Heorot.net Intermediate Penetration Testing Course Vs Offensive security

Viewing 19 reply threads
  • Author
    Posts
    • #4226
      T_Bone
      Participant

      Hi

      Me again asking about course comparisons! Which course would you guys recommend out of Intermediate Penetration Testing Course – Version 2 and Offensive Security Pentesting with Backtrack?

      Any thoughts welcome  🙂

    • #26772
      Vedder
      Participant

      I think that the OSCP is more widely known and respected.

      Give the Heorot more time and it will become more recognised.

    • #26773
      blackazarro
      Participant

      I can only speak for OSCP and it kicks ass! I highly recommend it.

    • #26774
      UNIX
      Participant

      I second Vedder’s post.
      Although the course from Heorot is probably good as well, it is not as known as OSCP. If you have any specific questions about Heorot you can ask Grendel here at the forums, who’s the author of it. 😉

    • #26775
      T_Bone
      Participant

      Thanks for the replies, i have to admit i have been looking at the OSCP for a while now and was going to go for it before i saw the Heorot intermediate course.  What enticed me towards the Heorot course is that the course description includes the Application of the OSSTMM within a penetration test and Detailed coverage of how to document your results, which are important things you need to know to become a pen tester (which is my aim).

      I don’t think the OSCP covers this?

    • #26776
      T_Bone
      Participant

      Although i have noticed that EH is now reviewing the OSCP course so could now just wait and see what is said and then decide!  🙂

    • #26777
      morpheus063
      Participant

      I second T_Bone.

      Infact I am also looking for some resource and/or course that presents PT from a business point of view. For example, Engagement Model for a Pen Test, Agreements and Documents that needs to be prepared before the test, deliverables etc.

    • #26778
      Don Donzal
      Keymaster

      I have also worked out an arrangement with grendel for jhaddix to review the upcoming v2 of the course. Then we can have some real discussions with reviews of all the major courses out there. I’m going to start a new thread getting opinions on reviews.

      Stay tuned,
      Don

    • #26779
      Dark_Knight
      Participant

      @Manu Zacharia (-M-) wrote:

      I second T_Bone.

      Infact I am also looking for some resource and/or course that presents PT from a business point of view. For example, Engagement Model for a Pen Test, Agreements and Documents that needs to be prepared before the test, deliverables etc.

      I just completed the Sans GPEN560 and that topic is covered quite well.

    • #26780
      Jhaddix
      Participant

      GPEN is good, Heorot covers some additional logistics. Its very hard to compare. I haven’t gotten the chance to see the new training yet though, looking forward to reviewing it.

    • #26781
      T_Bone
      Participant

      @Jhaddix wrote:

      GPEN is good, Heorot covers some additional logistics. Its very hard to compare. I haven’t gotten the chance to see the new training yet though, looking forward to reviewing it.

      Yeah GPEN sounds good but unfortunately is out of my budget (unless i manage to get another facilitator position as i did for the GCIH)

    • #26782
      T_Bone
      Participant

      @don wrote:

      I have also worked out an arrangement with grendel for jhaddix to review the upcoming v2 of the course. Then we can have some real discussions with reviews of all the major courses out there. I’m going to start a new thread getting opinions on reviews.

      Stay tuned,
      Don

      Thanks Don, that is great news, looking forward to it!

    • #26783
      timmedin
      Participant

      @Jhaddix wrote:

      GPEN is good, Heorot covers some additional logistics. Its very hard to compare. I haven’t gotten the chance to see the new training yet though, looking forward to reviewing it.

      I am really looking forward to seeing a comparison.

    • #26784
      T_Bone
      Participant

      Wow, now there is another potential candidate… ELearnSecurity to be released soon! This is excellent news but now adds to the confusion of which “affordable” course to take as SANS, etc are too expensive to afford if you are paying out of your own pocket!

      Heorot.net Intermediate Penetration Testing Course Vs Offensive security and eventually elearnsecurity!

      Now I really do not know, but at least the comparison of the first two will help initially!

    • #26785
      T_Bone
      Participant

      My Other problem is, if i dare try and perform each of these courses, all the time will probably result in me being single! …. i am sure my partner would be very un-impressed!

    • #26786
      Kev
      Participant

      I thought I would throw in my 2 cents and recommend the Heorot training. I am familiar with both and they are equally good, actually I would say you should do both if you are truly serious.  What I like about the Heorot training is the real life scenarios he uses.  Exploits are kept to a minimum.  In the last 2 years of pentesting I can say very few breaches were made by exploits and those few were made with browser exploits. Perhaps someone here has a different experience?  If someone thinks you can arrive at a pentest and launch their metasploit autopwn and that’s it, well that is a huge disservice to their client. Just what I have encountered. 

    • #26787
      Jhaddix
      Participant

      This is true, real world “pentesting” is about risk assessment, configuration testing, and vulnerability testing. It’s not so much about exploitation (although it IS the fun part). Most of the time the exploitation is done in the webapp side or clientside type of tests. It really depends on the scope but we have very few clients who will let us exploit production machines, which sucks because after we clear the DMZ we know we’ll find juicy systems =(

    • #26788
      Kev
      Participant

      Well said Jhaddix. I agree exploits are the fun part.  Cracking a password just doesn’t have the same feel to it as rooting a box with an exploit.  Hmm, I wonder why that is?

    • #26789
      T_Bone
      Participant

      Thanks Kev, Jhaddix

      These are the responses i was looking for really as i wanted to perform whichever course is likely to help me progress in the pen testing field.  As posted previously I would have liked to have done the GPEN as it goes through the pen testing methodology used but was only able to get on the GCIH as a facilitator which is still very good but doesn’t cover report writing and stuff like determining what vulnerabilities are classed as “critical” “High” etc as you would need to understand for a pen test.  It does explain how to protect systems against attacks which is obviously very important to understand as a pen tester so that you can advise what needs to be put in place.

    • #26790
      alucian
      Participant

      Hello guys,
      If I really well understand, according to Jhaddix and Kev, it is better to do Heorot training in order to be able to do a good job as pentester (I mean to be able to work as a consultant and to do a good job, and not to be some security guy on a company’s payroll). This training seems to give the business knowledge of the job, besides the technical skills.
      I’d like to do both of their levels, but because I have to pay for them by myself it is a big problem.   :'(

      Maybe I will wait to see what elearnsecurity will bring to the scene (a combination of both Heorot’s levels wold be nice).

      In the mean time I am doing OSWP and starting to read Fyodor’s book.

      Good luck to everybody.

Viewing 19 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2022 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?