EH-Net

Well, I'm happy to say that last Monday I was informed that I earned the OSCP (Offensive Security Certified Professional) certification. I'm really happy since the hacking challenge was difficult. I mean, it's no easy task. I took this course as a supplement for the CEH cert and I'm happy that I did.

The "Offensive Security 101" is unlike any other ethical hacking course that exist today. From the comfort of your own home, you'll be able to learn and gain knowledge of important skills and techniques that is required for today's security professional in protecting their networks by applying offensive security. From scanning to enumerating, to password cracking to creating your own exploit, this basic course covers it all. You will  have the options to connect Offensive Security lab remotely and apply your newly developed skills. How awesome is that. You really get a feel of the real thing. I must say, before taking this course I was skeptical --will I understand the materials, if I get stuck on a topic, will I be able to get some help, will I have the time to attend the course from my busy schedule. Well this Offensive Security folks really put their time and effort in tailoring this course for people exactly like me. The courses are pre-recorded sessions so that you can view the material on your own pace. You can rewind, forward and pause the video to really get a grasp of what the instructor is teaching. If you don't understand or have a question on a particular subject, Offensive Security staff have setup an IRC channel where you can communicate with the instructors or other students that are taking the course. Moreover, Offensive Security has a forum where students can post their questions, comments or what ever is in your mind and feel confident that you will receive a speedy response from either the instructors or students. For an additional small fee you will be able to take the hacking challenge online where you will be tested on your newly developed skill as an ethical hacker. No multiple choice, no vague questions, only pure hands-on hacking to an unfamiliar network. Upon completion, you will earn the Offensive Security Certified Professional (OSCP) which demonstrates your competency in the penetration testing field. Which makes this certification distinctive from any other such as the CEH in where it actually proves practical ethical hacking skills.

After just 2 weeks of attending the course and going over the exercises, I was able to accomplish tasks that I thought was impossible for me. This course really pushes your limits and helps you develop the necessary skills and knowledge to defend today's network from notorious hackers. I highly recommended.

At the mean time, Offensive Security is offering introductory prices on their courses. For additional information, please refer to their site:

http://www.offensive-security.com (http://www.offensive-security.com)

Good to hear some positive feedback on this course :)

I've been looking at it and considering taking it since it was introduced, but I wanted to get my CEH out of the way first. I watched the demo video and was pretty impressed with it. I'd like to buy the video course when I can afford it and then possibly take the certification exam.

Thanks for the info.

Yeah, I really liked the course, it was very intuitive and straight forward. If you decide to take the course, I recommend the lab extended training so you can practice the tools offered in BT against different types of OS, but most importantly is the exercises that OffSec provides within the lab manual. It challenges on what you have learn and more. Some of the exercises are design to make the students use its creativeness and research skills. Plus these exercises are worth points towards your cert exam if by any chance you're borderline.

you're the 2nd person i know that has said good things about the course, might have to check it out when i am done with the SANS stuff.

hello,

i will take my oscp exam on tuesday 20.
you can give me a few of information?

thanks

studying the material they gave you wont be enough?

maybe,

but exam is a stranger network to attack, you have 24hrs to attack this network. i have taken the course and labs. i assure to you is a hard course, and offensive-security staff say "certification challenge is a HARD exam".

a few of information will be well received   ;) . offensive-security staff has total silence about exam  ??? ??? ???  >:( >:( .

thanks.

---
MCSA2003, MCP
working in OSCP

sounds like a good test, maybe i should roll some quarters and try to take the course and test.

If you took the course and did all the exercises, you'll be fine. My tip for you is to get a lot of rest the day before the exam. Review the videos and lab manual ,especially topics that are a bit hard for you. As I was studying, I emphasized on topics such as creating fuzzer and exploit code, working with exploit codes, how to look and research for them as well. The exam contains several objectives. If you are stuck with any one them, move on to the next objective as you can always work on it later. Remember, you have 24 hours. Be organized, document  your findings in a leo file. As this will help you go back to the ones you were having trouble with.

When I took the challenge, I started at 10:00 in the morning and had nothing significant by 5:00 in the afternoon. I started to panic a little, saying to myself that I was not going to pass the exam. I paused, and stood up for a walk inside my house and decided to take a rest to ease my mind. After resting for about an hour, I went at it again and I started to gain results. Within the next 2 hours I completed 2 objectives and I was on the roll. It felt good.  What I'm trying to say is if this happens to you, relax, take it easy. Rest if you need to. There's more than enough time to complete all objectives.

Hope this help, good luck on your exam  :)

ok blackazarro,

thanks, i don't have finished all my labs exercises, extra challenge exercises, BOB is my nightmare !!!!!! i can't exploit it, i scanned, detected, banner grabbing his services .... but CAN'T EXPLOIT  >:( >:( >:(

thanks.

carlos.

Sounds like this is getting good reviews. Should we add this cert to our list of pen testing credentials?

http://www.ethicalhacker.net/content/category/1/31/3/

Don

Don't worry, I also had problems with bob. I did not have enough time to exploit it. I should have extended my lab time. So you are not alone.

Hey Don, you definitely have my vote.

Will do.

BTW - Somebody submitted this thread to digg:

http://www.digg.com/security/Review_Offensive_Security_101_Unlike_Any_Hacking_Course_Available_Today

Guess that makes you an un-official reviewer for EH-Net.  ;D

Don

cool, I don't mind that  :)

How's this:

http://www.ethicalhacker.net/content/view/119/3/

Maybe you can help me with the details section of this new cert listing.

Don

OffSec will send you details of the course. Nevertheless, you have 24 hours to complete the hacking challenge. The Certification Challenge simulates a “live network” which contains several common vulnerabilities.

Prerequisites are the following:

- The student must have a solid understanding of Network Administration and TCP/IP, and a reasonable level of familiarity with Linux, in order to complete the course.

- A modern PC, with the capability of displaying full screen video and sound.

- A fast Internet connection to view or download the Videos.

- A fast Internet connection to connect to the Offensive Security Labs over VPN.

A minimum of 70 points is required to pass the challenge, and obtain the OSCP certification.

The above information are subject to change. Please visit https://offensive-security.com/index.php (https://offensive-security.com/index.php) for latest information.

Contacted OffSec, and they did provide more info. It has been added to the cert info page for OSCP.

Don

os101 is a good good good course and cert.
it has been hard, but i have learned very much.

Another good reason why you should consider Offensive Security 101:


This was posted in http://www.offensive-security.com (http://www.offensive-security.com)

Just signed up for class. Can't wait to start! Thanx for a wonderful course writeup blackazarro. 8)

Great, I glad that my review was helpful. I hope you'll enjoy the course as much as I did.

I've just signed up for OSCP - my course is scheduled to start 14th May.

I'll keep you posted as to my thoughts and progress.

This is my 1st security cert that I'm going for - I've been a net admin for 7 years and feel the time is right to move onto something a bit more specialised. I'm hoping to do CEH and ECSA in September with koenig-solutions.com in India of all places.

Hope to chat to soe of you guys on #offsec in the coming weeks.

Woot! Just got my OSCP cert! If anyone is on the fence about getting this, I have three words for you:

FANTASTIC! FANTASTIC! and ...wait what's the word I'm looking for, oh yea
FANTASTIC!

Kudos to Offensive Security team on making the experience fresh, enjoyable and challenging!

Congratulation!! ;D

Feels good doesn't it. I'm telling you, this course kicks ass!

Hey Everybody,

First, I'd llke to say "Hello", as I'm new to the boards and this is my first post.  ;)

I'm really interested in checking out this cert, but have a question regarding the knowledge of Linux - how much is enough? 

I have the networking background, but am only just now starting to learn to work with Linux, but was hoping to take this course by late Summer.  Will I be in over my head with only a basic Linux foundation?

oh, and CONGRATULATIONS! to those that have passed.  ;D

IMHO Only basic Linux knowledge is required for OS101. Especially if you're planning on using BT distro (as it is recommended by OS team). And if get lost and can't remember/not sure of some linux commands or options, you can use my favorite: Google!  :P

First of all, welcome to EH-NET. You will find this site useful.

I think you'll be o.k. with a basic knowledge of linux while taking this course, however, I recommend that you visit http://linuxcommand.org/  and review some basic commands before taking the course. It will be helpful, I guarantee it.

Also, BackTrack is based on Slax so if you have chance, go and check http://www.slax.org/ .

And finally, if by any chance you need help, you can always post questions to Offsec's IRC channel, forum and of course this site. We will gladly help answer your questions.

Hi Monkeymind

Don't worry about the Linux aspect, as zr0crsh says if your using the BT distro then a simple understanding will be fine. As long as you can move through a directory structure, chmod files, move files, copy files, manipulate network configs, etc then you shouldn't have a problem.

I'm 3 weeks into the course (having been on holiday for the last week) and can honestly say this course is superb. The videos are great and are mirrored exactly in the documentation, so if you haven't got access to a PC then you can at least read about the subject.

The exercises are well designed and stimulate exploration of the concepts being taught and the support is excellent - muts and/or ziplock are nearly always available through IRC to iron out any problems you have with the labs and then theres always the forums to revert to, though the forums aren't busy the info you find there is definitely worth noting and I think is fair to say, should be thought of as the FAQ for the course.

The bit I've found most difficult to get to grips with is the programming side, specifically bash scripting and python programming as I have very limited experience in that area - having said that Google is your friend here and there is plenty of sample code available for you to dissect and learn from - not hard but takes time.

Time is the one thing that always seems to be in short supply - I started this course thinking I would nail it inside a month but I reckon for your average Networking Joe with only limited pen testing experience and family commitments then 3 months would be more realistic to do it justice as (if your like me) you'll end up doing a lot of reading around the subject and experimenting with associated ideas. This has got to be a good thing as ultimately gaining the  cert shows a thorough practical knowledge of the subject and not something that can be done via reading a few braindumps.

I'm finding the course extremely interesting and stimulating and would recommend it to anyone - if your currently sat on the fence deciding what to do - GO FOR IT !. You won't find a better value course anywhere and no I am in no way connected with the providers of the course I'm just very impressed.

Wow, ok thanks for the most helpful responses!  Maybe I won't wait until the end of Summer, after all.  I'll be starting on my Master's degree program and want to give this course the attention it obviously will deserve.

You all have gotten me really excited about it.

Thank you!

Well, i did it.  Signed up for the class starting on the 16th.  So, this next week will be spent going through linuxcommand.org (again) and finishing up Hacking Exposed, as prep.  I'm going for the extended lab time, as I want as much practice as I can get before attempting the challenge.

I've no doubt that my number of posts to this forum will go up significantly during this process.  You lot are too good a resource to pass up. 

Woo! I'm a little nervous, as this will be my entry into Ethical Hacking.  But, I'm very excited about the course!

Excellent.

Hi Guys. I was interested in this course right from the start. Now after reading all the feedback my interest really went up!!! I/m glad to hear it as I signed up for the class last week, I'm starting on the 16th !!! ... like monkeymind!!!!

I don't have strong knowledge with Linux, just basic, and hopefully that will be enough + I'm gonna go through Google for Linux command for the whole next week.

Guys, just one question: I didn't use IRC before, I just installed it on Windows (mIRC), somehow I cannot find the Offensive Security channel (#offsec) :( , probably I'm doing something wrong, could somebody give me some info on that. That will be greatly appreciated.

bY THE WAY: For those who passed the challenge already - MY CONGRATULATIONS !!!!

Hi dva,

Welcome to EH-Net! Good to see you already taking advantage of the great wealth of knowledge that the members here love to share. And we hope you continue to contribute as well :)

As for your mIRC connecting... Are you able to connect to the server? Make sure you type the server name correctly, and use port 6667 (or 6697 for SSL if it's supported; not sure). Once you're connected and you see the MOTD and such, you'll need to type the following command to join that channel (chat room):


That will open a new tab into that channel (make sure you put a space between '/join' and '#offsec') and you'll probably see '@muts' and '@ziplock' hanging out in there (they're almost always there). The '@' in front of their name means that they are a channel operator (channel moderation abilities).

Any other problems, feel free to post! Hope you enjoy the course as well. I thought it was very well done and provided a great overview of some of the very useful tools included with BackTrack.

Hi venom77,

Great, I've got it thanks to your excellent tutorial :) I just didn't join to the channel properly.... now I can see @ziplock and a bunch of other people over there... great. THX venom77!!!

I'm happy to meet you here and on mIRC guys ...

Based on your overview I really get more attracted by the course...

There's no need to Google for Linux commands (well you can if you really want). There's a one-stop-shop for learning Linux commands at LinuxCommand.org (http://www.linuxcommand.org/).

You're welcome! Glad you got it working. I don't come into that channel too often anymore, but when I do I just use my OS ID, os2208, as my nick. Perhaps we'll run into each other there :)

Great!!!, Thanks. I like that; will go with this one then...



Thanks again.
Sure we'll meet on IRC, my nick is the same one I'm using here: dva. I like your idea using IS ID as a nick :)

hmmm I'm still thinking about this course.
Do you recomend this course if you'll pay it by your own money? ???
Is this the same with the C|EH course or more better?
Thanks and good luck to everyone!

It's definitely a good course if 1) You're interested in using BackTrack 2) You're somewhat new to BackTrack and aren't familiar with many of the tools.

If you're already pretty competent with using BackTrack, then you could probably skip this course and wait until the next one comes out. But if you fall into the 2 categories above, then yes, it's a great course.

It is different from the CEH in that it only covers the use of BackTrack and the tools included within. The objective is the same: ethical hacking.

Hope that helps :)

will this boost up my career in security?
I'm using BT before and little bit familiar. but i want to learn more and do more hands on.

Right now i'm still a n00b in security field, im still getting my job experience  ::)
I'm around 70% convince to take this course.

Interesting. Let see i hope i can make it on the 16... ;)

Hey dva, looks like we'll be classmates!

kcirtap, have you decided to join us in this round?  To answer one of your questions, I'll be funding this myself, as I do with most of my training.  Usually, I do self-study, as it's what I can afford.  But, with this type of tool, instructor-led is the best route - for me, so it was worth it to sign up.

Looks like most of you guys will start training today?  ;D
i didn't make it but i'll try on the next batch.
Well good luck to everyone! See yah there!

I would like to hear from someone that has completed the course. From the demo video it seems to be a decent course.

OSCP now has it's own board. So feel free to ask additional questions in new threads.

Don

I am currently taking this course and indeed it is an excellent course. I am having problem completing exercise 23 & final challenge. If any who has taken this course would like to share information regarding these two exercises, I have enclosed my email below.

Jack

busana100@yahoo.com

Hello,

I have a question regarding this cert...Would some one starting network admin or security be able to take this course? I was looking over the course topics and it looks simple the couple of things. I worked in I.T for over 8 yrs but doing help desk and trouble shooting.

I worked with some MS system , and linux box (Fedora 8) At the moment I'm running Vista and FC8 on my dell laptop.

I know some linux commands since i been doing work on my laptop. I'm just worried that if I sign up for this course I will be left behind.

Any feed back would be great.

The Prereq's for the course include:

•The student must have a solid understanding of Network Administration and TCP/IP, and a reasonable level of familiarity with Linux, in order to complete the course.
• A modern PC, with the capability of displaying full screen video and sound.
• A fast Internet connection to view or download the Videos.
• A fast Internet connection to connect to the Offensive Security Labs over VPN.

And of course I'm quoting that directly out of the Offensive Security 101 v2 Course Description that can be found below:
http://offensive-security.com/documentation/offensive-security.pdf

Judging from your experiance, I bet you'd do fine.

The only thing that I'm worried about is the "understanding of Network Administration and TCP/IP" part... That could mean alot, since many network admin have different means. The tcp/ip thing I know how to configure them in windows and linux, but after that I know just a bit .

I think I just might look into studing more network admin and tcp/ip just to make sure.

also I tried to look for a price on all this on there site. I could not find anything, anyone have a link to it?

For the offensive-security 101 v2 standard price is $550.
http://offensive-security.com/training.php
Your plan to study more in tcp/ip is definitely a good idea considering if you look around these forums on where people ask "where should I start?", etc, everyone does recommend getting a good grasp on Tcp/Ip.

Hi Everyone,

I am new here and just wondered if any OSCP certified guys could help.

I am starting the course on 25th January. I am currently a dual CCIE (R&S, Sec)so I'll have no issues with the IP elements of the course, however my linux experience is very limited. I can do the very basics, ie move round the directory structure, copy files etc but that's about it.

I have no experience off shell scripting / python scripting and this is making me wonder how I'll find it...

Any thoughts

WS

I think you shouldn't have any problems. But if I were you I would at least read the basics on shell and python scripting prior to taking the course. It will help you save some time for researching other topics that you may need during your studies in order to complete an exercise or just fully understand a subject given in the course.

Here, you could start by heading to these links:

http://linuxcommand.org/
http://openbookproject.net//thinkCSpy/

Hey wirespeed, looks like we'll be doing it at the same time I've just done my VPN test and thrown a handful of cash at the offensive security guys.

Hoping I've done the right thing, although having a good few years IT under my belt, and more than a passing interest in Security I still feel lacking in hands-on time (one reason I chose OSCP). I'm sure we'll both be fine though :)


How much Python is actually involved? is it really for Metasploit development or is there more to it?

Chan,

Not sure how much python is required, luckily I have a friend who is a python programmer so I guess I'll be on the phone to him a fair bit !!

To be honest the scripting is the only thing that has me spooked, I have all the network stuff covered...

Maybe we'll hook up on the IRC channel ?

Best

WS

PS Love the 100m Swimming Cert  ;D

Hey All

Thought I would just mention I will be starting the course on the 22 Feb. I was wondering if there is a big difference between the Ver1.0 -> Ver2.0 and what they are?

Will keep you posted

Later

yeah i have heard and seen that this certification is on constant self updates and more than any other course its exam doesnt mostly depend on ur course where but its more ur practically how are u going to defend and hunt down ur hunters...

me yet to get my hands on OSCP
i feel J for my friends who have finished this such wonderfull certs

I think you should have a good hacking knowledge before taking this course.
Based on what members who took this course say it's not easy to pass this course.
I used to think that I could pass this course but I'm reconsidering my decision and improving my skills.Perhaps a six-eight month practice with the tools will do it for me. I advice you to improve your skills and knowledge before taking this course too.

6-8 months practice with the tools? Sounds like you'll be damn prepared. You should definitely start looking into the tools on Back Track 4 as well because in that time my guess is that v4 should be stable and they may have out the Off Sec 101 v3 class that's utilizing Back Track 4 as an attack box. If I were you Xen, I wouldn't underestimate yourself, I don't know your schedule but you are given that 30 day lab *or 60 day* access which is a perfect place to practice and gets that hands on training!

its not exactly u should have a hacking knowledge , u should know
You should start by knowing how HTTP works, the basics of web application development and you should also read a lot about Cross Site Scripting, SQL injection, remote file inclusion and other common vulnerabilities. A good place to start is the OWASP site, and particularly the OWASP TOP 10.

Hey guys any idea if they will be using BT4 on the course now?  ;D

Not til the final is released is my guess, by then I'm sure Mati will release the Off Sec 101 v3 course.

I recently took the OS101 course (now called "Pentesting with BackTrack") and passed the OSCP exam.  I have to say, this is by far the best security training I have taken, and likely the best technical training I have taken.  I have come away with much more knowledge than I started with, an understanding of concepts that were previously very obscure to me, and a feeling like the knowledge I have justifies me having the certification (I could compare it to another course I've taken and cert I hold, but I'd rather be nice).

Thanks to the Offensive Security staff for putting together an INCREDIBLE course!  I would not hesitate to recommend this course to ANYONE trying to get into technical security and penetration testing.

eternal_security

Good to see another OSCP registered on this board. Congrats on the certification! Hope you stick around here and help out your input can be very useful to members I'm sure.

Thanks xXxKrisxXx,

I've been around for a while, but haven't really participated (often just don't have time).  I'll attempt to contribute some useful input.  Thanks again for the congrats.

Kind regards,
eternal_security

Yep eternal_security is a very good peeps :) :)

Thanks Dark_Knight.  The feeling is mutual.