OffSec's PWB gets a lot of chatter on this site, so I'm glad we've been able to bring you this insider's look. I'm proud to be able to bring you this final installment which not only brings you an overview of the entire course but also dives into the exam process.

And since he was too modest to put it into his review, I'm going to give him the praise he deserves. Our very own Ryan Linn got a perfect score on the OSCP exam!! Mati Aharoni of OffSec now has a personal challenge out to Ryan to take CTP, Cracking the Perimeter, a course they describe as, "The most hardcore and intense penetration testing class you will ever take."

So the gauntlet has been thrown down. I don't know about you, but I'll take off my Editor hat and simply say that as a fan, that's a review I'd want to read.


Permanent link: [Article]-Final Course & Exam Review: Pen Testing with BackTrack


Don

Hats off to you, Ryan!  Awesome job, and the articles have been a great read!  Looking forward to scheduling myself in for v3, shortly.

Very impressive Ryan, way to go. Wonder if you can do it again.

Congrats Ryan! Interesting article. PWB seems well worth the time.

Installing BackTrack 4 now 

So can anyone with an internet connection take this course? And get the certificate if you pass the exam?

Excellent question.  I have updated my signature with my list of certifications, but unfortunately I don't have CEH.  I have only formulated thoughts based on what I know from other people and from reading the curriculum and browsing through the course materials. 

The CEH appears to be a mile wide and inch deep in some places, and a foot deep in others.  You will get a lot of exposure to the whole world of security, but very little of it will be deep enough on its own.  If you are brand new to computer security, then this course should give you a crash course in the things that you will need to know along the way.  My personal view on the course, having never taken it and only talked to others, is that this is the course that should tell you how much you don't know.   That is very valuable in that it's hard to figure out where to go until you know what information you don't know yet. 

The GCIH is a good starting point in my opinion.   This course is really 1/2 incident response, 1/2 pen testing.  The two are linked in my mind in that unless you really understand what is going on, it's hard to figure out what happened.  This course also provides a good Linux intro which will prove positive for any of the next courses you take.  Netcat, Nmap, Metasploit, and other tools are covered sufficiently that you should be able to go home and start exploring.  I already knew some coming into this class, but after this course I understood Nmap and Metasploit much better and started writing Nmap NSE scripts right after I left the course.

From here, there are 3 ways that you can go, and they each have separate benefits.  There are more than these 3 certs, but these are the ones I have so I feel like I can speak more authoritatively on them.

The GPEN starts off with the business side of pen testing and making sure you don't find yourself in trouble along the way.  The CEH covers some of the legal things as well, so the legal part isn't unique, but I think that this course does an excellent job of laying out things like scoping, requirements, business purpose and other things that are real world problems but people coming in may not think about as much.  This course goes a lot deeper into each of the different penetration testing stages and focuses on the goal of each stage and provides tools, thoughts, and some Ed Skoudis ninja skills  along the way.  You should walk out of this course of a better understanding of how to think about a pen test from a business standpoint, what types of recon you need to do, how to perform them, and a better understanding of many pen testing tools.  After this course, I went and wrote Metasploit modules and did some other fun things with Metasploit.  There is a final day capture the flag with good challenges for everyone and exposure to many technologies.

The GWAPT is the Web Application Pen Testing certification.  Many things are moving in the direction of the web and this course by Kevin Johnson of Inguardians addresses this new trend.  You should read my review of this course to find out more, but overall, if you want to get stronger in web stuff, this is the class.

The PWB/OSCP takes a different point of view.  It doesn't cover a lot of the business stuff, but instead takes the skill portion and really expands on it.  It's less formal than the SANS or EC-Council classes, but if you do well on the exam then I would think that's a good indication that you have skills that can be directly applied to network penetration testing.  It really focuses on, here are the steps, here are the tools, here is how you use the tools, and here is what you do with the output.  If you don't get those concepts by the end of the course, you will probably not do well on the final test.   The other area where this course concentrates on where the others really don't as much is explaining the how/what/why of exploit development.  This isn't something that most people will use in penetration tests.  The time when this is useful, and will really set someone apart is for some exploits you may have a working exploit that isn't written for your target platform, for instance Windows XP Home instead of Pro and you need to have it run on Pro, you should have the basic knowledge to know what you are looking for in order to make the changes to have it work.   You will probably even be able to do basic buffer overflow exploits without much problem, but you won't be able to do more of the advanced exploits.

Again, these are the certs/classes I've taken, so I can speak only to them.  Hopefully at this point you know what you will get out of each one.  I will say this, I learned a lot in each of these courses. 

I'm looking forward to taking the Cracking The Perimeter class.  My understanding is that the beginning of the next review may start off with "I have been defeated".  The informality of the PWB class made it incredible fun, and even though it was somewhat stressful, the OSCP was the most fun exam I have ever taken.  Most places you get multiple choice, with OSCP, there is no multiple choice, you either get it, or you have to try harder. 

Excellent job and well written!   
Congrats!

@ zeroflaw: break open that piggybank!

@ Ryan:

thanks for explaining the differences between the certificates. i must say according to my experience youre right about CEH, however it does cover some thinks like snort, so it isnt completely 100% offensive. i think CEH and GCIH will be pretty close information wise.

i really like the part you wrote about where to go next after CEH/GCIH. i believe web application will be hot in the next few years. the focus will be shifted from network/os to (web)application. maybe this is the best step after getting your basics.

you wrote you had prior knowledge about writing scripts for nmap and metasploit, and writing simple buffer overflows. how did this help in studying for OSCP? i'm trying to get a feel how technical you have to go for this cert. i have little knowledge of programming but understand the concepts of writing for example buffer overflows. i'm afraid my lack of (good) programming skills will slow me down during the training. what do you think?

last but not least: good luck with the CTP cert, although i think you will do just fine