Offensive Security’s OSEE

Viewing 23 reply threads
  • Author
    Posts
    • #7258
      UNIX
      Participant

      Offensive Security finally added an accompanying certification to their Advanced Windows Exploitation (AWE) course, called Offensive Security Exploitation Expert (OSEE).

      More info is available here and here.

    • #45390
      Darktaurus
      Participant

      WOW more pain.  Pretty cool.  It looks like they are coming out with a web app course in February too.

      http://www.offensive-security.com/information-security-training/advanced-web-attack-and-exploitation/

    • #45391
      hayabusa
      Participant

      As much as I love their courses (about to sign up for OSCE,) I can’t swing that price (the web app one.)  Will wait until that one eventually (hopefully) comes out self-study, as well…

    • #45392
      cd1zz
      Participant

      AWESOME. Time to convince employer.

    • #45393
      alucian
      Participant

      Hmmmm, one year too late for the web one.
      I did GWAPT last year and  I cannot justify two courses for the same subject.

      Maybe I’ll do the online version, when it will become available.

      But… I still have a lot to fight with OSCP and the others.

      I love offensive security certs!!

    • #45394
      Seen
      Participant

      Damn, I wish the web cert was a little cheaper than GWAPT.  Considering it looks to be the same price, I’d probably just go for GWAPT.

    • #45395
      dynamik
      Participant

      @Seen wrote:

      Damn, I wish the web cert was a little cheaper than GWAPT.  Considering it looks to be the same price, I’d probably just go for GWAPT.

      The reason that and the windows exploitation course are so expensive is because they are live/in-person courses. As Hayabusa mentioned, hopefully they come up with self-study versions that have prices that are in line with the other self-study courses.

    • #45396
      hayabusa
      Participant

      I’d take Offensive’s course over GWAPT, any day.  There’s something to be said for being challenged by hands-on exams at the end, and while I know the GIAC certs are recognized and Kevin Johnson is a wiz (mad props, and I’d love to sit under him for a class, or even lunch  😛 ,) muts and company just always step up and outdo the competition with their courses and labs.

      I’d do both if I could, but if I could only (even get lucky enough to) do one, I’d gamble on Offsec.

    • #45397
      vp75
      Participant

      Interesting from Offensive course, I remember Securitytube would also be launching Webapp security certification sometime this year… Got to wait and see… 😛

    • #45398
      dynamik
      Participant

      @hayabusa wrote:

      I’d take Offensive’s course over GWAPT, any day.  There’s something to be said for being challenged by hands-on exams at the end, and while I know the GIAC certs are recognized and Kevin Johnson is a wiz (mad props, and I’d love to sit under him for a class, or even lunch  😛 ,) muts and company just always step up and outdo the competition with their courses and labs.

      I’d do both if I could, but if I could only (even get lucky enough to) do one, I’d gamble on Offsec.

      Personally, I’m torn. The other side of the equation is that SANS/GIAC is more broadly marketable. People who are in-the-know likely respect OffSec a bit more (for the reasons you mentioned, and that I agree with), but at the same time, you often need to get past HR filters and a non-technical crowd first. If that wasn’t there case, there’d probably only be six CISSPs 😛

    • #45399
      hayabusa
      Participant

      Well, as the quote said (where you quoted me,) I know GIAC is more ‘recognized’   🙂

      So I think we agree.  It depends on your reasoning.  If you want it for a resume or need to bypass HR, then yeah, I see GWAPT.  But if it’s personal, and you’re in it for the experience factor, I lean to OffSec.

      And I’m not even going to discuss CISSP…  I don’t have it, mostly because I don’t need it, but a LOT of CISSP’s (that I know personally) can ‘talk the talk’ based on book knowledge, so they passed the cert. But put them in real-world and they can’t cut it.  I respect the cert, for it’s knowledge and info, but again, it’s always based on the end-person.  I’ve considered going after it a few times, but it’s a lot of time and study that I don’t have, for something that isn’t going to buy me, personally, anything, at this juncture.  So who knows, maybe someday, when I’m bored and have some time… who knows.

    • #45400
      Anonymous
      Participant

      shame the web app will online be live 🙁

    • #45401
      alucian
      Participant

      Question for the seasoned pentesters:

      Do you really need the advanced windows exploitations skills on your day to day job? Some of the managers I know will just say “Well this is too advanced,… this in the internal network…. “

      8) ??? ::)

    • #45402
      cd1zz
      Participant

      If you don’t want to be a bad ass then no! I think bug hunting is fun and how much more value could you possibly bring your client if you find an 0 day to pwn them with?

    • #45403
      SephStorm
      Participant

      Just an FYI, for those wondering what a live class with the OffSec guys is like, heres a review (PWB) I believe by Johny Long. Its a 5 part review, so u can change the url as needed.

      http://www.offensive-security.com/offsec/pwb-in-the-caribbean-part-1/

    • #45404
      hayabusa
      Participant

      @cd1zz wrote:

      If you don’t want to be a bad ass then no! I think bug hunting is fun and how much more value could you possibly bring your client if you find an 0 day to pwn them with?

      ++1  😉

    • #45405
      j0rDy
      Participant

      this is great news! i am very interested in the web application course, which is right up my alley! heck, id even pay for it myself if my employer does not chip in! i hope they release the course outline soon, i am guessing it will be pretty hardcore. (as i am typting this i get some mixed feelings, am i really ready to torture myself again? :D)

    • #45406
      UNIX
      Participant

      @j0rDy wrote:

      i hope they release the course outline soon […]

      The syllabus for AWE is available here.
      The syllabus for AWAE is available here.

    • #45407
      Anonymous
      Participant

      it would be so cool if the web one was online but I do think PWB is my next course even if i have to sell my soul to pay for it….

    • #45408
      mesho
      Participant

      OMG, great and bad news at the same time 🙁

      i wish to take the AWE and the Web Expert courses online but sadly they don’t offer it!

      we need to protest to offer the courses online and i assure a lot of folks will register for the course and offsec guys will be happy and gain more moneys.

      the only reason that i can’t attend the AWE it’s because the location for the course far from me 10000s miles can’t afford the course price nor the flight.

      :-[

    • #45409
      hayabusa
      Participant

      I understand why both are live courses right now.

      Reading the AWE description, it’s deep enough that it should be instructor led.  I’m sure even the best folks have lots of questions, best asked in person.

      As for the Web Expert class, it’s new, and they probably want to guage how well folks do, and refine it a little, before considering whether or not to go to web-based / e-learning.  Plus, for both courses, it lets them stay current with new and emerging threats, rather than having to change it up frequently, as they can quickly add a new threat model into planning for live sessions, rather than recordings.

      (That said, I still hope they go to an e-learning version, at least for the Web Expert, at some point in the future… ;D)

    • #45410
      Anonymous
      Participant

      Yah be it be wicked if they made the web one online as it looks amazing

    • #45411
      j0rDy
      Participant

      @hayabusa wrote:

      I understand why both are live courses right now.

      Reading the AWE description, it’s deep enough that it should be instructor led.  I’m sure even the best folks have lots of questions, best asked in person.

      As for the Web Expert class, it’s new, and they probably want to guage how well folks do, and refine it a little, before considering whether or not to go to web-based / e-learning.  Plus, for both courses, it lets them stay current with new and emerging threats, rather than having to change it up frequently, as they can quickly add a new threat model into planning for live sessions, rather than recordings.

      (That said, I still hope they go to an e-learning version, at least for the Web Expert, at some point in the future… ;D)

      You are probably right, but i think a web app online course would be an instant hit!

      @aweSEC: thanks! (missed it somehow?). and no surprise, its impressice!

    • #45412
      dbest
      Participant

      Really gonna be looking forward to the course. A couple of my colleagues actually asked me what there is for learning app sec and demonstrating knowledge.

Viewing 23 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?