eLearn Security vs Offensive Security

NovaHaxNovaHax Posts: 502Member ■■■■□□□□□□
I just received confirmation that I have passed the 7-day eLearn Security web application penetration testing challenge and have officially been awarded the eWPT. And after taking both this and OSCP...I feel like I should compare the two...since it was not at all what I had expected.


COURSE MATERIAL:

- Offensive Security's course material consists of a large PDF document and a series of videos

- eLearn Security's course material consists of a series of slide shows and a series of videos

WINNER??? - eLearn Security
I think that eLearn's course material was better presented and easier to digest. The slideshow approach was more straight to the point without the extra fluff.


LABS:

- Offensive Security offers a massive playground with 50+ systems of all different configurations. Don't expect any guidance here...TRY HARDER.

- eLearn's labs are very focused. Launch a single system sandbox and perform a very focused task. You know what you are going to be doing going into it, and you just have to master that one thing. You need guidance...just keep "asking Cicero" for tips and he will eventually tell you exactly what you need to do to complete the challenge. Don't worry about trying harder...instead, TRY ASKING FOR HELP...

WINNER??? - Offensive Security
Personally, I think that OffSec, though more frustrating...does do a better job of preparing you for the challenge. Its tempting to click for help when you are frustrated...and the fact that its there, will probably hurt you more than help you.


CHALLENGE EXAM:

- OSCP is a 24 hour challenge with an additional 24 hours allowed for reporting. In the end...the OSCP challenge is NOT NEARLY as difficult as some of the boxes in the OffSec PWB/PWK lab environment.

- eWPT is a 7 day challenge with an additional 7 days available for reporting. In the end...the eWPT challenge is SIGNIFICANTLY harder than anything you did in the lab environment. Though you have covered everything needed to pass the exam, the only time you will string the exploits together (instead of working with them in an isolated sandbox) is during the challenge. If you mastered each of the objectives, you can probably pull it off...but it will be difficult. The 7 day reporting period is overkill...I had my report turned in after 2 days.

WINNER??? - ITS A TIE
The eWPT exam is (at least in my opinion) significantly harder than the OSCP exam was. But then again, you also have a lot longer to do it. I think they were probably equally difficult given the amount of time you are provided. I passed both on my first attempt, but both were down to the wire (only had 3 hours left when I completed OSCP, and down to the last day on eWPT).

FINAL VERDICT:
Despite what I have commonly heard...eLearn's training is definitely not inferior to OffSec's. Its a different approach to learning, but all-in-all, each provides you with enough to get you going. And you aren't going to pass either without some serious persistence. Both are awesome courses. Also, they are very different courses. eWPT is only on Web-Apps and OSCP is almost exclusively on service testing (a very small intro to web-apps). There is no appropriate order here. One is not harder than the other. So take what interests you more...or take them both icon_thumright.gif

Hope this helps...

Comments

  • Master Of PuppetsMaster Of Puppets Posts: 1,210Member
    Great review! Thanks icon_thumright.gif
    Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
  • cyberguyprcyberguypr Senior Member Posts: 6,783Mod Mod
    Great comparison. Thanks for sharing.
  • 5ekurity5ekurity Posts: 346Member ■■■□□□□□□□
    Thanks for the review. I've really been kicking around the idea as to which would be more advantageous to me; it's good to see they both stack up very well.
  • da_vatoda_vato Posts: 445Member
    Great review, OSCP has been on my radar for a year now and as soon as I find the time I going to enroll. I had not given elearn security a thought because I had heard they were inferior also. Now that you have changed that thought I may look into elearn.
  • GarudaMinGarudaMin Posts: 204Member
    I just wanted to point out that you should be comparing OSWE with eWPT. If you want to compare OSCP, compare with eLearn's Pentest Beginner Course, which does not even have a certification. Or if you are comparing pentest cert, it would be OSCE vs eCPPT.

    But thanks for the review nevertheless.
  • DevilryDevilry Posts: 668Member
    That was a very informative review - thanks for comparing!
  • NovaHaxNovaHax Posts: 502Member ■■■■□□□□□□
    GarudaMin wrote: »
    I just wanted to point out that you should be comparing OSWE with eWPT. If you want to compare OSCP, compare with eLearn's Pentest Beginner Course, which does not even have a certification. Or if you are comparing pentest cert, it would be OSCE vs eCPPT.

    But thanks for the review nevertheless.

    I observed previously that the subject addressed by the two courses was different. It seemed to me I would get more value from taking a course covering different content than to take the equivalent from a different training provider. That being said, most of my thoughts were in regard to each provider's approach to training...and not the actual content.
  • GarudaMinGarudaMin Posts: 204Member
    NovaHax wrote: »
    I observed previously that the subject addressed by the two courses was different. It seemed to me I would get more value from taking a course covering different content than to take the equivalent from a different training provider. That being said, most of my thoughts were in regard to each provider's approach to training...and not the actual content.

    :) Also, Gratz on the cert!
  • NovaHaxNovaHax Posts: 502Member ■■■■□□□□□□
    Thanks GarudaMin :D. I'll consult you next time to make sure I take a comparable cert program that will produce a review that is worth your time, lol. jk, jk icon_lol.gif
  • JoJoCal19JoJoCal19 California Kid Posts: 2,780Mod Mod
    I've always thought eLearn Security's courses were really good from my own research. I'm glad to see you and some others in this forum confirm my thoughts.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • Cold TitaniumCold Titanium Posts: 82Users Awaiting Email Confirmation ■■□□□□□□□□
    @Nova

    Didn't you take it when it was still PWB? I haven't taken the exam yet, but maybe it's changed with the Kali update.
    2014 Goals
    • Pass OSCP (In Progress)
    • Obtain employment in IT Security
  • NovaHaxNovaHax Posts: 502Member ■■■■□□□□□□
    @Nova

    Didn't you take it when it was still PWB? I haven't taken the exam yet, but maybe it's changed with the Kali update.

    This is true. The training material for PWK has been completely redone. Though I can't speak to it personally, my understanding is that the approach is the same though...a PDF guide and videos. Not sure how different the labs are (though honestly, its tough to imagine a better lab setup).
  • GarudaMinGarudaMin Posts: 204Member
    NovaHax wrote: »
    Thanks GarudaMin :D. I'll consult you next time to make sure I take a comparable cert program that will produce a review that is worth your time, lol. jk, jk icon_lol.gif

    It was worth the time though. Good to know e-Learn is credible.

    Peer review process is important. :D The comparison for course materials and labs are based on vendor's approach, which is good. However, you had a comparison of challenge exam between OSCP and eWPT, followed by a winner section. I was just pointing out that the two exams are different, which you did mention in the final verdict. So, instead of reviewing as a comparison, it should be more of 'your thoughts on the two exams'.

    Some people do take comparable certs, if there is no limiting factors such as time and money. If I am in pentesting, I can see myself taking all related courses from offensive security, ec-council, elearn security, and sans. Even if I know the subject due to one course, there's still value in finding out different methods from the other cert or something that was not covered by the other cert.

    But since I am not solely in pentesting, I would take different certs just like you to get more value out. :D

    Please don't get offended, I am just giving you my thoughts. Peer review process :D
  • NovaHaxNovaHax Posts: 502Member ■■■■□□□□□□
    GarudaMin wrote: »

    Please don't get offended, I am just giving you my thoughts. Peer review process :D

    No offense was taken...hence the smiley and laughy faces in my response. I was just giving you a hard time.
  • BlackBeretBlackBeret Posts: 684Member ■■■■■□□□□□
    Thanks, I was wondering about this when I found the elearn courses earlier today. I knew spending time on this site would make my life a bit better.
  • bobloblawbobloblaw Posts: 228Member
    Great review.
  • eth0eth0 Posts: 86Member ■■□□□□□□□□
    Thanks, I will do eWPT next :).
  • Josh.holmes1209Josh.holmes1209 Posts: 1Registered Users ■□□□□□□□□□
    I'm only years late but, eWPT just kicked my butt!icon_cry.gif

    I failed due to not gaining admin access. icon_study.gif


    This exam is def not easy.
  • 13xl13xl Posts: 2Member ■□□□□□□□□□
    For reference, I knocked out the eWPT in January and just finished the eJPT and eCPTP this month.

    I'm a big fan of eLearn's training materials and think they are superior to the OSCP's materials. I think the PWK materials/course is more geared towards seasoned professionals who know exactly what they are doing as opposed to eLS where they start you from ground zero and build you up. I'm contemplating taking the OSCP exam as since it's more recognized in "the business" but am also looking towards taking the eWPTX from eLearnSecurity.
  • Fela15Fela15 Posts: 7Member ■□□□□□□□□□
    can u point out your background? im starting oscp this month and ewpt was a cert I was very interested in.
  • dstock7337dstock7337 Posts: 95Member ■■□□□□□□□□
    Awesome review! I think one can't go wrong with elearn or offensive sec. I think the elearn pts is a good starting ground to learn. It provides some good foundation skills to build upon. Like many have suggested, I'm going the eJPT > eCPPT > OSCP route. The knowledge and experience gained is definitely worth it.
    "The only true wisdom is in knowing you know nothing." - Socrates
  • SaSkillerSaSkiller OSWP, GPEN, GWAPT, GCIH Posts: 332Member ■■■□□□□□□□
    This thread is back from the dead but it's a good thing. I agree with OP's assessment, having access to the PWB materials and now doing the eCPPT labs. I'll say i'm not a big fan of the els material presentation in some ways, I started of course on the web module, and honestly I still haven't finished it. Maybe if they broke it down a bit?

    What I did instead was run through Georgia Weidman's book, a straight read through, trying very few of the exercises, or I might of done many of them, IDR. Now I am going into the labs, i'm on Lab 5, skipping the system security one. Overall I haven't had too much trouble in the lab, the big issue being differences in commands. I think one of the earlier docs gave instructions to do an NMAP scan one way, then in the next lab those instructions don't give you the feedback you need, and the results tell you should be using a different command, or changes in the tool, or just poor wording or lack of instruction. I wasted so much time with my lab connection open, if I had known it would take all of that time to get my lab working I would have suspended the connection...

    On the other hand, the lab doesn't exactly hold your hand. Lab 4 assumes you know how to do your host discovery (except for that danged changed nmap flag), lab 5 I can see expects you to go ahead and get access to the systems and the first task is privilege escalation.

    I wish they would hire someone (like me), who is an native English speaker to go through the materials and correct grammar and other issues with the presentation. That was a problem in the material, trying to translate what their meaning was. also encountered that in lab 4.

    I will be taking the OSCP after going through the eCPPT lab, reviewing as much of the material as I can and, (hopefully before BlackHat) taking the exam. Assuming I can complete eCPPT before BH, the plan is to look at the OSWP next, playing with the Wifi Pineapple, then OSCP by the end of the year. With any luck there will be an opening on the pentest team at my company.
    OSWP, GPEN, GWAPT, GCIH, CPT, CCENT, CompTIA Trio.
  • p1d0fp1d0f eCPPT | eJPT | MTCNA | MTCRE Posts: 6Member ■■□□□□□□□□
    ElearnsSecurity and Offensive security are the good security certifications icon_lol.gif
  • chrisonechrisone Senior Member Posts: 1,847Member ■■■■■■■■□□
    Awesome review from 2014! Thanks!
    2019 Goals:
    Courses: Real World Red Team Attacks- AppSec Cali 2019 (complete), Active Directory Attacks for Red and Blue Teams Advanced Edition - BlackHat (completed),
    Certs: Certified Red Team Professional - Pentester Academy (passed!), Azure Fundamentals AZ-900 (in progress), Azure Security Engineer Associate AZ-500
  • r3nzsecr3nzsec Posts: 39Member ■■■□□□□□□□
    I love the comparison but it should be eCPPT vs OSCP :)
Sign In or Register to comment.