Hi,

I am trying to get ready for the OSCP course and certification. I have a pretty good idea what the course is about. But before registering for the course, I was thinking of playing more with the basic tools (Metasploit and many tools found in Backtrack), so I could get the most of the OSCP course material.

I have hacked the first two De-Ice live cds in my lab and I would like to hack all the other challenges (remaining De-Ice and Hackerdemia live cds) that I can find before I start the course. This way, I could get the most of the course.

If you have done OSCP, would you say it's a good idea or the course really gives you all you need?

Thanks

I've not taken it myself, yet, and it's on my list for the near future.   But I do know someone who did, and saw some of his training material, when discussing with him one day.  From what I saw and heard, the materials muts has provided in the training videos should pretty well cover you, so long as you do spend some time on your own (in their lab, or in yours) with the tools, etc, I think you'll be able to pass.  That said, if you really haven't spent a lot of time with BackTrack, previously, then you might be well served to play with it a little bit more, before scheduling, just to make sure that when you use the lab time with the course, you get the most for your money.

My 2 cents, anyway.  I'm hoping to schedule the course, myself, in the next few weeks, so I'll let you know my official thoughts when I take it, and I'm sure others on here can comment, as well.

Good luck, and let us know YOUR thoughts, when you go through it, too.

Look this link where some people that are taking the training:

http://www.techexams.net/forums/security-certifications/50001-oscp.html

Simply due to the nature of my current position, I already plan, if I go for it, to take the 60-day.  I just don't know that, with all of my work interruptions, 30-day would be comfortable.  Am I confident I could do it in 30?  Yeah, probably, if I busted my backside, around my schedule.  But with all my other prerogatives and priorities, I feel safer having that extra pad in the 60-day.

I'd suggest if you have the required experience for the course, just sign up. It took two friends to get me to enroll as I kept working out new excuse to put it off. Jumping in to the deep end sharpens the mind wonderfully to stay alive :-)

To give you a feel of my experience, I took the sixty days as I knew real world life would knock about any study plans I had before hand. I managed to read through the 400 page pdf a couple of times in the first week to get a feel of the course. There's a lot of diagrams, scripts and double spacing so don't worry about the page numbers. It's the content that's the killer ;-)

The material absolutely teaches what you need to do to complete the exercises and use the tools. The extra mile challenges are designed to make you go outside of the course book and discover and learn for yourself.

I had to go off an improve my limited python skills pretty quickly, just so I could understand how to complete some of the exercises more effectively, as an example.

Try to spend as much time working through the training, aim for an hour a day or seven hours a week. That should roughly mean you'll be at the end of the course work by a month and have a month to play with the labs. Lab time is where you get to test out the tools by running through the exercises.

In my humble opinion, the real value of the PWB course is making you go beyond the material by learning and finding your own answers. I got a great deal of the course and exam due to the training pushed me to look further than the pages of the book for answers.

Hope that's of some help.

Thanks for the answers!

I have already asked people at Offensive Security and you can buy extra lab time for $200/month.

But I will follow your advise What90 and I will take the 60 days. I also agree with you that a certification is not about getting a piece of paper, but the process of acquiring it. I was talking to a friend recently and we realized that studying for a certification makes you learn useful stuff that you wouldn't have looked at otherwise (mainly for lack of interest). But having a broad understanding of your field makes you a better security professional.

All that to say my goal is to do all exercises. I am paying this course from my own pocket and I certainly want to get the most out of it.

So my next question: did some of you complete all the extra exercises?

Thanks again for all your comments!

I managed to get through all the extra mile challenges and all the other exercises. All within the sixty days.

If you can, get a friend to sign up with you. Having someone to bounce ideas and questions off is remarkably helpful. The IRC channel is good, but having someone you can talk over the details really helped push me to get the exercises done and understand them. Friendly competition to complete the labs first is a great motivator

Thanks for your experience and info, What90.  Always nice to hear input from others.  I'm really looking foward to it, and hoping to have funding (from work) within the week.  If not, I'll likely go ahead and fund myself.  Well worth it, from all I've seen and heard.