OSCE vs GXPN vs Corelan...go


 

http://infiltratecon.com/training.html ?

Because they're all different, I'll organize this by two goals: 1) get better at exploit dev, 2) get better at pen testing

Goal - Ninjasize your Exploit Dev Skills
Order of complexity from lowest to highest: GXPN, OSCE, Corelan.

Keep in mind, the GXPN covers more than exploit dev. OSCE is 90% exploit dev and Corelan is 100%

Corelan covers more advanced exploit dev topics than OSCE and GXPN. For example, he literally went through how the Vupen guys won Pwn2Own, step by step. Blew my mind.

OSCE and Corelan are 100% windows, GXPN does both nix and windows.

Goal - Ninjasize your Pen Test Skills
Corelan isnt going to help. OSCE might help a little, but GXPN is going to win in this category. A better track for this goal is probably GPEN -> GXPN -> OSCP, or some variation of the G courses, but keeping OSCP in there

They all have some overlap and if you can take them all, they really compliment each other. Hope that helps.

So my next question is, when if EVER do you use your exploit-dev skills on a pentest? Most environments can be pwned without needing the heavy artillery not so?

Your response maybe that I said most, but how often do you get to go up against an environment that requires OSCE etc skillz?

Yea, that looks amazing. I'll need to wait until I find an employer that'll foot that bill though.

I assume they offer the NOP exam there. That'd be a fun one to try.

Not a lot, in fact he refers to them for more information. However, the value in having him there is picking up on how he thinks about things or all his little tricks.

I was told that GPEN is required in order to sit for the GXPN exam, however, I couldn't find such statement on the official website. Can anyone confirm whether GPEN is required for GXPN or not? I might give it a try this year, so I'm wondering.