eLearn Security vs Offensive Security

NovaHax

I just received confirmation that I have passed the 7-day eLearn Security web application penetration testing challenge and have officially been awarded the eWPT. And after taking both this and OSCP...I feel like I should compare the two...since it was not at all what I had expected.

---

COURSE MATERIAL:

- Offensive Security's course material consists of a large PDF document and a series of videos

- eLearn Security's course material consists of a series of slide shows and a series of videos

WINNER??? - eLearn Security
I think that eLearn's course material was better presented and easier to digest. The slideshow approach was more straight to the point without the extra fluff.

---

LABS:

- Offensive Security offers a massive playground with 50+ systems of all different configurations. Don't expect any guidance here...TRY HARDER.

- eLearn's labs are very focused. Launch a single system sandbox and perform a very focused task. You know what you are going to be doing going into it, and you just have to master that one thing. You need guidance...just keep "asking Cicero" for tips and he will eventually tell you exactly what you need to do to complete the challenge. Don't worry about trying harder...instead, TRY ASKING FOR HELP...

WINNER??? - Offensive Security
Personally, I think that OffSec, though more frustrating...does do a better job of preparing you for the challenge. Its tempting to click for help when you are frustrated...and the fact that its there, will probably hurt you more than help you.

---

CHALLENGE EXAM:

- OSCP is a 24 hour challenge with an additional 24 hours allowed for reporting. In the end...the OSCP challenge is NOT NEARLY as difficult as some of the boxes in the OffSec PWB/PWK lab environment.

- eWPT is a 7 day challenge with an additional 7 days available for reporting. In the end...the eWPT challenge is SIGNIFICANTLY harder than anything you did in the lab environment. Though you have covered everything needed to pass the exam, the only time you will string the exploits together (instead of working with them in an isolated sandbox) is during the challenge. If you mastered each of the objectives, you can probably pull it off...but it will be difficult. The 7 day reporting period is overkill...I had my report turned in after 2 days.

WINNER??? - ITS A TIE
The eWPT exam is (at least in my opinion) significantly harder than the OSCP exam was. But then again, you also have a lot longer to do it. I think they were probably equally difficult given the amount of time you are provided. I passed both on my first attempt, but both were down to the wire (only had 3 hours left when I completed OSCP, and down to the last day on eWPT).

---

FINAL VERDICT:
Despite what I have commonly heard...eLearn's training is definitely not inferior to OffSec's. Its a different approach to learning, but all-in-all, each provides you with enough to get you going. And you aren't going to pass either without some serious persistence. Both are awesome courses. Also, they are very different courses. eWPT is only on Web-Apps and OSCP is almost exclusively on service testing (a very small intro to web-apps). There is no appropriate order here. One is not harder than the other. So take what interests you more...or take them both

Hope this helps...

Master Of Puppets

Great review! Thanks

cyberguypr

Great comparison. Thanks for sharing.

5ekurity

Thanks for the review. I've really been kicking around the idea as to which would be more advantageous to me; it's good to see they both stack up very well.

da_vato

Great review, OSCP has been on my radar for a year now and as soon as I find the time I going to enroll. I had not given elearn security a thought because I had heard they were inferior also. Now that you have changed that thought I may look into elearn.

GarudaMin

I just wanted to point out that you should be comparing OSWE with eWPT. If you want to compare OSCP, compare with eLearn's Pentest Beginner Course, which does not even have a certification. Or if you are comparing pentest cert, it would be OSCE vs eCPPT.

But thanks for the review nevertheless.

Devilry

That was a very informative review - thanks for comparing!

NovaHax

GarudaMin wrote: »

I just wanted to point out that you should be comparing OSWE with eWPT. If you want to compare OSCP, compare with eLearn's Pentest Beginner Course, which does not even have a certification. Or if you are comparing pentest cert, it would be OSCE vs eCPPT.

But thanks for the review nevertheless.

I observed previously that the subject addressed by the two courses was different. It seemed to me I would get more value from taking a course covering different content than to take the equivalent from a different training provider. That being said, most of my thoughts were in regard to each provider's approach to training...and not the actual content.

GarudaMin

NovaHax wrote: »

I observed previously that the subject addressed by the two courses was different. It seemed to me I would get more value from taking a course covering different content than to take the equivalent from a different training provider. That being said, most of my thoughts were in regard to each provider's approach to training...and not the actual content.

Also, Gratz on the cert!

NovaHax

Thanks GarudaMin . I'll consult you next time to make sure I take a comparable cert program that will produce a review that is worth your time, lol. jk, jk

JoJoCal19

I've always thought eLearn Security's courses were really good from my own research. I'm glad to see you and some others in this forum confirm my thoughts.

Cold Titanium

@Nova

Didn't you take it when it was still PWB? I haven't taken the exam yet, but maybe it's changed with the Kali update.

NovaHax

Cold Titanium wrote: »

@Nova

Didn't you take it when it was still PWB? I haven't taken the exam yet, but maybe it's changed with the Kali update.

This is true. The training material for PWK has been completely redone. Though I can't speak to it personally, my understanding is that the approach is the same though...a PDF guide and videos. Not sure how different the labs are (though honestly, its tough to imagine a better lab setup).

GarudaMin

NovaHax wrote: »

Thanks GarudaMin . I'll consult you next time to make sure I take a comparable cert program that will produce a review that is worth your time, lol. jk, jk

It was worth the time though. Good to know e-Learn is credible.

Peer review process is important. The comparison for course materials and labs are based on vendor's approach, which is good. However, you had a comparison of challenge exam between OSCP and eWPT, followed by a winner section. I was just pointing out that the two exams are different, which you did mention in the final verdict. So, instead of reviewing as a comparison, it should be more of 'your thoughts on the two exams'.

Some people do take comparable certs, if there is no limiting factors such as time and money. If I am in pentesting, I can see myself taking all related courses from offensive security, ec-council, elearn security, and sans. Even if I know the subject due to one course, there's still value in finding out different methods from the other cert or something that was not covered by the other cert.

But since I am not solely in pentesting, I would take different certs just like you to get more value out.

Please don't get offended, I am just giving you my thoughts. Peer review process

NovaHax

GarudaMin wrote: »

Please don't get offended, I am just giving you my thoughts. Peer review process

No offense was taken...hence the smiley and laughy faces in my response. I was just giving you a hard time.

BlackBeret

Thanks, I was wondering about this when I found the elearn courses earlier today. I knew spending time on this site would make my life a bit better.

bobloblaw

Great review.

eth0

Thanks, I will do eWPT next .

Josh.holmes1209

I'm only years late but, eWPT just kicked my butt!

I failed due to not gaining admin access.


This exam is def not easy.

13xl

For reference, I knocked out the eWPT in January and just finished the eJPT and eCPTP this month.

I'm a big fan of eLearn's training materials and think they are superior to the OSCP's materials. I think the PWK materials/course is more geared towards seasoned professionals who know exactly what they are doing as opposed to eLS where they start you from ground zero and build you up. I'm contemplating taking the OSCP exam as since it's more recognized in "the business" but am also looking towards taking the eWPTX from eLearnSecurity.

Fela15

can u point out your background? im starting oscp this month and ewpt was a cert I was very interested in.

dstock7337

Awesome review! I think one can't go wrong with elearn or offensive sec. I think the elearn pts is a good starting ground to learn. It provides some good foundation skills to build upon. Like many have suggested, I'm going the eJPT > eCPPT > OSCP route. The knowledge and experience gained is definitely worth it.

SaSkiller

This thread is back from the dead but it's a good thing. I agree with OP's assessment, having access to the PWB materials and now doing the eCPPT labs. I'll say i'm not a big fan of the els material presentation in some ways, I started of course on the web module, and honestly I still haven't finished it. Maybe if they broke it down a bit?

What I did instead was run through Georgia Weidman's book, a straight read through, trying very few of the exercises, or I might of done many of them, IDR. Now I am going into the labs, i'm on Lab 5, skipping the system security one. Overall I haven't had too much trouble in the lab, the big issue being differences in commands. I think one of the earlier docs gave instructions to do an NMAP scan one way, then in the next lab those instructions don't give you the feedback you need, and the results tell you should be using a different command, or changes in the tool, or just poor wording or lack of instruction. I wasted so much time with my lab connection open, if I had known it would take all of that time to get my lab working I would have suspended the connection...

On the other hand, the lab doesn't exactly hold your hand. Lab 4 assumes you know how to do your host discovery (except for that danged changed nmap flag), lab 5 I can see expects you to go ahead and get access to the systems and the first task is privilege escalation.

I wish they would hire someone (like me), who is an native English speaker to go through the materials and correct grammar and other issues with the presentation. That was a problem in the material, trying to translate what their meaning was. also encountered that in lab 4.

I will be taking the OSCP after going through the eCPPT lab, reviewing as much of the material as I can and, (hopefully before BlackHat) taking the exam. Assuming I can complete eCPPT before BH, the plan is to look at the OSWP next, playing with the Wifi Pineapple, then OSCP by the end of the year. With any luck there will be an opening on the pentest team at my company.

p1d0f

ElearnsSecurity and Offensive security are the good security certifications

chrisone

Awesome review from 2014! Thanks!

r3nzsec

I love the comparison but it should be eCPPT vs OSCP