i have read your articles with great pleasure! however, i got a question: depending on your pre-knowledge, how do you compare the CEH certificate to the OSCP regarding to difficulty? and how does this allign with GPEN?
Excellent question. I have updated my signature with my list of certifications, but unfortunately I don't have CEH. I have only formulated thoughts based on what I know from other people and from reading the curriculum and browsing through the course materials.
The CEH appears to be a mile wide and inch deep in some places, and a foot deep in others. You will get a lot of exposure to the whole world of security, but very little of it will be deep enough on its own. If you are brand new to computer security, then this course should give you a crash course in the things that you will need to know along the way. My personal view on the course, having never taken it and only talked to others, is that this is the course that should tell you how much you don't know. That is very valuable in that it's hard to figure out where to go until you know what information you don't know yet.
The GCIH is a good starting point in my opinion. This course is really 1/2 incident response, 1/2 pen testing. The two are linked in my mind in that unless you really understand what is going on, it's hard to figure out what happened. This course also provides a good Linux intro which will prove positive for any of the next courses you take. Netcat, Nmap, Metasploit, and other tools are covered sufficiently that you should be able to go home and start exploring. I already knew some coming into this class, but after this course I understood Nmap and Metasploit much better and started writing Nmap NSE scripts right after I left the course.
From here, there are 3 ways that you can go, and they each have separate benefits. There are more than these 3 certs, but these are the ones I have so I feel like I can speak more authoritatively on them.
The GPEN starts off with the business side of pen testing and making sure you don't find yourself in trouble along the way. The CEH covers some of the legal things as well, so the legal part isn't unique, but I think that this course does an excellent job of laying out things like scoping, requirements, business purpose and other things that are real world problems but people coming in may not think about as much. This course goes a lot deeper into each of the different penetration testing stages and focuses on the goal of each stage and provides tools, thoughts, and some Ed Skoudis ninja skills along the way. You should walk out of this course of a better understanding of how to think about a pen test from a business standpoint, what types of recon you need to do, how to perform them, and a better understanding of many pen testing tools. After this course, I went and wrote Metasploit modules and did some other fun things with Metasploit. There is a final day capture the flag with good challenges for everyone and exposure to many technologies.
The GWAPT is the Web Application Pen Testing certification. Many things are moving in the direction of the web and this course by Kevin Johnson of Inguardians addresses this new trend. You should read my review of this course to find out more, but overall, if you want to get stronger in web stuff, this is the class.
The PWB/OSCP takes a different point of view. It doesn't cover a lot of the business stuff, but instead takes the skill portion and really expands on it. It's less formal than the SANS or EC-Council classes, but if you do well on the exam then I would think that's a good indication that you have skills that can be directly applied to network penetration testing. It really focuses on, here are the steps, here are the tools, here is how you use the tools, and here is what you do with the output. If you don't get those concepts by the end of the course, you will probably not do well on the final test. The other area where this course concentrates on where the others really don't as much is explaining the how/what/why of exploit development. This isn't something that most people will use in penetration tests. The time when this is useful, and will really set someone apart is for some exploits you may have a working exploit that isn't written for your target platform, for instance Windows XP Home instead of Pro and you need to have it run on Pro, you should have the basic knowledge to know what you are looking for in order to make the changes to have it work. You will probably even be able to do basic buffer overflow exploits without much problem, but you won't be able to do more of the advanced exploits.
Again, these are the certs/classes I've taken, so I can speak only to them. Hopefully at this point you know what you will get out of each one. I will say this, I learned a lot in each of these courses.
I'm looking forward to taking the Cracking The Perimeter class. My understanding is that the beginning of the next review may start off with "I have been defeated". The informality of the PWB class made it incredible fun, and even though it was somewhat stressful, the OSCP was the most fun exam I have ever taken. Most places you get multiple choice, with OSCP, there is no multiple choice, you either get it, or you have to try harder.
