EH-Net

Hello,

I need some help to decide which cert I should take between CEH/CPTE/CPT/OSCP/eCPPT. I don't consider
myself as a beginner (Bsc computer sience, CISSP, 7 years professional experience). My plan is
self-study and online exam, because of very low budget. I've read some reviews that
for CEH, reading the CEH all-in-one exam guide is enough to pass the exam, so I only will
spend $500 for exam voucher and $100 for the non-refundable fee. Then I saw CPTE by mile2 which according
to some opinions, has better material than CEH. The drawback is market recognition and I have
to buy the material ($550) then more $250 for the exam.
For the CPT by IACRB, I didn't understand if they have an online exam and self-study material.
The OSCP seems to have more advanced material (building exploits, shellcode) and I think I should
take something like CEH first.
The eCPPT seems like in the same line of OSCP but a little some soft. I could be a good option,
but I think it doesn't have the market recognition yet.

That said, I would appreciate some comments.

Best regards.

Do you want to come out with skills?  If you want a challenge shoot for OSCP.  Getting that will certify that you know how to actual perform the attacks.  If you want to go full on pen tester, it will probably be the best one to go for.

CEH material can be somewhat out of date from what I've heard around these parts.

Hi psimoes79,

Welcome to EthicalHacker.net! I think the OSCP would be the best bang for your buck in all honesty, but it could come off extremely hard depending on your skills relating to pen-testing. I've heard CISSP is more of a management cert, but I'm guessing with 7 years and your Bachelor's under your belt, you've at least toyed with Penetration Testing for awhile. Having taken the course myself, I found it challenging, and I learned a ton. If you want to get some of my background on it before going in, I wrote a review
here (http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6422.msg34415/topicseen,1/) which may come in handy.

I've also taken the Pro course at eLearnSecurity at this is a great course also. The certification exam and course as a whole is hands-on, and writing a detailed report is 50% of the examination I believe. What I noticed that I liked more in OSCP over the eCPPT course is that we as an Off-Sec student your handed a lab with over 50 machines with pre-configured vulnerabilities to break into and test your skills. At the time I was going through eCPPT (last year around September or October) this wasn't available. The labs were more based around pulling material down from the course and practicing on your own machine. Both are great courses and if your newer to penetration testing I would say go with eCPPT. If you've been dabbling awhile and like pain, go for OSCP. This is all just from my experience! I would also just like to add in that I believe eLearnSecurity accepts payments, so if your budget is tight, this could be a great route. eLearnSecurity also still appears to have their 5% off the course for EH-NET members which can be redeemed here (http://www.elearnsecurity.com/eh.php).

I've heard CPT is a fun course. I actually think we have a couple members who have their CPT certifications that may be able to add on their input to help out. Incase they don't respond, here's a CPT review link below:
http://www.ethicalhacker.net/content/view/368/2/ (http://www.ethicalhacker.net/content/view/368/2/)

In regards to CEH and CPTE, I know CEH is more recognized in the industry but I also hear you can walk out of the course certified as a CEH, and not know how to penetrate systems. There are tons of CEHs on this board who could lend their opinions on the course. I asked Mile2 if their CPTE course prepares an individual for CEH and got a solid summarized response of, 'Yes'. It seems like if you take CPTE, you might as well sign up for the CEH exam. Maybe this will help you out http://mile2.com/articles/157-cpte-vs-ceh.html (http://mile2.com/articles/157-cpte-vs-ceh.html)

Companies are of course all for promoting their training over others. It's overall a competitive world and there's tons of great resources out there. Take everything in before deciding! (:

kris

I heard Offensive training is practical . if So then off course it is good one.

I'll tell you what I just told my friend about eCPPT:

I highly recommend the eCPPT, for the cost it is probably the best entry level web hacking course/certification.   if you want to get into web penetration testing, but don't have much knowledge or experience, take the course.  There are 3 sections to the eCPPT: web, network, and system security.  The system section is all Windows-based, so they'll teach you how to write drivers, rootkits and buffer overflow exploits for Windows, which is pretty cool, but if you're not into Windows, then that probably won't be very useful to you.  The web section, however, is awesome and I highly recommend it, provided you don't really have any web security experience.  If you already know how to perform advanced XSS and SQL Injection exploits, the eCPPT is probably not for you.  Also, the actual final exam for the eCPPT only really tests the section on web security.

Lastly, there is no time limit for when you need to take the eCPPT exam.  I went through all 3 sections in 5 months and then took the exam.

There's a 120 day limit now from when you start the course to when you need to start the exam.  I think you can request a 30 day extension if life has just been hectic for you, but 120 days is the initial limit these days.

I second (or third?) the eCPPT recommendation(s).

Kris has already linked to my course review of CPT by InfoSec Institute. If you still have any questions, please feel free to ask.


OSCP hasn't much market recognition either. However, it's a very practical course and does a good job in explaining the covered topics. You won't be a pentester after the course, but it does give you some of the foundations you'll need. If you have 7 years professional experience (in security?) as stated, it shouldn't be much of a problem to get through the OSCP course and exam.

He's already got the CISSP which pleases HR. OSCP will give you tangible skills that you can use as t pen tester. I found the CISSP got me through the HR filter, but the offensive security certs pleased the security people.

+1 for OSCP :)

Hello psimoes79,

As you observed, one of the big advantages of this forum is that most of the courses you've enquired about have been taken by one of its members, and you can find valuable and detailed feed back about each one.
If you want my answer for your question: shoot for a practical course. Forget about CEH, even if it has the advantage that most of HR knows about, I think that the rest of the courses have already started to show their heads on the market (especially OSCP).

However, choosing which one to take should be first based on your final goal: why do you want/need to take any of these courses? Personal development, job development, shooting for a new carrer?

You know the answer - having the CISSP none of them should be any problem for you, but you should see which one fits best on your desired path.

Hope this helps.

OSCP.

OSCP is becoming more recognized as a good course, but I think that would be dependent on the country you are based. For example if you are in the UK, courses like the TigerScheme training courses are good and you will get an industry recognized qualification, BUT as always money may be a factor when it comes to 'Bootcamp' style courses.

As I have completed my OSCP I found the course to be very enjoyable and very rewarding.
 
Good Luck

I agree with Sinco98 It depends where you are but The tiger scheme and Crest are expensive. I would go for OSCP as a few companies recognize it in th UK if you in the USA then I am not sure how well OSCP is recognize in the usa.

No one is going to kick down your door to hire you with an OSCP. I recommend getting an "HR Cert" so that you can get an interview and get in the door. It's likely that after you get into an interview there will be someone who knows and respects the OCSP/E

I think it really does depend I know some companies in UK who value OSCP more than CEH and look for that. The certs that really matter in UK are not cheap but doing a cert I think gives you a good talking point in the interview.

I mean  in the UK if you have CREST TL or the Tiger scheme alternative then you be fine or doing the CREST CRT or AST+QSTM are good but for the AST+QSTM you looking at around £1500-£2000 not sure the price of the CREST ones.