dynamik wrote: » Awesome. I've done 30 days already, but I got swamped and haven't been able to touch it for awhile. I'm shooting for GPEN on 3/1, and then using that next month for another 30 days and the exam.
JDMurray wrote: » You have 30 days to cover 16 modules, so that's just under two days per module. Not all modules are useful for the actual OSCP exam, so you'll need to figure out which to put last. The videos and the PDF generally cover the same material, but there's information in the videos that not in the PDFs and visa versa, so use them both. Read the posts in each module's discussion form before starting each module. The pains and woes of former OSCP-goers will save you many wasted hours of making assumptions and mistakes. And you should document the exercises you do in the modules. It'll count as extra points towards your final exam score should you need them to pass. And although the material is BT3, BT4 is fine to use for the course.
carboncopy wrote: » Thanks JD. I am assuming that you took the course already?
JDMurray wrote: » There is very little in the way of network pen testing, and much of what there is isn't useful for, or can't be used on, the OSCP cert exam itself. Just something to be aware of if your interests are more in network pen testing rater than app and OS pen testing.
JDMurray wrote: » Yes. I did not finish all the labs, and I won't be taking the cert exam unless I get more lab time to complete the material and do a lot of extra studying. Unfortunately, I don't see that happening anytime in my near future. I should mention that the Offensive Security Penetration Testing with BackTrack (PWB) class is about application and operating system pen testing and not network pen testing. You will therefore be working with buffer overflows, shellcode exploits, fuzzing, debuggers, and generally learning how to own "root." There is very little in the way of network pen testing, and much of what there is isn't useful for, or can't be used on, the OSCP cert exam itself. Just something to be aware of if your interests are more in network pen testing rater than app and OS pen testing.
JDMurray wrote: » Yeah, starting and stopping the Apache Web server is different. That was probably the most difficult one to figure out.
JDMurray wrote: » Don't forget about reading the offsec forum for each module and getting to know people on the #offsec IRC channel. Those can be very good learning experiences and great time savers when you have a problem.
impelse wrote: » That's the reason why they said that you need CEH knowledge and some linux and TCP/IP. Also we have to add that if you want the CEH you need two years of exp, so in others words, for the Offensive Security training you need: 2 years exp + some linux + TCP/IP and acording to other people like you we need some Perl or phyton programming.
impelse wrote: » Thanks JDMurray, this is the information that I was needed to read before taking the training (it's in my list after two exams that I need to pass). Before your post I was thinking to study: Linux (this is a must) Metasploit (I already read this book) Netcat Wrieshark Google Hacking Now I have to add your post. In my case I do not like just to cramm, I need to understand and know my studies.
GAngel wrote: » And experience of course. The single biggest factor in getting a security job is experience. Certs mean even less in this branch. These certs were just invented by companies to cash in on the craze. Admins have been doing this type of security work there whole careers and that's generally what an IT manager is looking for when hiring.
L0gicB0mb508 wrote: » The more I take this class, the less I like it. I love the idea of this class, and it has taught some things. I also know people have raved over this class and exam, but there are just too many problems. If they release a new version of BackTrack, they should probably look at the training and make the proper adjustments. If you do take it, save yourself a lot of hassle and stick with BT3, simply because BT4 lacks some of the tools and files you will need to even complete the exercises. It's a pretty big pain in the @$$ sometimes. I think also in order to take this puppy you need to have a decent grip on security concepts, linux, common tools, and common vulnerabilities. If you are looking for a course to hold your hand and help you learn pentesting, this isn't it. I know most courses do expect you to study beyond what is taught, but I find PWB to be a little lofty in it's goals of self study/research. The biggest element of this being Perl or Python scripting. You honestly NEED to know how to script, or at least be able to steal and edit scripts. It's not really practical for you to manually enter a few thousand usernames to enumerate SMTP user information. It's a fun class if you have the background. I don't want to scare anyone off of taking it, but I wanted whoever takes it in the future to be fully aware of what they are getting into. I'll keep you all posted
_Dark_Knight_ wrote: » I don't necessarily agree with the ^^. I did the course albeit using BackTrack 3 and a lot of what you mentioned is needed I did not have. I did not have as you put it "decent grip on security concepts, linux, common tools, and common vulnerabilities". Now I don't know what your definition of decent grip is, but prior to taking the course all I had under my belt was the CEH. And in my opinion the CEH does not account for a decent grip on anything. You also mentioned that one NEEDS to know how to script, or at least be able to steal and edit scripts. Again I don't necessarily agree as the FIRST time I wrote a script using perl/python was actually during the course. Was it a challenge? Indeed it was. I must hasten to add though that my background is in programming. I hear you on the point of self study research as during the course I felt the same way. It can be quite FRUSTRATING at times. Especially when you are at your wits end and all you can hear is Try Harder. In fact I even emailed muts complaining about the approach. And was still told to try harder . However what helped me TREMENDOUSLY was the irc channel. The final challenge was indeed that, one HELL of a CHALLENGE. At one point during the challenge I again told muts that it was just not going to work. And that I wanted to end my attempt and try again another day. He told me that if I didn't complete it he would kick my **** Suffice to say I persisted and earned the cert. I will agree that if your looking for some one to hold your hand then yes its not for you. It was during the OSCP that I did assembly for the FIRST TIME. Prior to that I had no clue what a JMP ESP meant etc. I will admit it did take some getting used to. But it was fun.
dynamik wrote: » From my personal experience, your experience seems to be much closer to mine than some of the other reviews. This course is as much as learning how to think creatively and come up with solutions on your own as it is straight-forward instruction.I'd encourage people to not get scared off by things like exploit development. Just walk through the examples and get a basic understanding of how things like that work. I never write my own exploits, but I have had to make minor tweaks to the code. I also like to able to have a general understanding of what they're doing since you're not always able just point-and-click with Metasploit; sometimes you actually have to compile the code and execute an exploit that way. Nothing ruins a pen tester's day like getting yourself owned Welcome to the forums DK!
