Question on the "completeness" of Penetration Testing with Kali Linux Course

I wanted to get everyones experiences and opinions on this aspect of the PWK course.

I've accepted a new position and I'll be moving from straight GRC to a position that's about 70% technical security and 30% GRC/Audit, so I will be looking to build my technical security knowledgebase. In this role there is a huge opportunity for someone internal who can step up to the plate with vulnerability assessment and pentesting and I'd like to be the one to step up to the plate.

I've followed several threads here on the OSCP, as well as reading reviews elsewhere. We know all about the "Try Harder" motto, but I have a concern regarding the course material. From what I've read, it seems like people are having to do a ton of outside research to be able to even pop boxes in the lab, and advance in the course. Maybe I'm interpreting it wrong, but it just seems the PWK course itself is missing everything you need to be able to be successful in the course. I think it's one thing to "Try Harder" as in using what you've learned in the course and trying to think outside the box, and apply things in different ways, and maybe even do external research to supplement and modify what you've learned so that it can be even more effective. But to me it seems more like "Try Harder" means we will give you a hint of what you need to learn but you need to go out and find and learn it yourself.

I've compared the syllabus for PWK with the PTP v3 course from eLearnSecurity, and PWK syllabus does indeed look a bit thin. The syllabus for PTP v3 on the otherhand looks chock full of everything you'd need to be successful in the course (and then some). I just don't care to pay $1150 for the PWK course but still have to go out and teach myself enough to be successful in the course. I would do both if I could just drop that kind of cash but that's not going to happen in such a short period of time. I do like the reputation Offensive Security has built and the cert is very well recognized so that is my preference to just go for the OSCP straight away (and maybe do PTP v3 later on down the road).
Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up:​ OSCP
Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework

Comments

  • MSP-ITMSP-IT Member Posts: 752 ■■■□□□□□□□
    I've often mulled around the thought that the "Try Harder" motto is almost an excuse to cover the fact that they don't quite give you the materials needed to prepare for the labs/exam. But understanding the amount of prerequisite knowledge required to thrive in the industry, I think they do what they can. With the amount of material provided across both the PDF and videos, and considering the technical depth of some modules, you're going to be spending quite a bit of your lab time working on digesting everything you're reading/watching. I believe that the material provided by Offensive Security is more than enough to get a good handle on what's required. Sure, they have the option to dumb down the lab machines a notch or two, but that's not what the real world is like. I think the majority of what you've read here regarding the OSCP is more based out of misunderstanding on the part of the contributors (like myself) as to how much time and energy was/is required to complete the course/labs thoroughly.

    If I were to choose between the PTP course and the OSCP, despite what I've said in the past, I'd still likely go with the OSCP. Until eLearnSecurity gains some traction in the recognition department, OSCP will remain king of the pen-testing certs. Had I understood the time and energy requirements for the course, I may have waited a month or so to commit to the course. Though I may still be at an advantage to gain a job relatively soon, within the realm of the OSCP, based on the work I've already completed within the course.

    In the end, as with many things, it comes down to balance. Offensive Security gives you the most important basics. They avoid providing you with unnecessary fluff, duplicate tools, and distracting content. If they gave you more material, it'd only prove to detract from the time you'd spend poking at the machines in the labs. I don't know about you, but I learn best by doing. That being said, I'd rather spend more time on the labs.
  • BlackBeretBlackBeret Member Posts: 683 ■■■■■□□□□□
    MSP-IT hit the nail on the head. The full pentesting cycle involves so many specialty areas that you make an entire course (or sometimes dozens) on each module. I haven't seen the E-Learn course, but I feel the PWK course covers everything from start to finish with as much detail as can be expected. From what I've seen and heard some of the lab boxes are a lot more challenging than the actual exam boxes. It's designed so that the labs can give you more depth than is required to meet the minimum.

    Also a section of the material is based around finding things you haven't seen before, or a different way to accomplish something, because this is what happens in the real world. I can give you step-by-step instructions to take the MS## exploit, modify it to fit your network, and run it against XYZ system. What the PWK tries to teach is that you need to be able to figure out which exploits would work, then modify it yourself based on your own needs, than figure out how to launch it against any type of system.
  • PrefluxPreflux Member Posts: 15 ■□□□□□□□□□
    Everything said above is indeed 100% correct. I'm currently in the middle of my OSCP and I can't fault it one bit. Ok maybe the frustration it can occasionally cause!

    The OSCP PDF and Videos are a fountain of knowledge, especially for those starting out in Infosec. The video series are definitely the best I have ever watched as they are so easy to understand and to follow. The exercises compliment the videos and PDF very well and when people say you can go into this course not understanding buffer overflows to writing your own / editing public ones, they're correct.

    I wouldn't say the 'research on your own' aspect of it is bad at all. If everything was given to us on a plate, it would be a case of running a few tools and popping each and every machine. That wouldn't reinforce any kind of knowledge and would be a waste of money. OSCP forces you to research numerous things which in turn helps you understand why it works and how you can leverage it further in the future, or even in the labs. The most common things you'll be searching (Or re checking material for) would be either how to modify public exploits, how to leverage known vulnerabilities in that software or how to get your shell to fully work and then escalate to root.

    In the real worst case scenario if you are really stuck, people in #offsec are always willing to point you in the correct direction or explain things if you are unclear. This kind of community only exists because everybody is left to research and work things out themselves and this leads people to be more generous in helping others.

    If I had to sum the OSCP up, I'd say it is a great stepping stone to gaining some serious knowledge and just by going over the course material, you'll instantly think of new ideas and become very familiar with common tools. The labs have been extremely fun and some boxes are a real challenge but give you a great sense of satisfaction when you finally see your shell. And like MSP, learning by doing is so much better, and more entertaining :).
  • 5502george5502george Member Posts: 264
    Congrats on the new job!
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Thanks for the opinions guys. The PWK/OSCP definitely is intriguing and I love the hands on aspect of it. After studying for months and months trying to remember a billion things for the CEH, I don't care to do that ever again. I actually do far better with practical things and getting hands on.

    5502george wrote: »
    Congrats on the new job!

    Thanks! I'm excited to move over to a more technical role, but I also understand I won't have it as easy as I do in GRC land.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
    I'm going to play on the other side of the wall for a bit. I still have my PWB videos, and I'll admit that I don't like the way it was structured. The first videos were how to setup SSH and a web server. Seemed a strange choice. You also have buffer overflows before using exploits. The section on Exploits contains nothing that I can see about finding exploits (unless it was in the above videos, but based on the ToC that doesn't make sense. So apparently this exploit appeared out of thin air. I haven't made my way through most of the other material, but I have concerns. I don't see anything in the videos about keeping track of your test or its results. Looking again, through the ToC I see nothing about post exploitation, nothing about pivoting.

    In my opinion we need a course that is laid out into the phases of each of the phases and explains what we are talking about, shows some examples and so-on. Looking at the PTP course description, I do like the way it is laid out. My concern with that is their reliance on slides in the PTS. I don't know how much that improves in the PTP.

    I have yet to find a course that answers the seemingly basic questions I have about penetration testing. Some things are just glossed over.
  • wes allenwes allen Member Posts: 540 ■■■■■□□□□□
    The full value of PWK isn't in the PDF or videos, it is in the lab environment and the interaction with the OffSec team. The lab is an amazing place to teach yourself, with guidance from the course materials, google, and the occasional nudge in the right direction from the offsec forums and IRC.
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    I bought, but never completed the course (going to give my two cents anyway). The point of the course is to be as close to real world as humanly possible. That means that sometimes there will not be a step by step on how to setup and execute an exploit. As others have stated, in the real world you are not going to have a perfectly setup box where an exploit will just work (at least most of the time). Also, I know at least for myself, figuring out why something didn't work makes it stick more once I get it to work. Before I knew about FastTrack I had heard you could setup Metasploit to run a scan with nmap and then check it's database for exploits then it would attack the boxes. There was not one guide I could find that was step by step on how to set it up. Took me four hours, but with research and grit I got it working. It's amazing thing to think through a problem and get the answer. If you decide to complete the course I'll say this....welcome to the suck ;)
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
    And I get that, but there is a difference, you have to provide a student with the tools needed to execute their objective. I don't want a step-by step telling me how to exploit every box, I want training that will give me the knowledge I need to be able to do so.

    And I understand the value of the labs, I do. But a person should be able to at the least pop a single box in your lab with the provided training alone. If they are unwilling to provide that, they should eliminate the training and just sell lab access.

    That being said, some of the training is quite useful and difficult to find elsewhere in one place.
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    This topic is timely for me. I'm taking the SANS SEC560 next month. I know long term I want to complete the OSCP, but I've been wavering between whether or not to take the eCPPT first. My experience with eLearnSecurity has been good. I think the quality is pretty good and forums in my experience do offer value. The only problem I see is the same others have mentioned. They just don't have the name recognition that OffSec has.
  • SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
    Please review 560, I don't think i've seen a really good review of the course.
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    Sure. Actually, that will be helpful for me as well. A great way for me to review what I've learned.
  • impelseimpelse Member Posts: 1,237 ■■■■□□□□□□
    I bought two versions of PWK and the latest one cover much better the missing part about exploitation.

    In the beginning I was thinking I need step by steps but after fighting a lot you really learnt.

    I did a pentest last summer, when I was working in that pentest I remember some thing were so difficult in the lab and I got similar problems I was able to hack the "security server" LOL

    I did not attempt the cert yet, this training is for people who like more build/configure/test systems because of the hands on.
    Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
    It is your personal IPS to stop the attack.

  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Really good input, and I'm about 75% sure I will make a go at the OSCP, timing is what I have to consider so I can make sure I don't run into the issues with having to stop working on it like some folks here. I actually snagged the eLearnSecurity Student course back when they had the $100 deal so I will most likely go through that as a primer.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • ITHokieITHokie Member Posts: 158 ■■■■□□□□□□
    SephStorm wrote: »
    Please review 560, I don't think i've seen a really good review of the course.

    I did the online version of SANS 560 a couple of years ago. Since you have GCIH, you might be familiar with Ed Skoudis since he also taught 504 (at least when I took it). The content is fantastic and the labs are excellent. Entertaining instruction makes for an even better experience. I highly recommend it.

    What specifically would you like to know?
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    @ITHokie: This is good to hear. I'm looking forward to taking. Sadly it won't be in person. I'll be taking it OnDemand. Any advice on prepping for the Capture the Flag event?
  • PupilPupil Member Posts: 168
    This was one of my concerns as well. So, I figured I would get a good understanding of networking, Linux, Windows, Bash, Python, C, and Assembly before diving in. Also, I plan on practising on vulnerable VMs like Metasploitable.
  • ITHokieITHokie Member Posts: 158 ■■■■□□□□□□
    @veritas, I took it OnDemand also. Unforunately, I did not have time for Capture the Flag so I can't comment on prepping for that. Sorry! I'm sure it will be a great experience, though.
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    @ITHokie: I can see where that would happen. I took the SEC504 and there was a Capture the Flag at the end. Unfortunately I didn't have time to partipate icon_sad.gif I'm hoping too keep that from happening this time around.
  • azmattazmatt Member Posts: 114
    With the 504 and the 560 CTFs the most important things IMO are staying calm and staying organized. Everything you'll need is covered in the course so before it starts have a plan ready for enumerating the boxes, what you'll do if you see certain things, and how to pivot from one box to another. Take good notes on what you do and what you see and you'll do great.
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    @AZMATT: Thanks for the suggestions.

    @JoJoCal19: My apologies for hijacking your thread.
Sign In or Register to comment.