Pentesting Certifications

pentest · March 2011

I'm going through certifications in the pentesting field which would give me a hard challenge and where I can prove myself. I'm not really interested if it's recognized by HR. So far I've come up with:

GIAC Certified Penetration Tester (GPEN)
GIAC Reverse Engineering Malware (GREM)
Offensive Security Certified Expert (OSCE)
Offensive Security Certified Professional (OSCP)
Certified Expert Penetration Tester (CEPT)
Certified Penetration Tester (CPT)
Certified Reverse Engineering Analyst (CREA)
Certified Network Offense Professional (NOP)

Are there any other good ones which would fit into the above?

ibcritn · March 2011

I would consider this:

Offensive Security Certified Professional (OSCP)

GPEN is also a very good certification. I took the class and learned quite a bit from Mr. Skoudis

JDMurray · March 2011

Geez...isn't that enough?

How about a cert in social engineering? That's certainly pen testing.

Seriously, make sure that you understand the differences between those certs. They aren't all about exactly the same skills and technologies. Some are about (wired or wireless) network pen testing, (at least) one is about application pen testing, and some are just a general survey of pen testing and related areas, such as incident handling and response. There are also some tools used in pen testing that have their own vendor cert (such as Wireshark).

pentest · March 2011

I've already completed most of them (CPT, CEPT, OSCP, OSCE, GPEN, CREA), so I was looking for any other certs towards those areas. A social engineering cert would be fun, but I'm not aware of any.

I'm not sure if vendor or tool specific ones are what I'm currently looking for.

iVictor · March 2011

pentest wrote: »

I've already completed most of them (CPT, CEPT, OSCP, OSCE, GPEN, CREA), so I was looking for any other certs towards those areas. A social engineering cert would be fun, but I'm not aware of any.

I'm not sure if vendor or tool specific ones are what I'm currently looking for.

GREM / CREA is not really pentest stuff but more of a research / offline stuff. You wouldn't do that on a typical pentest engagement, now would ya?

And did you miss this:
SANS 660

pentest · March 2011

We had quite a few pentests which involved binary auditing/ reversing and exploit development. Clients not always favor source code reviews.

Sec 660 sounds interesting (as does Sec 710), unfortunately there aren't any certifications involved. There would be quite a few other courses which would fit into it, such as Offensive Security's Advanced Windows Exploitation (AWE), but I'm missing the challenge then.

iVictor · March 2011

Did you check out hackingdojo?

Nobylspoon · March 2011

Does Mitnick still teach the Certified Social Engineering Prevention Specialist course?

pentest · March 2011

Yes, thanks for bringing this one up. From my understanding, it's not an advanced course (although there are several 'levels' you can reach), though (similar as with Certified Professional Penetration Tester (eCPPT)).

I assume there aren't too many others as the ones mentioned in the initial post. Guess I'll try to get the ones I'm still missing and see what to do then.

kriscamaro68 · March 2011

pentest wrote: »

I'm going through certifications in the pentesting field which would give me a hard challenge and where I can prove myself. I'm not really interested if it's recognized by HR. So far I've come up with:
GIAC Certified Penetration Tester (GPEN)

GIAC Reverse Engineering Malware (GREM)

Offensive Security Certified Expert (OSCE)

Offensive Security Certified Professional (OSCP)

Certified Expert Penetration Tester (CEPT)

Certified Penetration Tester (CPT)

Certified Reverse Engineering Analyst (CREA)

Certified Network Offense Professional (NOP)

Are there any other good ones which would fit into the above?

If your looking at collecting the entire set of pentesting certs then there is:
elearnsecurity's ECPPT.
Also as another user said Hacking DOJO.
No mention either of CEH but it looks like you are way past that.

xopito · March 2011

God I gotta done one of that!

rogue2shadow · March 2011

The RWSP is out there too

http://www.techexams.net/forums/security-certifications/60336-real-world-security-professional-rwsp-certification.html

iVictor · March 2011

rogue2shadow wrote: »

The RWSP is out there too

http://www.techexams.net/forums/security-certifications/60336-real-world-security-professional-rwsp-certification.html

This is cool.! Their cost is half of that of SANS and curricula / process is realistic, IMO. Only aspect missing perhaps is their geographical coverage. It's still in its nascent stage. Hopefully it'd spread over soon.

Till then SANS it is.

blackhole · April 2011

JD - I want your take on CEH7 or SANS 504. Which one has better value given consideration as 7 is brand new.

JDMurray · April 2011

blackhole wrote: »

JD - I want your take on CEH7 or SANS 504. Which one has better value given consideration as 7 is brand new.

A "better value" for what? For learning and practical training regarding incident handling, the GCIH is the better value. For a broad survey of InfoSec topics and recognition by employers, the CEH is the better value.

What's your specific reason(s) for wanting either cert?

blackhole · April 2011

to supplement CISSP cert. my current job is to configure routers for large customers mpls/internet cloud on edge and private routers. firewalls VPN extensions etc etc. now I want to expand my horizon given CISSP cert prime importance so want something that will give me knowledge as well as value added when I make switch to full time security position.

JDMurray · April 2011

blackhole wrote: »

I want to expand my horizon given CISSP cert prime importance so want something that will give me knowledge as well as
value added when I make switch to full time security position.

What occupational field(s) do you think that might be? What are your prime interests?

blackhole · April 2011

that's why I need advise .... I don't want to be pen tester, ultimately i want to step in to risk-management and I want something that will give me boost. so making question easier given a choice of CEH7 or SAN 504 where you will lean ?

docrice · April 2011

I've heard that CEH version 6 was basically just tools-oriented, while version 7 upped the class more (in terms of what, I'm not sure, so I can't comment much here).

I'm finishing up the 504 course now and plan to sit for the GCIH exam soon. If you want to know "attack tools and methods" in the context of attack phases as well as a balanced perspective from a defender's / incident handler's perspective, I think the SANS route is probably better.

It seems CEH is more recognizable on a resume, although I see some job postings also asking for GIAC certs.

phoeneous · April 2011

This may be a broad question but what is the job market like for pentesters, specifically network security? Is there a high demand? Is it mainly government that contracts for these spots?

Darril · January 2012

I was just reviewing the new PenTest magazine (PenTest Extra 01/2012 | Issues | PenTest Magazine) and it was advertising courses for the Social Engineering for Penetration Testers (S.E.P.P.) certification. I had never heard of this before so did a few searches and came up with this page among others. This page (Black Hat ® Technical Security Conference: USA 2012 // Social Engineering for Penetration Testers by Chris Hadnagy and Robin Dreeke) says that it "is a multiple day, hands-on exam (scheduled within 60 days of completing the course) with true-to-life practical tests that will prove you have accomplished the skills needed to earn your S.E.P.P. credentials."

I can't vouch for it, but it certainly sounds like a multiple-day exam would challenge anyone, which is what the original poster was looking for.

Does anyone else know anything about this cert?

Darril

pentest · January 2012

Thanks Darril, that seems to be an interesting one.

Since my last post, Offensive Security has added two more certifications to their arsenal:

Offensive Security Exploitation Expert (OSEE)
Offensive Security Web Expert (OSWE)

beads · February 2012

Just how would one test Social Engineering in the real world? Follow a potential attacker around with a video camera? I mean just how do you prove you social engineered anyone? Oh yeah. He got me. Let me do a video interview admitting I'd been had.

Darril · February 2012

beads wrote: »

Just how would one test Social Engineering in the real world? Follow a potential attacker around with a video camera? I mean just how do you prove you social engineered anyone? Oh yeah. He got me. Let me do a video interview admitting I'd been had.

A couple of techniques I've seen used in actual test are related to tailgating and phishing.

Tailgating. In organizations that require users to enter a cipher code or use a proximity card badge to gain entry, the tester simply walked in with other employees without entering a code or using a proximity card. The fact that the tester is inside is proof that it was successful.

Phishing/spear phishing. An email is spoofed so that it looks like it's coming from someone official and sent to multiple employees. As a classic phishing email, it explains some problem and includes an urgent requirement that user's respond with their username and password. The credentials received by individuals is proof that it was successful.

JDMurray · February 2012

There are many companies that will do social engineering and phishing testing. Kevin Mitnick's company comes to mind. And I have professional acquaintances that work at phishme. You can certainly make a profession at social engineering.

SephStorm · February 2012

I think the question was more about how do you test SE skills for an exam.

gabypr · March 2012

Darril wrote: »

I was just reviewing the new PenTest magazine (PenTest Extra 01/2012 | Issues | PenTest Magazine) and it was advertising courses for the Social Engineering for Penetration Testers (S.E.P.P.) certification. I had never heard of this before so did a few searches and came up with this page among others. This page (Black Hat ® Technical Security Conference: USA 2012 // Social Engineering for Penetration Testers by Chris Hadnagy and Robin Dreeke) says that it "is a multiple day, hands-on exam (scheduled within 60 days of completing the course) with true-to-life practical tests that will prove you have accomplished the skills needed to earn your S.E.P.P. credentials."

I can't vouch for it, but it certainly sounds like a multiple-day exam would challenge anyone, which is what the original poster was looking for.

Does anyone else know anything about this cert?

Darril

I havent heard of this certification, but sounds interesting. Lets see how this certification evolve and increase security awareness and practices.

I didnt see the EC-Council Licensed Penetration Tester LPT certification Ethical Hacking, Information Security, Computer Security, Penetration Testing, Certified Ethical Hacker, Pen Testing, Penetration Tester, Ethical Hacking Training, Network Penetration Testing

JayTheCracker · June 2012

good ones may be eCPPT, CEH, LPT, CPT, CEPT, OSCP, OSCE, GPEN, GWAPT, GAWN & GXPN

the_hutch · June 2012

I've got a few to add. I'm surprised nobody has mentioned OSWP (Offensive Security Wireless Professional).

In addition to that, there are all the SecurityTube options, by Vivek Ramachandran. These include:
- SWSE (SecurityTube WiFi Security Expert)
- SMFE (SecurityTube Metasploit Framework Expert)
- SPSE (SecurityTube Python Scripting Expert)

Pentesting Certifications

Comments