EH-Net

After looking through a few certifications I have come to the end result that I will purchase the PWB courseware from the Offsec guys.

My main goal is to gain knowledge to support the Bachelors in Information Security I have. This looks like a great place to start.

I'm not a huge Linux person atm but I have been working more and more with Backtrack lately.

Is this course appropriate or should I start lower on the ladder?

I see a course from elearnsecurity but It does not look as good or come as highly recommended.

If you have a Bachelors in InfoSec and have been exposed to Penetration Testing and Vulnerability Assessment in your classes I'd say go for it if your willing to suffer a little bit. I don't have a degree in InfoSec, and I opted for the course.

The questions I'd ask myself before taking the class is, how comfortable am I with BackTrack? Personally I walked in knowing a good amount of Metasploit, NMap, Reconnaissance, knew how to compile and run exploits, fix some public versions of exploits, and had some python experience I had gotten from school.

I wouldn't say this is a beginner course, during the exam your basically thrown into a cage with lions and forced to fend for your own *;D*

eLearnSecurity's not a bad course at all. I think it depends on your comfortability level in the field of Hacking. I would definitely recommend it for the absolute beginner. You get more Web Application testing knowledge out of it then you do out of PWB, and it's a great course to start with.

I personally had a blast in PWB and thought the OffSec Style of PWB training (which is basically, "Here's the lab guide, here's the course videos, there's 50+ machines spread out across 4 subnets - Happy Hacking), was more of my personal learning style.

There's a few of us who have our OSCP certifications on this board, don't feel hesitant to ask questions!

Welcome to the forums!

-kris

This is like the saying "opinions are like..." Here are a few things I'd like to throw out to you - for you to ponder.... Certification ... Learning... Which do you prefer?

Certification - overrated at times especially when one is seeking to "dump" - I need to pass this class!!!. You're likely to retain little and not learn at the end of the day.

Learning - always in fashion

There is no "wrong" course to learn from. I haven't taken eLearnSecurity's course because I don't need it - and I'm not saying this to be arrogant. I'd actually LOVE to take it for the sake of learning something, but at the end of the day, it doesn't benefit me so I choose to focus my money and time elsewhere. I would STILL learn from it I'm sure though. There are plenty of people here who have taken it and liked it alot. There were some who didn't.

As for the OSCP, you state you have little Linux experience (based off your statement: I'm not a huge Linux person atm but I have been working more and more with Backtrack lately.) so my perception/interpretation is, you will find the OSCP difficult and likely fail the first, second and perhaps the third time around. You WILL LEARN doing the OSCP but it might be akin to jumping into trigonometry without understanding basic algebra.

Back in 06/07 I started a "Pentesting 101" write up (http://infiltrated.net/pentesting101.html) where I laid down what I felt was a STRONG 52 week step-by-step to become a decent/well rounded pentester. It includes understanding the entire gamut of operating systems, networking, applications, etc.. There will NEVER be an "all inclusive" course to become a "ninja pentester" as there are too many variables (web applications, presentation layers, covert channels(networking), etc.) the key to it all is understanding as much as possible.

E.g., when I did my RWSP, I was completely on all their machines and was completely stumped on MSSQL syntaxing. Guess what? I come from a Linux/BSD/Solaris world. Postgres (check), MySQL (check), Oracle (check)... MSSQL? Nah, not my cup of tea. Had I taken the time for a refresher, I'd of not wasted time - in the end, I ran out of time. Anyhow, because of what you mention (minor *nix) experience, I suggest you start with ELearnSecurity, get comfortable with it, then aim for the OSCP only AFTER you're extremely comfortable with not only Linux, but a variety of topics.

After reading sil's comment and going over mine, I don't want to make it seem like I'm setting you up for a rough time in PWB Lubinski.



This is very true in this situation. My first post made it come off like PWB was easy if you had some good background. I hadn't mentioned that I had been using BackTrack since 2007 prior to taking PWB in 2010. I'm not saying you need to have years experience in linux to sign-up, they mainly want you to be comfortable.

Are these the only two vendors you've compared? Have you looked into HackingDojo (http://www.hackingdojo.com) or LearnSecurityOnline (http://www.learnsecurityonline.com/) yet? These are other positive places to get your hands dirty at affordable prices too.

-kris

Thanks for the replies, I am currently looking at the various other options posted here.

I did not mean to portray elearnsecurity as a bad option, just that the PWB course looks better after looking at both. Price is sort of a major factor here so we will see what the budget boils down to.

I will keep you posted and thanks for all the info.

Courses by Offensive Security, are highly recommendable and you will learn a lot but also go through a rough period of learning, including trial and error  ;)

I've done OSCE, and that was pain inserted directly into my cerebrum  ;D

It was awesome though, and it has given me something I can use for the rest of my life.


I haven't tried LSO, eLearnSecurity and Heorot (Hacking Dojo) yet, but in the future I most likely will  :)

In my opinion, in your case, the best place to start will be hacking dojo. It will start you from the basic, and while it will cost you less money you'll get an inside view of the pentest world. If you'll like it you'll learn a lot, if you'll not like... you'll save money and find yourself a new career path (firewalls, compliance...)

One of the biggest advantages of hackingdojo is that you will actually talk with the instructor (Tom) and you can ask him almost anything. On the oposites, doing OSCP you'll be on your own (in a lions cage  :) ).

I will take another look at the dojo. Thanks for tip. Can someone describe the experience they have had with hackingdojo.com? I got some information off of their site but if you can fill in the spaces that would be wonderful.

While I've not taken the courses from the Dojo, yet, I have Tom's book (Professional Penetration Testing,) and it's a good read.  In addition, Tom is a member here (Grendel,) so along with others' experiences, you can ask him plenty, as well.

Good luck.

Excellent. I feel like i stumbled upon a golden trove of usefulness here..

I don't think that just because you don't have that much Linux experience that you shouldn't take the course. I didn't have that much linux exp either and I passed on my first try. BUT I did have to work my ass off at it. I had to ramp up my Linux skills really fast and now they're acceptable. I just passed a couple weeks ago and documented my experience here if you're interested: http://networkadminsecrets.blogspot.com/2010/12/offensive-security-certified.html (http://networkadminsecrets.blogspot.com/2010/12/offensive-security-certified.html)

The bottom line is if you have solid fundamentals, meaning you understand routing/protocols and how an OS works, you could probably get to where you need to be in 60-90 days. Quite frankly if you don't pass on the first try its not that big of a deal because you can retake for $60. Its not like you have to drop $500 to retake the exam. Put in the hard word and it will pay off.

Thank you so much guys for your inputs....
It was highly valuable. I am considering hackingDojo, and more imp to brushing up my fundamental skills side by side.
Thanks again.