A/ Yes, I'm talking about Offensive not really having or using any course material explaining in 'debt' to let your learn the material. I don't need them to write a 20000 pages book, I would expect them to tell me what to read. But even that is : "try harder"

Was there a B coming up ? Let me give you one :

B/ Because I'm out there looking for material I come across all kind of sources wasting days of valuable time, I don't see what the use is of this.

This is a big warning for people want to jump in the OSCP course. It's absolutely not for newbies. Basic linux and programming adminstrating skills won't do it here. You need to study much more before attempting it. Otherwise you could be left out frustrated.

I'm venting what I want here in here, I started this thread not to get people into buying the OSCP lab, I started this lab to explain my findings with this course.

While I have not taken the OSCP curriculum, I have done a lot of other training. My biggest complaint is being spoonfed material. It makes for an easy and fun class but it's not helpful. When I encounter systems in the real world there is rarely a ready howto that takes into account all the avenues of attack for that system or one that addresses the unique contextual environment of that system. It is for this reason that I intend for OSCP to be one of my next certifications.

There are plenty of certified pentesters that don't know how to do more than run automated tools. What you are complaining about is in my opinion the defining characteristic for the OSCP and why it is so well respected in the community. If it is giving you that much heartburn, then perhaps you are pursuing the wrong career path. Pentesting is 60% research, 30% writing reports and only about 10% actual exploitation/post exploitation. (OK my percentages may be a little off but you get the point) If you do not enjoy research then you may want to rethink your career choices.

*edit* After re-reading this post it appears I am bashing other training providers. That's not entirely the case but wanted to clarify here. I highly value the SANS training I've attended, and will usually use them as the defacto technical security training for any of my new hires. But there's no denying you don't work as hard for the material. My style of learning is such that anything that causes me significant pain tend to remain in my brain longer.

It sounds like the core issue here is that there is a significant disparity between the course and your expectations of what the course should be.

Additionally, I think a lot of us are confused by your "warnings" since everything you're saying is public knowledge. In terms of the labs and exam, yes, you need to supplement the course with tons of outside resources. Yes, it's going to be an excruciating experience that you're going to have to struggle through on your own. Yes, you may be required to make several attempts to pass the exam. None of this is a secret.

Keep in mind, it is entirely possible to get through the course (PDF/videos) with basic Linux/Windows/programming/networking experience. This will net you the CPEs, general knowledge, and/or whatever else you were hoping to get out of the course. They also make the complete syllabus available on the course page, so you can review that and brush up on any weak areas ahead of time.

Completely owning the lab networks and passing the exam is an entirely different matter, and doing so will require a great deal of perseverance on your part. This challenge is exactly why the PWB/OSCP experience is viewed as favorably as it is, and why the certification is as highly respected.

How much did you research the course before taking the plunge? All of this is clearly detailed in nearly every related post in these forums and reviews on the various blogs I've seen (OffSec even links to two of them on the OSCP page). I don't understand why you're so surprised to find the course as it is.

It seems that ajohnson and I are on the same page, as our posts hit, simultaneously...

:-)

I'm blown away by the amount of time you need to put into of 'figuring out' what to learn on yourself and what pisses me off the most is that they don't give you the source where to find correct information.

That is offensive's choice and their responsibility. I'm just frustrated and have to undergo it.

I have read about other people complaining about this very matter.

Did I learned ? Hell yeah i did. Would be strange if I wouldn't by putting so far approximately more than 150 hours of my time in it. Is it enough what they give me ? NO AND THAT'S WHAT I'M COMPLAINING ABOUT. I have a feeling I'm on 30% of what I need to know. So my guestimate would be that a person should be ready to put around 400 to 500 hours of study time in this course to achieve the rating.

From my experience it takes about double the time to achieve an OSCP rating compared to get a Cisco CCNA rating.

I did not complain about paying, i did not complain about the quality of their labs, why do you put this in my mouth ?

What you guys do now, stating that hey, you know what, that's just your own fault, deal with it, you should be smart enough before, and why are you so stupid to even start this course since you're not a great pentester yet, is absolutely not in line with what their marketing material states. It states clearly that you if you have knowledge of linux and scripting you should be fine.

I will tell you: you're not.

Well I will deal with it. No problem.  But not without posting about it in this thread about 'my OSCP journey'.

Don't like what you read ? move on, there's other nice stuff on this forum that's in line with your dogmas.

So now I have heard so far:
1. It's your own problem, you should be smarter before, even much smarter than we write on our marketing material
2. You only do it to get adored, maybe I need a shrink ? People making the effort to post on forums only do it because they have to prove something to the world. Is it a phallus problem maybe ?
3. I'm not reading you anymore because you're not drinking the cool aid, and that's your own fault too.
4. Hey, real pentesting is even harder, why should we have to learn you even more ? Figure it out for yourself dude!

* TRY HARDER AND SHUT UP *

Ok guys. I get it.

The requirements are meant as the things you need to know to get started with the course - not the requirements to pass the exam. You should increase your knowledge throughout the course, so that eventually you can pass the exam.

So to get to take the OSCP, you have to first take Penetration Testing with BackTrack.  How much does that training cost, and is there a written exam for the OSCP, or is it all a lab?

Crap.  I searched all over http://www.offensive-security.com for it before I asked, and apparently I should have enabled scripts to see it.    

I used to think GPEN was the best pen testing cert, but OSCP seems the best to me now.  The lab looks like a great way to make sure someone truly understands what they're doing and how to do it.