely in pentesting, I would take different certs just like you to get more value out.
Please don't get offended, I am just giving you my thoughts. Peer review process
No offense was taken...hence the smiley and laughy faces in my response. I was just giving you a hard time.
I failed due to not gaining admin access.
This exam is def not easy.
I'm a big fan of eLearn's training materials and think they are superior to the OSCP's materials. I think the PWK materials/course is more geared towards seasoned professionals who know exactly what they are doing as opposed to eLS where they start you from ground zero and build you up. I'm contemplating taking the OSCP exam as since it's more recognized in "the business" but am also looking towards taking the eWPTX from eLearnSecurity.
What I did instead was run through Georgia Weidman's book, a straight read through, trying very few of the exercises, or I might of done many of them, IDR. Now I am going into the labs, i'm on Lab 5, skipping the system security one. Overall I haven't had too much trouble in the lab, the big issue being differences in commands. I think one of the earlier docs gave instructions to do an NMAP scan one way, then in the next lab those instructions don't give you the feedback you need, and the results tell you should be using a different command, or changes in the tool, or just poor wording or lack of instruction. I wasted so much time with my lab connection open, if I had known it would take all of that time to get my lab working I would have suspended the connection...
On the other hand, the lab doesn't exactly hold your hand. Lab 4 assumes you know how to do your host discovery (except for that danged changed nmap flag), lab 5 I can see expects you to go ahead and get access to the systems and the first task is privilege escalation.
I wish they would hire someone (like me), who is an native English speaker to go through the materials and correct grammar and other issues with the presentation. That was a problem in the material, trying to translate what their meaning was. also encountered that in lab 4.
I will be taking the OSCP after going through the eCPPT lab, reviewing as much of the material as I can and, (hopefully before BlackHat) taking the exam. Assuming I can complete eCPPT before BH, the plan is to look at the OSWP next, playing with the Wifi Pineapple, then OSCP by the end of the year. With any luck there will be an opening on the pentest team at my company.
2023 Cert Goals: SC-100, eCPTX