Next Up OSCP101 v2.0

Viewing 63 reply threads
  • Author
    Posts
    • #2909
      Dark_Knight
      Participant

      Guys,
      Having just received the CEH I decided to go ahead and do the OSCP101 after reading all the reviews.So I started today.

    • #20129
      morpheus063
      Participant

      Good Going, All the best.

    • #20130
      shednik
      Participant

      Best of luck to you…I’m jealous I’d love to do that course!!

    • #20131
      dalepearson
      Participant

      RoleReversal has also done this course, and with positive feedback.
      I am also thinking of having a look at this at some point.

      Let us know how you get on.

    • #20132
      vijay2
      Participant

      Its a amazing course I am sure you will learn a lot.

      VJ

    • #20133
      RoleReversal
      Participant

      Dark_Knight,

      Hope you enjoy the OSCP. From my experience it was a great course and I learned a lot (and confirmed a lot of stuff I ‘sort of’ knew from other sources). My lab time (took 60 days) finished around a month ago and I have the exam scheduled *soon*.

      I’d advise not taking your foot of the gas (as I did) if you start to get through the material quickly. Some of the final challenges and extra miles can be challenging and time consuming. Plus I would have liked to have spent more time ‘playing’ in the lab after completing the required exercises.

      Let us know how you get on, specifically I’d be interested to see how the material compares to the CEH you’ve already got, as it’s on my list of potential ‘nexts’….

      as a side note, any advice from those already passed the exam would be appreciated as I’m starting to get slightly nervous…

    • #20134
      dalepearson
      Participant

      @RoleReversal wrote:

      as a side note, any advice from those already passed the exam would be appreciated as I’m starting to get slightly nervous…

      May the force be with you  8)

    • #20135
      Dark_Knight
      Participant

      @RoleReversal wrote:

      Dark_Knight,

      Hope you enjoy the OSCP. From my experience it was a great course and I learned a lot (and confirmed a lot of stuff I ‘sort of’ knew from other sources). My lab time (took 60 days) finished around a month ago and I have the exam scheduled *soon*.

      I’d advise not taking your foot of the gas (as I did) if you start to get through the material quickly. Some of the final challenges and extra miles can be challenging and time consuming. Plus I would have liked to have spent more time ‘playing’ in the lab after completing the required exercises.

      Let us know how you get on, specifically I’d be interested to see how the material compares to the CEH you’ve already got, as it’s on my list of potential ‘nexts’….

      as a side note, any advice from those already passed the exam would be appreciated as I’m starting to get slightly nervous…

      Thanks for the response man. I appreciate it and I will keep the board informed.

    • #20136
      KrisTeason
      Participant

      Dark_Knight best of luck man. You’ll learn a lot in that course. It’s damn well organized and very hands on. A friend of mine took it and recommended taking it over the C|EH.

    • #20137
      Dark_Knight
      Participant

      Course is going well so far. For those that have done the course I am trying to
      to get the domain name of the dns. I have identified the dns and tried using the host command to do a reverse lookup but that failed. What other options can I use?The dns doesn’t seem to have a ptr should it?

    • #20138
      HeadlessZeke
      Participant

      Make sure you add the DNS to your resolve.conf file…

    • #20139
      RoleReversal
      Participant

      @HeadlessZeke wrote:

      Make sure you add the DNS to your resolve.conf file…

      …Just make sure you add it to the top of the list for speed

      …or query the DNS server you found directly with the host command (nice opportunity to test your newly found bash-fu 😉 )

    • #20140
      Dark_Knight
      Participant

      @RoleReversal wrote:

      @HeadlessZeke wrote:

      Make sure you add the DNS to your resolve.conf file…

      …Just make sure you add it to the top of the list for speed

      …or query the DNS server you found directly with the host command (nice opportunity to test your newly found bash-fu 😉 )

      hmmmmmmmmmm I been down the host road but not getting anything also tried adding the dns to the resolv file and still coming up short.  ???

    • #20141
      RoleReversal
      Participant

      # man host

      SYNOPSIS
            host [-aCdlnrTwv] [-c class] [-N ndots] [-R number] [-t type] [-W wait]
                  [-4] [-6] {name} [server]

      so.. ‘host -t ptr 1.2.3.4 ip.of.dns.server’ is giving no joy?

      Are you sure you’ve found a legit DNS server?

    • #20142
      Dark_Knight
      Participant

      @RoleReversal wrote:

      # man host

      SYNOPSIS
            host [-aCdlnrTwv] [-c class] [-N ndots] [-R number] [-t type] [-W wait]
                  [-4] [-6] {name} [server]

      so.. ‘host -t ptr 1.2.3.4 ip.of.dns.server’ is giving no joy?

      Are you sure you’ve found a legit DNS server?

      YGPM

    • #20143
      Dark_Knight
      Participant

      Well well well the course has stepped up a NOTCH  🙂 . I am currently on the Buffer Overflow section and lemme tell you it is VERY interesting. So I will keep you guys up to date……………………..

    • #20144
      chuck378
      Participant

      Dark_Knight,
      I was thinking about taking this course.  I do mostly computer forensics stuff.  I’m CHFI certified and have taken the CEH class (did not take the test because of the $250 fee.  I bought some equipment instead  :)).  Do you have to have a great knowledge on the subject?  Can you do the course on your own time?  I read the info on the course on the Offensive Security web page, but I would like to get your input, since you are taking it now.
      Thanks in advanced,
      Chuck378 

    • #20145
      Dark_Knight
      Participant

      @chuck378 wrote:

      Dark_Knight,
      I was thinking about taking this course.  I do mostly computer forensics stuff.  I’m CHFI certified and have taken the CEH class (did not take the test because of the $250 fee.  I bought some equipment instead  :)).  Do you have to have a great knowledge on the subject?  Can you do the course on your own time?  I read the info on the course on the Offensive Security web page, but I would like to get your input, since you are taking it now.
      Thanks in advanced,
      Chuck378 

      Hey Chuck,
      The OSCP goes WAY more in depth than the CEH. Networking knowledge is key and there is also a fair amount of programming. This varies from simple scripts all the way up to python scripts.  I am currently doing it on my own time. I paid for  a 60 day lab pass based on what I read on this board.

      The CEH basically gives you an intro into whats happening. The OSCP is another story. So for example you are introduced to buffer overflows in the CEH. You are also introduced to shellcode in fact they are several questions in the test that refer to this. In the OSCP you actually DO the buffer overlfow and you actually WRITE the shellcode. 

    • #20146
      vijay2
      Participant

      I think I should post the difference between the various CERTs mentioned here (CEH, OSCP,GPEN) as i have archived them.

      CEH – I would rate this as 5 on a scale of 10. The reasons being its very heavy on tools. It tests the individual on the theoretical knowledge of tools and its options. If you memorize the function of the various tools and the options available you are golden. But achieving CEH does not proof that the holder has practical knowledge. I would place CEH at  entry level of the Pen testing / Ethical Hacking cert.

      OSCP – This is great course though the lecture portion of it is only 7 hrs but the labs are just amazing. Its a tough course and assumes prior knowledge of a lots of important concepts to get the maximum out of this course. Its more on practical side and if you are going for cert challenge you better be good at networking concepts and windows/linux command line. Still this course does not deal with business aspects of the Pen Test. But its a great valve for the money.

      GPEN – Amazing course, very well structured, covers the business aspects and methodologies of Pen test which I believe no other course/cert talks about. In my opinion this is very important  because you could be very good technically but if you cant deal with the business side, you will not be able to provide the true value of the services you have provided. It is very balanced on tools, concepts and labs. Does not Deal with with lots of tools but the tools discussed there are in depth providing deep insights and tips and tricks from trenches on using them. The philosophy of this course is different, in that it focuses on developing the skills on tools and tricks which are natively available on the OSs, with a rationale that when you are performing a Pen Test you most likely have the liberty to install tools on the Target.

      Just my 2 cents.

      Thanks
      VJ

    • #20147
      WhirlingSands
      Participant

      The course is great fun. I learned allot on it.

      The only advice I can give to those doing the exam, is getting a good night sleep day before & plan your exam day/night. Remember you have 24 hours to complete the exam.

    • #20148
      Dark_Knight
      Participant

      @vijay2 wrote:

      I think I should post the difference between the various CERTs mentioned here (CEH, OSCP,GPEN) as i have archived them.

      CEH – I would rate this as 5 on a scale of 10. The reasons being its very heavy on tools. It tests the individual on the theoretical knowledge of tools and its options. If you memorize the function of the various tools and the options available you are golden. But achieving CEH does not proof that the holder has practical knowledge. I would place CEH at  entry level of the Pen testing / Ethical Hacking cert.

      OSCP – This is great course though the lecture portion of it is only 7 hrs but the labs are just amazing. Its a tough course and assumes prior knowledge of a lots of important concepts to get the maximum out of this course. Its more on practical side and if you are going for cert challenge you better be good at networking concepts and windows/linux command line. Still this course does not deal with business aspects of the Pen Test. But its a great valve for the money.

      GPEN – Amazing course, very well structured, covers the business aspects and methodologies of Pen test which I believe no other course/cert talks about. In my opinion this is very important  because you could be very good technically but if you cant deal with the business side, you will not be able to provide the true value of the services you have provided. It is very balanced on tools, concepts and labs. Does not Deal with with lots of tools but the tools discussed there are in depth providing deep insights and tips and tricks from trenches on using them. The philosophy of this course is different, in that it focuses on developing the skills on tools and tricks which are natively available on the OSs, with a rationale that when you are performing a Pen Test you most likely have the liberty to install tools on the Target.

      Just my 2 cents.

      Thanks
      VJ

      So doing the labs and extra mile is not enough for the exam?

    • #20149
      vijay2
      Participant

      That would definitely help.

    • #20150
      Dark_Knight
      Participant

      Update: FRUSTRATED !!!!!!!!

    • #20151
      NickFnord
      Participant

      care to elaborate?

      I’m planning on taking this course about half way through next year – it seems very thorough from what I’ve read, hope I can get rid of enough of my newbieness in time to make it worthwile 🙂

    • #20152
      Dark_Knight
      Participant

      The course itself is VERY good. Getting help sometimes can be tricky. There are some guys on there that are VERY helpful and others are a bit ‘hostile’. So sometimes it can get get frustrating.

    • #20153
      Dark_Knight
      Participant

      Can one of you guys help me out with implementing a netcat ssl session using stunnel?

    • #20154
      Anonymous
      Participant

      what is the question?

    • #20155
      Dark_Knight
      Participant

      I figured it out actually. In the end it was a configuration issue.
      Thanks.

    • #20156
      Dark_Knight
      Participant

      I am trying to use proxychains with nmap to scan using a proxy. However nmap seems to be using my external ip and not the proxy ip in the proxychains.conf file.

      What could be causing this?

    • #20157
      hiddenillusion
      Participant

      just signed up for the course… you guys sold me.

    • #20158
      KrisTeason
      Participant

      hiddenillusion, keep us updated on how things are going. I plan on taking this one as well once I get the cash saved up.

    • #20159
      jason
      Participant

      It’s on my list as well. Sounds like a very cool class.

    • #20160
      cleanwithit0607
      Participant

      Gosh. I can’t wait to take this course, quit teasing me. lol. I had some money saved up then I got in a car wreck 🙁 Plus the guy didn’t have insurance. But I’m very excited about eventually taking this class.

    • #20161
      hiddenillusion
      Participant

      So far I must say i’ve really enjoyed this course.  It does get frustrating at times trying to figure some stuff out on your own but the forums and Google help you get through it.  Finished up the lab part and scheduled the certification challenge so we’ll see how it goes but definitely a great hands on training course.

    • #20162
      Don Donzal
      Keymaster

      Great to hear. Good luck.

      Don

    • #20163
      MadmanTM
      Participant

      it’s on my list, i have been playing a lot with backtrack3 🙂

      i have sec+ to get my second pass, since i failed with 75%

    • #20164
      alan
      Participant

      This course definitely looks interesting, but i need to take a couple of Microsoft exams to finish up my mcse before i get too it.

      My only concern is putting this onto my resume with no actual work experience in this area, would this put of potential employers if I wasn’t going for a pen test type job? (i’m just starting up in this area and want to get to grips with it all before pushing for a career in it) I guess i could always leave it off my resume.

    • #20165
      Don Donzal
      Keymaster

      Always put your accomplishments on your resume. Here’s a few thoughts:

      1. You never know who will find what valuable.
      2. Even if it has the tiniest bit of relevence to your desired career path, it has value. But…
      3. Don’t give it more value than it really has. OK maybe a little more, but just because it is on your resume doesn’t mean that you are claiming it as experience. Put it in the training and education section.

      Those in a position to hire for tech jobs (especially if they have tech experience themselves) love to see that you are taking an active role in your own career in your spare time. That shows drive, initiative, willingness to learn and more.

      So put it on there and don’t look back.

      Hope this helps,
      Don

    • #20166
      hiddenillusion
      Participant

      I was informed today that I passed the certification challenge for OSCP.  I really loved the course and can’t wait to try another one of their course… I highly recommend the hands on training.  Just some advice for people wishing to pursue the certification… don’t waste time on something that you can’t get or that isn’t working right, just move on and come back if you have lab time or else you might fall behind.

    • #20167
      Don Donzal
      Keymaster

      w00t!!

      I would have thought those new initials would already be in your sig.  😛

      Well done and good advice for the others who may follow in your footsteps,
      Don

    • #20168
      Dark_Knight
      Participant

      Update – I got my OSCP WOOOOOOOOOOOOOOT!!!!!

    • #20169
      BillV
      Participant

      Hey congrats and well done!! Feels good doesn’t it? 🙂

    • #20170
      Dark_Knight
      Participant

      Yez sir it does. Hardest exam I have ever done in my entire life  ;D

    • #20171
      geekyone
      Participant

      Congrats!  ;D

    • #20172
      RoleReversal
      Participant

      😀 Congrats Dark_knight 😀

    • #20173
      eternal_security
      Participant

      @Dark_Knight wrote:

      Update – I got my OSCP WOOOOOOOOOOOOOOT!!!!!

      Congrats Dark_Knight!  How was the exam?  🙂

    • #20174
      impelse
      Participant

      Congrats.

      I have a question, how long take to do the complete training?

    • #20175
      KrisTeason
      Participant

      It’s personally your choice, you could go for the 30 day training or the 60 day training depending on how much money your willing to fork out. After the training you take the final challenge.  8). What I’d like to know is, how many hours per day do you guys spend in the lab practicing?

    • #20176
      munch137
      Participant

      Congrats to Dark_Knight as well. We may have taken the exam at or near the same time. Just now getting around to joining the fun here.

      To answer the most recent q, I took 60 days mainly just to build up my confidence.

    • #20177
      eternal_security
      Participant

      @impelse wrote:

      Congrats.

      I have a question, how long take to do the complete training?

      I highly recommend getting 60 days of lab time.  It will take some time to work through all the materials, and you will want to have some time to get through the final challenges, as well as the “extra mile” exercises, and perhaps to work on additional machines in the lab not attempted or addressed in the courseware.

    • #20178
      eternal_security
      Participant

      @munch137 wrote:

      Congrats to Dark_Knight as well. We may have taken the exam at or near the same time. Just now getting around to joining the fun here.

      To answer the most recent q, I took 60 days mainly just to build up my confidence.

      When did you take yours munch137?  I took mine on 1/18 – 1/19.

    • #20179
      impelse
      Participant

      My second question is: Did you take CEH before this exam?

    • #20180
      Dark_Knight
      Participant

      Hey eternal_security waz man? So this is where you are these days  ;D ;D ;D

      I did do the CEH before this course. However they are miles apart. The CEH acted as a good introduction to the world of security imo.

    • #20181
      eternal_security
      Participant

      @Dark_Knight wrote:

      Hey eternal_security waz man? So this is where you are these days  ;D ;D ;D

      I did do the CEH before this course. However they are miles apart. The CEH acted as a good introduction to the world of security imo.

      Hey Dark_Knight,

      I’ve been around, on IRC too…just a little sporadic over the past couple of weeks.

      Like Dark_Knight, I also did C|EH long before OSCP.  I highly recommend OSCP.  C|EH was a good introduction, but it is very tool-oriented.  OSCP is more concept-oriented and helps you develop the pentesting mindset better, IMHO.

    • #20182
      munch137
      Participant

      I took mine Jan 16-17. What a fun experience.

      To those considering this path, I also recommend getting 60 days of lab time up front unless you already have a couple of years hands-on experience with pen testing. Even so, the extra lab time might be nice to bring your l33t skilz up to this century (relatively speaking of course).  ;D

      For me, I had about 50% of the course content under my belt, but all of it was self-taught. Having the structured course materials that matched up with the vids worked well for my learning style.

    • #20183
      timmedin
      Participant

      Anyone take the OCSP and the GPEN? How do they compare?

    • #20184
      Don Donzal
      Keymaster

      This would be a great new thread. Be sure to ask for thoughts on the differnces on both the 2 courses AND the exams.

      Don

    • #20185
      worryfree
      Participant

      I have time on my hands at the moment and was wondering if 30 days/9 hours + a day would be enough for this course or would I be better going for the 60 days?

    • #20186
      Orhan
      Participant

      It really depends as there is alot of ‘research’ you need to do to compliment the learning experience.  However, if you are spending 9+ hours a day and maintain that for the 30 days, you can amass enough knowledge to see you through.

      It is a excellent course, you wont be disappointed!

      Good luck!

    • #20187
      former33t
      Participant

      That helps a lot since I don’t know anyone with nine hours a day to sustain for 30 days.  Seriously, thanks for the opinion.

    • #20188
      Don Donzal
      Keymaster

      former33t,

      I think Orhan is responding directly to worryfree where that amount of available time is specifically stated.

      Just in case you missed it.  😉

      Don

    • #20189
      former33t
      Participant

      Thanks Don, I had misread that.  Knowing my work and family situation, I’ll still probably have to go for the 60 day option when I finally get the employer to bite the bullet (or pay for it myself).  I just don’t trust myself to get it all done in 30 days.

    • #20190
      Spl0it
      Participant

      OSCP is an excellent use of your money. I recommend it highly!! I have never been in a course with so much hands on problems solving since the CCIE. And this is the first course in a series offered by muts and the offsec crew. I would say that 60 days is a good option and gives you some flexibility to study some things that you may not have enough experience in. Take the course and I guarantee you will love it and learn something. No matter what you skill level.

    • #20191
      eternal_security
      Participant

      @Spl0it wrote:

      OSCP is an excellent use of your money. I recommend it highly!! I have never been in a course with so much hands on problems solving since the CCIE. And this is the first course in a series offered by muts and the offsec crew. I would say that 60 days is a good option and gives you some flexibility to study some things that you may not have enough experience in. Take the course and I guarantee you will love it and learn something. No matter what you skill level.

      I agree with Spl0it, 100%.

Viewing 63 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?