OSCP Is it really that hard?

Hello All,

So im trying to finalize what im going to do next planning wise. I currently hold Sec + and CISSP and im looking into other security certs I have a voucher for CEH and CCNA Security. I fantasize about doing Security assesment for a living but I dont have a pentester background. I have done open source stuff and intel work for the agency that must not be named. but never pentesting. So would studying and passing OSCP be the way to go to get recognized in that career field or would CEH be enough

Find more posts tagged with

Comments

ITSpectre

Well honestly if you want to do pentesting OSCP is better then CEH. CEH deals with concepts and a bunch of programs to use and some of them are out of date. Not to mention White Hat people and some others look down on the CEH. It comes down to what you want to do...

Mooseboost

It is my understanding that the CEH is not highly regarded in the pentesting community. OSCP seems to be establishing itself as the standard. Without the appropriate background the OSCP will be a difficult challenge. I have not taken it, but it is probably next on my list.

There is no shortage of posts on here detailing the exam and peoples experiences with it. It is a mixed bag on people who loved it and who hated - but the theme of being difficult is consistent throughout the reviews.

deyavi

It really depends on your background, your skillset, your mindset... It is not easy, but for some people may be harder than for others.

CEH is definitely not enough and I don't think is even worth it.

PJ_Sneakers

Might as well take the CEH if you have a voucher for it. It's not great, but worth it for resume purposes.

NetworkNewb

CEH is an alright cert for someone completely new to pen testing and looking for some knowledge in that area imo... I'm going for the eCCPT and use some of the CEH videos on CBT nuggets to brush up on a few topics. So much hate for them lol

Are you going to get a pentesting job with just it? Probably not, but I wouldn't say the knowledge you gain is not worth the time. I think its the high cost and required experience thing that gets most people. Also, they don't have the best customer service from what I've heard.

If he has a voucher for it, I would think he should do it.

Clm

ITSpectre wrote: »

Well honestly if you want to do pentesting OSCP is better then CEH. CEH deals with concepts and a bunch of programs to use and some of them are out of date. Not to mention White Hat people and some others look down on the CEH. It comes down to what you want to do...

well Im considering CEH because I already have a voucher that i didnt pay for .

Clm

I would like to be a security consultant / Pentester

jamesleecoleman

I would suggest going to elearnsecurity.com and checking out the eJPT (elearnsecurity Junior Penetration Tester) certification. A few of us has passed the certification in the last few months. The certification is hands on and multiple choice question which is fun and can be easy if you catch on quickly. It's taken people from a few hours to a few days to finish the certification.

A few of us is waiting for the eLearnSecurity Certified Professional Penetration Tester (eCPPT) to go to v4, while others are already doing the current version and waiting.

I'm using ELS as a stepping stone before I get into the OSCP because I know it'll be difficult and going into that exam without anything would give me a lot of headache. ELS has the 'Elite' editions for their certification courses where there is almost no time limit, compared to the 'Full' versions where people have 180 days. I took me a year before I finished the eJPT because I didn't focus on it for a while. I could have gotten it done in about 2 months.

xXxKrisxXx

The OSCP is becoming the certification more and more people are looking for regarding Penetration Tester positions. If you feel like you need some experience or background before the course, I always recommend these 2 courses from Cybrary first:
https://www.cybrary.it/course/ethical-hacking/
https://www.cybrary.it/course/advanced-penetration-testing/

After watching those, you'll be itching to get into the PWK lab environment and play around. It's my opinion just about anyone can pass the OSCP. It is like everything else. You commit the time and do the work, you will persevere. Hacking is something that is learned by doing. I'd sign up for the 90 days and hit the course as hard as you can after work. I didn't have much of a penetration testing background walking into the course and it was the first certification I picked up.

Wanting to add in here that you're ability to persevere and pull through is going to come down to how much time you have to practice in the labs. You have a couple security certifications, you know the general theory - but the exam is fully hands-on and practical. The only way you'll be competent enough to take it is if you can dedicate enough time to learning the material and applying it in the lab environment. If you dont have time to commit, I suppose you could always look into eJPT like jamesleecoleman recommended. It's just that piece of paper isn't too known yet. I'll 1++ james' recommendation for eCPPT if you don't have too much time and you're open to spreading out your learning.

ITSpectre

Clm wrote: »

well Im considering CEH because I already have a voucher that i didnt pay for .

Depending on the rules you may be able to sell the voucher and use the money for a different certification.....If that's what you want to do

ITSpectre

Clm wrote: »

I would like to be a security consultant / Pentester

OSCP is going to get you there vs the CEH. I have had friends and co workers take the CEH.... what they have told me is, it really does not teach you hacking... it teaches you the concept of it and they give you the tools and show you what they are used for... but outside of that... there is really no application of the tools. Also the tools are mostly outdated now... Also the eJPT from what people have posted is a better first step to Pentesting. I am not a fan of taking something just to put it on my resume.... there is more then one way to skin a cat.

Clm

xXxKrisxXx wrote: »

The OSCP is becoming the certification more and more people are looking for regarding Penetration Tester positions. If you feel like you need some experience or background before the course, I always recommend these 2 courses from Cybrary first:
https://www.cybrary.it/course/ethical-hacking/
https://www.cybrary.it/course/advanced-penetration-testing/

After watching those, you'll be itching to get into the PWK lab environment and play around. It's my opinion just about anyone can pass the OSCP. It is like everything else. You commit the time and do the work, you will persevere. Hacking is something that is learned by doing. I'd sign up for the 90 days and hit the course as hard as you can after work. I didn't have much of a penetration testing background walking into the course and it was the first certification I picked up.

Wanting to add in here that you're ability to persevere and pull through is going to come down to how much time you have to practice in the labs. You have a couple security certifications, you know the general theory - but the exam is fully hands-on and practical. The only way you'll be competent enough to take it is if you can dedicate enough time to learning the material and applying it in the lab environment. If you dont have time to commit, I suppose you could always look into eJPT like jamesleecoleman recommended. It's just that piece of paper isn't too known yet. I'll 1++ james' recommendation for eCPPT if you don't have too much time and you're open to spreading out your learning.

How do your linux skills have to be to knock this out currently im studying Linux+ and will be testing out in two weeks just curios what i should have before i would start this journey

PJ_Sneakers

I still can't figure out why you wouldn't take the CEH test if you have a free voucher.

At the very least you'll get a general idea of what pentestland looks like. And if you fail the test, it didn't cost you anything.

Clm

PJ_Sneakers wrote: »

I still can't figure out why you wouldn't take the CEH test if you have a free voucher.

At the very least you'll get a general idea of what pentestland looks like. And if you fail the test, it didn't cost you anything.

I never said im not going to take the CEH. I alreadyl purchased my books to study

xXxKrisxXx

They say a, 'reasonable amount of Linux Skills'. I remember mine at the time were very basic (still are honestly). The main thing you should be comfortable with is navigating around the command line. You're going to have to know how to navigate around the file system to find important files. Get comfortable with nano, you're going to know about permissions (chmod), you're going to have to know how to compile with gcc. You're going to be getting familiar with Python and Bash Scripting in the course. Running command line tools, etc. My Linux Skills aren't on a Linux+ level even to this day but it wasn't an issue in the course.

A lot of people are pushing that you get the CEH out of the way because you mentioned you have the voucher. You might as well do that one first, then watch the Cybrary Videos and enroll. You being able to do it at the end of the day literally comes down with the amount of time you spend in the lab learning, researching, and doing.

chrisone

Get the CEH especially if you have a voucher. Every cert helps.

CEH is actually a pretty good foundation for ethical hacking. I would recommend it for anyone just getting into pentesting. The name alone is worth having on the resume. The material is not bad, it just gets crapped on because its the first major big brand name and its an expensive cert to study for. So if you have a voucher, go for it!

It will help you with OSCP as you will have some methodology and basic understanding of what OSCP will teach you.

PJ_Sneakers

Clm wrote: »

I never said im not going to take the CEH. I alreadyl purchased my books to study

Oh, I gotcha. My mistake.

Clm

chrisone wrote: »

Get the CEH especially if you have a voucher. Every cert helps.
CEH is actually a pretty good foundation for ethical hacking. I would recommend it for anyone just getting into pentesting. The name alone is worth having on the resume. The material is not bad, it just gets crapped on because its the first major big brand name and its an expensive cert to study for. So if you have a voucher, go for it!
It will help you with OSCP as you will have some methodology and basic understanding of what OSCP will teach you.

I definatley thought CEH would help out with the basics and would look good on my resume.

PJ_Sneakers wrote: »

Oh, I gotcha. My mistake.

No problem thanks for looking out for me.

xXxKrisxXx wrote: »

They say a, 'reasonable amount of Linux Skills'. I remember mine at the time were very basic (still are honestly). The main thing you should be comfortable with is navigating around the command line. You're going to have to know how to navigate around the file system to find important files. Get comfortable with nano, you're going to know about permissions (chmod), you're going to have to know how to compile with gcc. You're going to be getting familiar with Python and Bash Scripting in the course. Running command line tools, etc. My Linux Skills aren't on a Linux+ level even to this day but it wasn't an issue in the course.
A lot of people are pushing that you get the CEH out of the way because you mentioned you have the voucher. You might as well do that one first, then watch the Cybrary Videos and enroll. You being able to do it at the end of the day literally comes down with the amount of time you spend in the lab learning, researching, and doing.

Ok thanks for the insight and if you have anymore good advice iw ould greatly appreciate it.

Sheiko37

The less you know coming into the OSCP, the more time you'll spend outside of the labs learning, which is not ideal since you can't pause your lab time.

How difficult it is depends on how much you already know. I've found the OSCP extremely hard and time consuming. I've spoken to people though that have passed it in one month, and many who just drop out.

How familiar are you with Linux? Do you know any programming languages? Have you used Kali Linux before or done any labs relating to penetration testing or common vulnerabilities?

Clm

My Linux skills are basic im currently reading through to take linux+
I Dont know any programming languages.
Never actually done anything with Kali

beads

Kali is just a Linux distro with a bunch of tools pre-loaded. You can and really should be able to download, install and use the tools most useful to your particular needs. Both in and out of a Windows or Linux host. Nothing all that special about it otherwise.

- b/eads

towentum

I'll mirror what others have said. It really depends on your existing knowledge. If you have a strong theory then it should port over well enough to get your hands on it. I've spent a lot of my time researching in and out of the labs, but I feel like I'm making decent progress. The course material, while short, is to the point and get's you on your way. It won't teach you everything, and you will be expected to learn on your own and research new topics.

I'd say that it is an entry level certification for penetration testing, but on a higher scale. Think MIT vs. community college.