Congrats Hit Monkey. I'm impressed that you're right back into it.

After my OSCP experience, I had to take a few months off to decompress. Did nothing but play games and catch up on TV/movies.

I can't comment on the eLearn/Dojo courses since I haven't taken them (although, I have the same concerns as you re. Dojo based on recent posts).

Sounds like your skill level is beyond EC Council's CEH course - which I have taken - so I'd strike them off your list. Personally, I'd put off the OSCP until you have some more formal training under your belt.

Thanks for the congratulations everyone.

I've got an established career as a programmer and never intended going the pentest route. Switching careers & starting over both in pay and seniority was never a consideration. My company encourages us to not only update but diversify our skills (cue ajohnson's sig) so when several coworkers suggested OSCP I thought, "Hey, that sounds cool!" And since they were paying...what the heck, right?

Along those lines, my time in CEH & OSCP has already helped me in my current job. I have not only picked up a different skill set(virtualization, Linux, Python, networking, Wireshark, et al), I think I'm a better programmer now. At least, I'm a more security-minded programmer not to mention a more paranoid computer user.

Again, if they're anything like the OSCP - I can't. I just can't do that to my wife/kids again; especially when it's not inline with my current career. I could justify it if I was a pentester, but not for something that amounts to a hobby/outside interest.

When it comes time to take another class/cert, I might try SANS. I have zero interest in CISSP - no offense to any here but it sounds boring. Or I might go an entirely different route, something unrelated to infosec.

One thing I'd like to add regarding the labs - I cracked most of the student labs and roughly half of the IT/Dev machines. I did not get a chance to get any of the admin machines. My point being that breaking into 100% of the network is not a prereq for passing the exam.

Well, I passed. And when I got my e-mail my first thought was...THANK GOD IT'S OVER!

I'd read a slew of reviews about the course before signing up but what I read and tried to prepare myself for just did not match the reality. Sure, there's a ton out there warning that this course requires a ton of extra work, self study, and is intense, etc. But really, does "Getting shot really hurts" or "Rectal examinations are really uncomfortable" adequately describe the real thing?

I spent a couple of months working through the labs. I work full time so almost every minute I wasn't at work was spent on my computer, in the labs. Weekday evenings? OSCP. Weekends? OSCP. Kid's activities? Sometimes. House maintenance? Television? HA! OSCP was present in damn near every waking moment of my life. As I waited for my exam day, I looked forward to getting my life back.


The OSCP doesn't so much teach you as it tests you. Based on my experience, I would say that OSCP was 50% instruction, 45% learn on your own, 5% getting hints from other students. Something that occurs to me is that most books I've used to learn the subject matter are high on content but low on the ability to apply/practice that knowledge. That is, most of them gave me a wealth of info/techniques but no practical/legal way to practice. OSCP is the opposite. You have a great playground but need to find/develop the info/techniques yourself.

I learned a ton. Enough to make my eyeballs explode out of my head; I can thank Offsec for that. I can also say that there's room for improvement. (I am kind of surprised there was no student feedback form after my lab/exam, I thought that was pretty standard for most courses/certs.) Anyway, there are so many positive reviews out there, 99% probably, so my review points out things that I didn't like or think need improvement. For that reason, it may come across as overly negative and/or critical but I want to state unequivacably that this is not a bad cert. IMHO, it's just not for everyone. 

This cert was particularly challenging for me because I'm not a pentester and this is only my second security cert (the other being CEH). I do have a lot of coding experience and have worked with/around computers since graduating college but I had to work my ass off for the OSCP. Anyway, for someone looking at the OSCP for the first time, there are tons of positive reviews out there, don't base your opinion on my experience, check the others out.


ENTRY-LEVEL REDEFINED
-----------------------------------

I pulled this from the OffSec website:

I think when most people hear "entry level" they think of their grade school algebra course, or beginning physics, or something similar. For me, the OSCP was about as entry level as Calculus & Quantum Mechanics are entry level mathematics & physics. Really, the first clue should be: 24 hour exam. I initially thought this course was for the neophyte pentester, someone who wanted to break into the field. However, as I progressed through the material and labs, I started to wonder. On one hand, much of the material and some of the lab machines require experience/knowledge far beyond what it provided by the training. Conversely, in other cases the instructions seem very much geared toward a novice pentester and were presented in a very simplistic, detailed, and easy to follow manner. Again, and I'll probably repeat this many times, a pentester might have looked at stuff I struggled with and said, "Everyone knows THAT!!!!"

For an entry level course, the OSCP is decidedly uneven, instructionally speaking. Initially it starts out very basic going so far as to tell you how to start an FTP server. Progress through the buffer overflow section is equally precise and easy to follow. One big help is your own box to experiment on, one not accessible by anyone but the student. That way if something doesn't work, you can rule out another student or leftover exploits. However in the latter modules, the instructional quality falls off dramatically as does the ability to practice techniques using the XP client you're provided. For example, the port forwarding section isn't covered well at all and you're given no ability to practice outside of the student lab machines.

Next, while the course covers most of the stages of penetration testing individually, it's up to the student to put them together. This means the student has to feel his way though the labs on his own. The danger in this is that the student may be learning things in a less than correct manner. Maybe it's just me, but "I learned most of what I know on my own through blogs and wikipedia," is NOT what I want to hear from my doctor or financial planner.   


THE LABS
-----------------------------------

The labs are the shining part of this cert. A veritable playground where you can hone your skills without fear of the FBI or other law enforcement agency banging down your door. It's easy to freeze a service or machine as you sling exploits at it and being able to revert a particular server to its original state was critical. I wish that we were given more than 6 reverts in a 24 hour period. One thing I discovered while rooting boxes is that other students failed to clean up after themselves. So I'd get on a box and discover left over exploits or services open that weren't intentionally left open. So I got into the habit of reverting a box before I started to really work on it. Problem was, if I used a revert or two on it as I worked it (easy to do on some of the more fragile services), I'd be out of reverts in no time.

Another problem I had with the labs was that there was no clear route to what is attainable at a given stage. Realistically, most working folk will probably only be able to complete 1-2 modules per week. So your average student will be able to start getting shells and rooting machines by the 3rd week or so. So I'm banging my head against one machine - you know "Try Harder" - for hours, days even, only to find out (thanks to a helpful student on IRC) that I'm not going to be able to get that machine until I get through module X. Great.

Also some of the servers seemed spookily unaligned with a 101 class. Say you're in Algebra 101 and at the end of Chapter 5 they tell you to do the exercises but, by the way, to make things challenging, we threw in some Geometry, Trig, & Calculus questions. Good luck! The big problem is that you don't know if the machine you're banging your head on is an Algebra question or a Calculus one. Try Harder will likely not cut it either. I can throw a 5th grader a Quantum physics question and tell him Try Harder all day but it ain't going to cut it.

The training also lacks a full on end to end example. You're given the basics of each fundamental step of the process (scanning, enumeration, etc) but never given a run through of the getting into a box, why this exploit was chosen over that one, why this payload did work while that one didn't, etc, etc. Unfortunately, what ended up happening with me, at least initially, is point-shoot-miss, point-shoot-miss, point-shoot-hit. Battleship anyone?


THE MATERIAL
-----------------------------------

The Muts videos were excellent. The problem I had was that they often were used to supplement the PDF rather than complement it. Early on, I found holes in the manual that cost me hours, only to find out that the video got it right. I find it easier to reference a manual than a slew of videos so I wish the manual were a bit more thorough and the videos were used to add that extra bit rather than fill in the gaps.

I was disappointed by the number of errors in the lab manual. For example the manual is all about using Ollydbg but in the exercise lab provided, it's Immunity Debug. Are they similar/same? Yes. But for the amount of money it costs, is it too much to ask for updated screen shots in a PDF? I could see if they referenced a tool from BT 4 that changed in BT 5 or if we were shipped a printed manual...but a PDF? Case in point, a line of python code from the book:
And the (supposed) corresponding output:
Doesn't take a programming genius to see there's something not right here. These admittedly minor quibbles are quality control issues that I wouldn't even bring up if it were a $30-$50 textbook, but for a $800 class? One thing that could alieviate these issues is if Offsec were to implement system where students/instructors could post errata to the manual/videos. Might save some questions in the IRC as well.


WHAT SAVED ME
-----------------------------------

As I've repeated over and over, I'm not a pentest professional and a lot of networking concepts were foreign to me. What I did have going for me was a strong programming background. I think that's the key to getting through this course and the exam: being strong in a key discipline. It doesn't necessarily have to be programming or networking or pentesting. But if you just learned that python wasn't just a big snake, Bourne Shell isn't the name of the next Ludlum movie, and SQL isn't someone's misspelling of a movie follow-on...Pain X 1000.

I cringe when I read posts/hear from people who think that OSCP is Intro to Hacking where they will come out like Neo or the guy in Swordfish. Again, this is largely a self-taught class that requires you to learn so much on your own, primarily using the web as a resource.

Another thing that helped me was having taken the CEH. While I'm the first to point out the negatives of CEH, it did at least introduce me to some of the basic points of the field. I'd recommend anyone taking this course to at least get a Intro to Ethical HAcking book first.


COST
-----------------------------------

No, not the $$. I'm talking about the personal toll this class took on me and my family. (Again, a pentester probably wouldn't have to devote as much time, so my experience might have been on the extreme side.)

I'm normally pretty active, but at the end of this cert I'd gained 6-7 lbs. Not surprising since weeknights and weekends were spent in front of the computer and when it came to eating I'd typically shove whatever was handy down my piehole. Who has time to cook? Did I mention I was spending 20+ hours a week on this cert? Also, midway through, I started to break out and developed a cold due largely to the aforementioned eating habits & inactivity coupled with loss of sleep, and stress. Obviously my work suffered - when you're staying up until 1 or 2 AM working a server or waking up at 3 - 4 AM thinking about a server...concentrating on your day job is difficult.

Because I found it impossible to concentrate with the usual household noises, I had to closet myself in my office at home. So for more than 2 months, I barely saw much less spoke to my family. When my folks would call, I was usually distracted, tired, and/or busy. Family get-togethers, weekend BBqs? Ha, don't make me laugh. And when they did see me, I was often grumpy from lack of sleep or frustration. Of course this all did not make the spousal unit happy. You can only say, "It'll be over soon" so many times. 

I have to give my spouse & kids credit - they were very understanding and supportive. But there were of course several times when being ignored for several months caused some spousal tension. More than once, pleas for attention from the wife turned decidedly frosty when met with, "Hold on, I've almost got this server." And there's no guilt trip like having your kids tell you, "Daddy, we miss you" and your wife say, "I want my husband back"...I owe them - my wife in particular - big time. 



POST MORTEM
-----------------------------------

The challenge in any course is finding the right balance between hand holding and letting the student work things out for themselves.

spoon feed <--------------------------------------> here's the book, exam in 8 weeks, later!

I think most people will agree that the OSCP falls closer to the right than the left.

IMHO, too much to the left doesn't benefit the student because you're not engaging any brain cells. Too much to the right...there's more of a chance that a key concept or skill is overlooked. Let me clarify that.

For me, figuring stuff out on my own improves my retention; it does not equate to learning "better", i.e. a thorough understanding. I think getting trained by an expert typically beats the learn on your own method. Whatever I did in the labs, I know there are probably easier or more efficient methods, things I didn't think of. There are a couple of services that I was never able to crack...does this mean they just weren't vulnerable or did I miss something? No idea. 

I once missed a week in my college statistics class and ended up having to teach myself a chapter over a weekend. What I discovered the next week was that assumpions I had made (or divined), even though I got the right answer, ranged between inefficient and incorrect...thankfully, there was an instructor there to correct my shortcomings. This is why I feel the OSCP wasn't an ideal fit for me.

Learning any skill can be made difficult; I could make learning the alphabet difficult. And none of what I learned in the OSCP (either from the materials or on my own) qualifies as rocket science. But the amount of training is nowhere near what I needed in the labs - I estimate I got less than 50% of what I needed for the lab machines. I personally think a little more instructional information ("Try harder" does not qualify) would improve the quality of the student. Not only that, it might result in an increase in enrollment.

It would be interesting to find out what percentage of OSCPers take the OSCE/EE. My guess is it's around 15% but wouldn't be surprised if it was actually < 10%. Based on my canvasing of OSCPs at work, 1 in 8 (and he was a maybe) would consider the OSCE due to the impact it takes on the individual, his family, time, personal life, work...all of the above. Most give me an unequivicable "NO" (usually preceded with "H3ll" and "F@cking") re. OSCE or higher. The irony here is that the very thing that makes the OSCP so sought after also seems stunt enrollment in the other courses.

I am still interested in ethical hacking but count myself in the "Hell No" category when it comes to continuing the Offsec curriculum. Personally, I prefer something closer to "taught" than "tested". I want something where core concepts/methodology are stressed and there's more of a balance between spoonfed & "you're on your own". Until then, I can teach myself using the web/blogs/books/sites (like EH.net)...just like I did with the OSCP (only minus the labs.) So unless there's a pervasive reason to obtain the cert - Maserati/G6/magic genie - I can't justify putting myself much less my family through another round.

Just my opinion - but if you can get conversant in any of the scripting languages (Python, Bash, Perl, PHP, etc) moving from one to another, as DK suggested, isn't that much of a leap. If you're completely new to programming, I'd personally stick with Python. Get yourself a starter book or something that has a exercises and go through the entire book (or as much of it as you can). I'm not talking about the reference type of books, I never found them to be much good at learning a new language.

One thing about your "hoping the course presents these concepts well" remark - don't count on Offsec to teach you fundamentals (Python, Bash, SQL, etc). You'll have to pick up A LOT on your own.

For the OSCP - I felt the ratio of C/Python exploits was pretty even. I didn't use a single ruby exploit outside of what was in the metasploit framework. Having a strong background in C really helped me when it came to looking at other people's C code but you might be able to get by with just python.

I think you'll end up picking up C & Bash either way. But if you're at a point where you have to pick/choose, I'd put learning assembly at the bottom of the list.

I don't think anyone explicitly said you don't have that right. They've just pointed out cases where people don't get a refund.

No Refund: car, house, University class,...the list goes on.
Refund/Credit: Amazon.com, book stores, insurance policy, magazine subscription,...the list goes on.

Again, stay cool. While I've never had any personal dealings with Thomas, from his posts, he seems like an okay guy and someone who's generally interested in building his course. Remember, try to find out what HackingDojo's refund policy is. I wouldn't mind seeing it posted here if it exists.

Obviously there's a misunderstanding/miscommunication here. Regardless, there's an unhappy customer who's paid a significant amount of money for a product he's not happy with. He's not asking for all his money back, only the part he hasn't spent and doesn't intend to use. To me, that seems fair.

I also think the University analogy is not quite accurate here. Typically, a "subscription" comes with the ability to cancel, similar to a magazine, ISP, or a slew of other month-to-month items.

IMHO, HackingDojo is better served if Yet is given at least a partial refund and both parties walk away at least partly satisfied/dissatisfied. The rationale is that this kind of negative press could end up costing HackingDojo far more than the $1k they "lose".

Yet - I recommend you check out the site and see what the refund policy is (assuming there is one). Whenever I make a purchase I find out what the store's (online or brick/mortar) policy is. If they have a strict no refund policy, I typically take my business elsewhere. I do advise that you try to not to get too inflamed. Wait for Thomas to get back to you and see what you two can work out. Getting angry and getting the other guy angry just causes a stalemate. Good luck.

Update - I should caveat my post by saying that I am unfamiliar with HackingDojo and it's setup.

I was confused by your post at first because I have a WRT160N v2 which is vulnerable and isn't (last time I checked) compatible with DD-WRT or Tomato. Then I realized that you were referring to DD-WRT.

To clarify, any Linksys/Cisco router that is capable of running DD-WRT or Tomato is not vulnerable to Reaver because these firmware versions do not support WPS. It's the open-source firmware (DD-WRT/Tomato), not the stock firmware that comes with the router, that is safe. 

http://www6.nohold.net/Cisco2/ukp.aspx?vw=1&articleid=25154
It's been a while since I checked the above link - hasn't changed much since the beginning of the year. Clearly Linksys/Cisco is saying "SOL" to most of the owners on that list with older hardware. I'll likely never buy a Cisco/Linksys router again because of this.

Well heck, now I'm interested too!!!!

sternone

I completely empathize with you re. the port forwarding section. When I went through it I was similarly confused/disappointed by the lack of content.

However, the later sections aren't like this. Keep going - it gets better.

Well, I'll have to spend some serious time sanitizing it first. Right now it's about 50% profanity. 

"Many"? I have yet to find one!

But I totally agree with the idea that the overwhelmingly positive reviews are attributable to the exam "high". That is why I started a journal similar to sternone's. I want to remember these issues if/when I write a review because they need to be stated. Hopefully Offsec will take steps to improve the quality of their manual.

Anyway, thanks for the words of encouragement. Regardless if I pass or not, I have learned a ton through the course (and on my own).


Most are quality control issues:
You can control the Apache server by using either the apachectl2 start / stop
It's actually "apache2ctl"

And here's a code example:
print “Fuzzing ” + command + " with length:" +str(len(string))
And on the next page, its output:
Fuzzing MKD:1
Fuzzing MKD:20
Doesn't take a programming guru to see one doesn't match the other. Again, very benign examples which hardly caused a hiccup.

The manual is far and away my biggest complaint. There are errors in it which detract from the overall polish of the course. Not anywhere near as bad as CEH's but still. Some of the errors were small, like *this* code not matching *that* output. But there were some that were enough to throw me off for an hour or so. I could see how it would be difficult to regularly update the videos, but a PDF? Also, I don't expect them to have the latest BT R# syntax/path/etc in the manual, that'd be ridiculous, but couldn't there at least be some form of errata? My suggestion would be to create a web page where students could submit errata which the offsec folks could then confirm. OSCP students are the best people to review the material.

And while the videos are great, I'm disappointed that they serve to supplement the manual rather than complement it. If I'm trying to look something up, a printed manual is much easier than scanning through multiple video segments.

Instructionally, some modules were great, others, not so much. The BoF module was excellent. Muts stepped through each item in the process methodically. That was followed by an exercise where you could practice this on your XP Client. Conversely, the port forwarding module - critical to the back labs - amounted to "here's some cool things...try out whatever you can on whatever lab machine you think it might work on."

I've learned enough in this class to make my head explode but I can't understand why I see not even a slightly negative review. Maybe it's just me having a low tolerance for errors in manuals. I don't want to come across as completely knocking this class. I'm not. But like I said, there is room for improvement.

At the risk of being branded for heresy, I have to say this...I don't understand the overwhelmingly positive reviews of the OSCP. IMHO, the OSCP training is far from perfect - there is plenty of room for improvement.

I've finished the core modules of the OSCP and am working through the labs at the moment. I would have to say that, instructionally speaking, the quality level could best be described as uneven. There are some excellent modules (BoFs to name one) but there are also some modules that fall short.