Hey EthicalHacker,

It's been awhile since I've posted a topic here! I have recently come up on a decent amount of money and I plan on putting it towards my education. I am one of those IT guys caught between Programming and Pentesting; Can't decide which one I love more because I like them both. My ultimate dream is to do development for awhile then move into Penetration Testing (or even alternate in between the two of them). I am posting because I'm in a bit of a bind on where my path lies ahead and I'm wanting some advice on courses I should take.

GPEN looks great to me, I am considering the OnDemand course. I have always wanted to hold a GIAC certification because they're well respected (although pricey). Do any of you have experience taking the OnDemand version of the course? Does the fee include the certification take cost? I noticed the promo code on here which will save me $150.00, so that is great!  On an alternate end, I'm kind of thinking, I hold an OSCP certification. I've heard there's some information overlapping between GPEN and OSCP, is this necessarily true? If it is true, what path would you recommend going down to obtain the GPEN certification? Self Study?

Somewhere in my twisted brain, I kind of feel the desire for pain - I've had my thoughts on considering doing Offensive-Security's CTP course. If I would be able to become OSCE certified I would feel like someone at the top of their pen test game! I am just kind of skeptic whether I have the skills to go in to the lion's den almost blindfolded, and expect not to get bitten. Surely I have endured til the end in my PWB adventure, but I hear CTP is a whole new level of pain. What are your guys thoughts on me considering this?

And then lastly, for some odd reason I feel the need to want to officially fit in. I never thought it would be on my mind, but obtaining the CEH just to stick it on my resume does not sound like a bad thought to me. I am considering online training for all of these, and would like to hear some of your guys experience taking the training for CEH online (or self-study). Is this certification all that it is hyped up to be? I haven't heard many positive experience on folks who have taken v7 on here.

Anyway, I have an open mind, and money to spend, have CEH, OSCE, and GPEN on my mind. I may just say, "Bring them all on", but i wanted to hear your guys thoughts on what I should go after. If you think I should tackle them all, feel free to list off the order!

Hope to hear from you all!

Cheers,

Kris

Nice. Good response hit monkey, you just confirmed it for me. I didn't know OSCP covered 90% of it. This is good information and has me thinking I wish I would've known that when I did PWB last year. I might as well just go over all of the videos in PWB and just pay for the exam like you mentioned. Exploit Development sounds hard, I personally don't know any ASM but got a good introduction to registers n such in the PWB course. I suppose my path should be: GPEN -> OSCE, obtain CEH maybe in between or after taking CTP. Good information here. It'd just be my luck if my test consisted of nothing but tons of laws and Windows Tools. Thanks!

Not a bad idea mesho.

Another very, very good course I had the chance to take last May in Dallas was "Advanced Penetration Testing" with Joe McCray from CAST. There, you learn how to hack into Windows 7 fully patch and things like that.

I highly recommend it.

I've decided to kind've combine both of your ideas into one. I've purchased the exam voucher for the GPEN. Apparently it comes with 2 practice tests and the final exam. I'm going to spend time reviewing my OSCP material, and studying some Hacking Laws, plus some of the things Dark_Knight mentioned, then start taking the exams. Taking Sec 660 then 710 sounds like it would definitely prepare me enough to go into CTP very comfortably. Appreciate your responses guys. I'm going to put my head into this material and try one of the practice tests within a week or two.

Cheers,

Kris

Wow this actually covers from stuff i am going through right now.

I am scheduled for the CISA in Dec. I wanted to complete a cert in the mean time by end of Oct. then study for the CISA. As I just completed the GPEN, I am up in the air as to if i should do the GWAPT or the OSCP.

P.S. I am also going back to school for my masters in Jan. I will be talking web app development which may compliment the GWAPT

Should i do my OSCP now. then cisa and Gwapt in jan or should i do the gwapt then CISA and OSCP?

H1t M0nk3y ++1

OSCP IT IS!

Hello E-H!

Just wanted to keep everyone up-to-date with my progress! I officially was enrolled into OSWP on the 18th, and went through the course within a couple of days. The course isn't nearly as lengthy as PWB. A couple days later I actually sent in challenge request date which happened to be today and I already took my OSWP certification exam. I was able to successfully obtain all the keys and have sent in my results, just awaiting official decision right now.

Had a blast in the class! My aunt loaned me her router, I've had an Alfa card for a couple years now. I had always used point-n-click tools to break into my AP, but now can successfully say I've dabbled in the command-line arts for getting my wifu on. I felt the class really gave a good introduction to the aircrack-ng suite and I may possibly leave a review of it here shortly. Some may think between the amount of time I enrolled versus when I scheduled my exam was pretty quick (less than 1 week of being enrolled in the course), but I actually dedicated a lot of time breaking into my router with various configurations, and wrote down well over 5 pages of notes! It's tons of practice, practice, practice! I definitely picked up on a good amount it makes me wonder how this course stacks up against SANS GAWN course.

Kris