Is the OSCP worth it? (for me)

naftalirnaftalir Member Posts: 38 ■■□□□□□□□□
Hey,

a little background: i have been working as a network&web application pen-tester and as a programmer for the past 6 months or so,
i also passed a few months back the ecppt Gold exam (practical pen-testing exam).
link to what the exam includes: ECPPT GOLD - Practical Penetration Testing Certification
link to the elearn course syllabus: http://www.elearnsecurity.com/course/penetration_testing/syllabusv2.pdf

Note:there were labs in the elearnsecurity professional penetration tester v2 course (web and network).

Anyway i would appreciate some advise on my next step.

Im thinking of going for the penetration testing with backtrack (oscp exam) however im not really sure i will gain much from it.(Please note i dont actually care about the certification, all i care about is the knowledge i can possibly gain from the course/exam).

Can someone who took the course tell me what i might gain from it that i haven't already from the elearn ptpv2 course?

Also in the course will i be writing my own exploits or just modifying previously made exploits? and if you do write your own exploits, will they be more advanced then just basic stack-overflow exploits?

Comments

  • jm0202jm0202 Member Posts: 87 ■■□□□□□□□□
    Yes, OSCP is more than web pentesting..
    I just finished the cert and was very challenging.. I will recommend it
  • NovaHaxNovaHax Member Posts: 502 ■■■■□□□□□□
    I can't really compare the two...as I haven't done any eLearn stuff. But don't expect much from OSCP in the way of web-app testing...its mostly focused on perimeter testing. I can answer your questions though.

    Question 1 - Also in the course will i be writing my own exploits or just modifying previously made exploits?

    Answer - Almost entirely modifying existing exploit code. You will work with exploits written in C, Ruby, Perl & Python, but you don't really need to know any of the languages to be successful. You just need to be able to know how to substitute shellcode (using MSFVenom or MSFPayload | MSFEncode), and replace hardcoded IP addresses, port numbers, or credentials (for post-authentication scripts).

    There is a VERY basic module on exploit development.

    Question 2 - and if you do write your own exploits, will they be more advanced then just basic stack-overflow exploits?

    Answer - Nope...that is exactly what you will learn to do...is a very basic stack overflow.

    Cracking the Perimeter (OSCE) will cover a lot more in the area of exploit development

    ***FYI - You CAN take CTP without taking PWB (though I don't know anyone who ever has)...if you can pass the registration challenge
    icon_wink.gif
  • naftalirnaftalir Member Posts: 38 ■■□□□□□□□□
    Im not looking something for web-app testing.
    And thats really a bummer that they don't have exploit development (only modification) icon_sad.gif
    In the ptpv2 course and ecppt gold exam they actually had some exploit development (not modification. exploitation from scratch) which was super awesome! :)

    so my next question is, is there alot of programming in C/Python in the oscp?
    and did you take the osce?
  • SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
    so my next question is, is there alot of programming in C/Python in the oscp?

    No, scripting knowledge only will get most people through OSCP. It really sounds like OSCE is your cup of tea. Or a GIAC Cert.
  • naftalirnaftalir Member Posts: 38 ■■□□□□□□□□
    So maybe il go straight for the osce, i just took the challenge anyway and it really was not that hard :)
Sign In or Register to comment.