[Article]-Review: Penetration Testing with BackTrack by Offensive Security Part 4

This topic contains 22 replies, has 9 voices, and was last updated by  apollo 9 years, 9 months ago.

  • Author
    Posts
  • #4451
     Don Donzal 
    Keymaster

    Well here it is, the last of the weekly reviews of PWB. Next up is the final compiled review along with exam thoughts. Enjoy.

    Permanent link: [Article]-Review: Penetration Testing with BackTrack by Offensive Security Part 4

    [align=center:2yerwpu2][/align:2yerwpu2]

    Ryan Linn continues his insiders look at Offensive Security’s online training in Part 4 of this continuing review of ‘Pentesting with BackTrack.’ As a reminder, PWB is described by Offensive Security as, “An online course designed for network administrators and security professionals who need to get acquainted with the world of offensive security. This penetration testing course introduces the latest hacking tools and techniques, and includes remote live labs for exercising the material presented to the students. This course gives a solid understanding of the penetration testing process, and is equally important for those wanting to either defend or attack their network. The course can be taken from your home, as long as you have a modern computer with high speed internet.”

    Ryan brings it all together for you next month with a complete review of the course as well as the exam experience. Stay tuned.

    Don

  • #27966
     UNIX 
    Participant

    Thanks Ryan, great work. Looking forward to read about your exam experience.

  • #27967
     Kev 
    Participant

    First class effort and with the exam process included, makes this one of the most complete reviews concerning a training program like this.

  • #27968
     Don Donzal 
    Keymaster

    Submitted this to digg:

    http://digg.com/security/Course_Review_Penetration_Testing_with_BackTrack_Part_4

    We should have the last part of this series very soon. It will cover not only final thoughts on the course, but then continues on with the exam process. You don’t want to miss Ryan’s stunning results.

    Stay tuned…

    Don

  • #27969
     partek 
    Participant

    The reviews got me very intrigued with the course so I signed up. I’ve been with the course for 5 weeks now, squeezing in as much time between life and work as I can.

    It’s a very interesting course, and has really forced me to think outside the box.

    I’m eagerly awaiting the final part of the series so I can have a preview of what to expect from the exam.

    Great work!

  • #27970
     Guerreiro 
    Participant

    I was wondering how does this course of Offensive Security stack up against SANS.org and their courses? I mean PWB is much cheaper, but does it offer the same or more or just different? If you would pit the two against each other who would win?

  • #27971
     Dark_Knight 
    Participant

    @guerreiro wrote:

    I was wondering how does this course of Offensive Security stack up against SANS.org and their courses? I mean PWB is much cheaper, but does it offer the same or more or just different? If you would pit the two against each other who would win?

    It’s not so much about who would win per se. I think both courses complement each other. The Sans courses cover a lot of the areas not covered in the OSCP. One such area is the business side of things. Setting up the rules of engagement, various laws etc.

  • #27972
     Guerreiro 
    Participant

    Ok, let me ask the question slightly different;
    What would be better for a beginner?

  • #27973
     Dark_Knight 
    Participant

    Neither. I started out doing the CEH, then progressed to the OSCP and then finally the GPEN.

    If your only two options were the OSCP and GPEN I would probably shoot for the GPEN. Simply because the GPEN does a lot of hand holding. With the OSCP you are left to do a lot of the stuff on your own.  Sure there are guys on the irc channel but you will not be spoon fed. The OSCP encourages you to do your own research. And it can get get quite frustrating at times.

  • #27974
     hayabusa 
    Participant

    My opinion only, and note, I have not yet taken both, but this goes from what I’ve seen in demo’s and samples of each, as well as from folks I’ve spoken with, who HAVE taken both.

    (And I agree with what Dark_Knight JUST responded…)

    Cost-wise, obviously OSCP it better.  (MUCH cheaper)  Thus, if you’re not ‘absolutely’ certain you want to be a pentester, or want to see just how much you might get into and learn, it’d be a more affordable way to begin.  That way, if you feel over your head and decide against it, you’re not out the SANS-type money.  But if you truly want to have opportunity to learn and understand more, SANS might be the better route, especially if you’re willing to go to one of the bootcamps, as the ability to interact directly with an instructor, for info you may or may not understand, is very valuable, in and of itself.  BOTH will be technically challenging, and both will introduce you to concepts, methodologies, etc.  As previously noted by Dark_Knight, the legalities, etc, are also nice to gain from the SANS offerings.  

    We really cannot tell you which is better for a ‘beginner’ as it depends on you.  If you’re a GREAT self-learner, then a 60-day lab package and OSCP might be good for you, as it gives you a LOT of lab time, and hands-on practice with tools and ideas, while still affording you the ability to email the instructors and irc with other students, etc.  But if you learn better from more ‘regular’ interaction with instructors, in more of a class setting, then I’d definitely be leaning towards SANS to start with.  (Additionally, if you do opt for a bootcamp, you also have many other folks at the SAME point in the class as you, to openly discuss with and network with during the course.)

    Ultimately, to answer your question, I don’t think either would ‘win’, and that each is tailored for it’s own learning style and methods.  Personally, if you can afford one or the other, in my opinion, I’d do both (the extra for OSCP isn’t THAT much above the SANS, anyway…)  Then you’ll get it all.

    My 2 cents, anyway…

  • #27975
     Guerreiro 
    Participant

    First off I would like to thank both of you esteemed gentlemen for answering in such a timely fashion and with such a clear answer as well.

    Well beginner is maybe a vague word, as for me personally I am now studying how to use Linux with books of the Internet. This is pure self study no holding hands and I must say I am doing all right. I also obtained a copy of old lessons of OSCP back when it was called Offensive Security 101, still using BackTrack 2. I was not daunted by their information, but I understand what you are saying. I will take your advice with me as I contemplate what to do. Also can any of you two give me any extra advice on how to get maybe a small headstart, say learn Python scripting or some such.

  • #27976
     Dark_Knight 
    Participant

    As it relates to the OSCP you definitely want to brush up on your Assembly fu. Get familiar with tools like Ollydbg. Also brush up on your on scripting fu(Perl,Python).

  • #27977
     Guerreiro 
    Participant

    So Assembly, Perl and Python. At the moment I am working on learning Shell Scripting with BASH. Also OllyDBG, I am still not exactly sure how and where to use this but that is why they invented : RTFM. 🙂

  • #27978
     hayabusa 
    Participant

    Sounds like you have a good head on your shoulders, and are understanding the points we’ve given you.  Even the general BASH knowledge will help you, greatly, with the ability to script connections using netcat, ssh and other tools, gather data, and to make quick work of things. 

    In the NetWars cyber challenge, going on again, right now, one of the first lessons I taught another participant was how to BASH script some of his tasks, as, if you connected through their SSH tunnel, and were not quick enough at coming up with (or typing in) what you wanted to do next, some of the other players would snipe your connection, promptly, and you’d be fighting, just to stay connected, let alone to connect long enough to score points or even learn.  With the BASH scripts, if you had everything chained together properly, you could accomplish your network reconnaissance and some attacks quickly and painlessly, before they could catch you and snipe you.  This translates into real world pentesting, too, as if you are a capable scripter, you can pull many of these tasks off, quickly, clear logs and erase your tracks, and be out before many of your clients even knew you were in.  (So yes, BASH is a good one to know!)

  • #27979
     Guerreiro 
    Participant

    Thanks for the compliment  😀 . I am working 40+/hrs in the week and then studying on the side can all be very exhausting. Just grabbed some O’Reilly books for the Perl and Python. Anybody here got a great book that works, or a site with tutorials? 🙂

  • #27980
     caissyd 
    Participant

    Hey,

    Dark_Knight, it seems I am following the same path as you. I did GSEC than CEH. I just registered for OSCP (I start this Sunday). Then, I was going to go for GPEN or OSCE…

    Anyway, since this thread is about the OSCP cert, here is my question. I already know most of the tools/scripting languages of the course, so is it possible to complete ALL exercises in 60 days? I really, really want to get the most out of the course… Also, I am planning to spend an average of 2 hours a day.

    I know it depends a lot on my current knowledge, but I just want to know if you guys think it is possible to complete all exercises in 60 days (or even 30 days!).

    Thanks

  • #27981
     UNIX 
    Participant

    I haven’t taken the course myself, but know a few people who did. Most told me, that if you have already some knowledge and enough time to spend, 30 days are enough.  60 days are more comfortable if you can’t spend every day on studying or only have limited time each day – there is no need to rush anything as you have twice as much time.

  • #27982
     hayabusa 
    Participant

    H1tM0nk3y…

    If you truly have the time to commit 2 hours per day, then from my experience, you could likely get through it in the 30-day window.  When I talk about 60-day, for myself, it’s solely because I have an extremely loaded work schedule, as well as a handful of kids, so my time is often limited and sporadic.  So I just want to pad it for myself.

    But I think if you have a good grasp on the scripting, etc, and are willing to give plenty of time in a day, you could take the shorter.  (Besides, I think it’s only an extra $50, if you end up adding an extra 30-days later on, rather than just scheduling it up front; right?  So worst case, if you want to try to save the money up front, you’re only out the extra $50 if you end up adding the extra time.  But if you finish in 30-days, then you’ve saved yourself $150…

  • #27983
     caissyd 
    Participant

    Thanks Hayabusa and Awesec,

    I already paid for 60 days… As I was saying, I was worried about not being able to finish all exercises in 60 days.

    Thanks guys,

    PS: Hayabusa, I had a ZX-10R up to last year…

  • #27984
     UNIX 
    Participant

    Have fun with the course. Let us know when you have finished it. 😉

  • #27985
     hayabusa 
    Participant

    @H1t M0nk3y wrote:

    PS: Hayabusa, I had a ZX-10R up to last year…

    If it’s any consolation, I HAVE a Hayabusa, which I’m going to be selling, in a couple of months…  2005, with only a little over 2k miles on it…  work just been way too busy the past few years, and need time and money for family.

  • #27986
     caissyd 
    Participant

    I HAVE a Hayabusa, which I’m going to be selling, in a couple of months…

    I spent the last 2 years only going on race tracks. I stopped when I looked at my credit cards…  😮

  • #27987
     apollo 
    Participant

    Sorry for the delay in joining in.  If you know your stuff, you can ace this stuff in 60 days, and be pretty good in 30 days.  I only used 20 days of lab time before I took the test, and that was with spending a good amount of time on some of the bonus content of the course.  I finished the exercises themselves in the first 2 weeks, and had most of the extra credit points within a day or two after finishing the content of the course.  I would say that if you are strong with scripting, networking, linux and have some general understanding of basic exploitation then 60 days will be way more than what you need.  If any of those are weaker, 60 days will probably be sufficient.

    Hope this helps,
    Ryan

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?