EH-Net

Offensive Security finally added an accompanying certification to their Advanced Windows Exploitation (AWE) course, called Offensive Security Exploitation Expert (OSEE).

More info is available here (http://www.offensive-security.com/offsec/announcing-the-awe-osee-certification/) and here (http://www.offensive-security.com/information-security-training/advanced-windows-exploitation/).

WOW more pain.  Pretty cool.  It looks like they are coming out with a web app course in February too.

http://www.offensive-security.com/information-security-training/advanced-web-attack-and-exploitation/ (http://www.offensive-security.com/information-security-training/advanced-web-attack-and-exploitation/)

As much as I love their courses (about to sign up for OSCE,) I can't swing that price (the web app one.)  Will wait until that one eventually (hopefully) comes out self-study, as well...

AWESOME. Time to convince employer.

Hmmmm, one year too late for the web one.
I did GWAPT last year and  I cannot justify two courses for the same subject.

Maybe I'll do the online version, when it will become available.

But... I still have a lot to fight with OSCP and the others.

I love offensive security certs!!

Damn, I wish the web cert was a little cheaper than GWAPT.  Considering it looks to be the same price, I'd probably just go for GWAPT.

The reason that and the windows exploitation course are so expensive is because they are live/in-person courses. As Hayabusa mentioned, hopefully they come up with self-study versions that have prices that are in line with the other self-study courses.

I'd take Offensive's course over GWAPT, any day.  There's something to be said for being challenged by hands-on exams at the end, and while I know the GIAC certs are recognized and Kevin Johnson is a wiz (mad props, and I'd love to sit under him for a class, or even lunch  :P ,) muts and company just always step up and outdo the competition with their courses and labs.

I'd do both if I could, but if I could only (even get lucky enough to) do one, I'd gamble on Offsec.

Interesting from Offensive course, I remember Securitytube would also be launching Webapp security certification sometime this year... Got to wait and see... :P

Personally, I'm torn. The other side of the equation is that SANS/GIAC is more broadly marketable. People who are in-the-know likely respect OffSec a bit more (for the reasons you mentioned, and that I agree with), but at the same time, you often need to get past HR filters and a non-technical crowd first. If that wasn't there case, there'd probably only be six CISSPs :P

Well, as the quote said (where you quoted me,) I know GIAC is more 'recognized'   :)

So I think we agree.  It depends on your reasoning.  If you want it for a resume or need to bypass HR, then yeah, I see GWAPT.  But if it's personal, and you're in it for the experience factor, I lean to OffSec.

And I'm not even going to discuss CISSP...  I don't have it, mostly because I don't need it, but a LOT of CISSP's (that I know personally) can 'talk the talk' based on book knowledge, so they passed the cert. But put them in real-world and they can't cut it.  I respect the cert, for it's knowledge and info, but again, it's always based on the end-person.  I've considered going after it a few times, but it's a lot of time and study that I don't have, for something that isn't going to buy me, personally, anything, at this juncture.  So who knows, maybe someday, when I'm bored and have some time... who knows.


<Edit- Again, don't take my post as condemning CISSP.  Just saying, there's proper need for it, but that it's like any other cert in paper...  You can learn it, but application is another thing, and results of THAT are based on the student(s) in question.>

shame the web app will online be live :(

Question for the seasoned pentesters:

Do you really need the advanced windows exploitations skills on your day to day job? Some of the managers I know will just say "Well this is too advanced,... this in the internal network.... "

 8) ??? ::)

If you don't want to be a bad ass then no! I think bug hunting is fun and how much more value could you possibly bring your client if you find an 0 day to pwn them with?

Just an FYI, for those wondering what a live class with the OffSec guys is like, heres a review (PWB) I believe by Johny Long. Its a 5 part review, so u can change the url as needed.

http://www.offensive-security.com/offsec/pwb-in-the-caribbean-part-1/

++1  ;)

this is great news! i am very interested in the web application course, which is right up my alley! heck, id even pay for it myself if my employer does not chip in! i hope they release the course outline soon, i am guessing it will be pretty hardcore. (as i am typting this i get some mixed feelings, am i really ready to torture myself again? :D)

The syllabus for AWE is available here (http://www.offensive-security.com/documentation/advanced-windows-exploitation.pdf).
The syllabus for AWAE is available here (http://www.offensive-security.com/documentation/awae-syllabus.pdf).

it would be so cool if the web one was online but I do think PWB is my next course even if i have to sell my soul to pay for it....

OMG, great and bad news at the same time :(

i wish to take the AWE and the Web Expert courses online but sadly they don't offer it!

we need to protest to offer the courses online and i assure a lot of folks will register for the course and offsec guys will be happy and gain more moneys.

the only reason that i can't attend the AWE it's because the location for the course far from me 10000s miles can't afford the course price nor the flight.

 :-[

 I understand why both are live courses right now.

Reading the AWE description, it's deep enough that it should be instructor led.  I'm sure even the best folks have lots of questions, best asked in person.

As for the Web Expert class, it's new, and they probably want to guage how well folks do, and refine it a little, before considering whether or not to go to web-based / e-learning.  Plus, for both courses, it lets them stay current with new and emerging threats, rather than having to change it up frequently, as they can quickly add a new threat model into planning for live sessions, rather than recordings.

(That said, I still hope they go to an e-learning version, at least for the Web Expert, at some point in the future... ;D)

Yah be it be wicked if they made the web one online as it looks amazing

You are probably right, but i think a web app online course would be an instant hit!

@aweSEC: thanks! (missed it somehow?). and no surprise, its impressice!

Really gonna be looking forward to the course. A couple of my colleagues actually asked me what there is for learning app sec and demonstrating knowledge.