OSCP V3.0 certificaton available!

Viewing 39 reply threads
  • Author
    Posts
    • #4727
      j0rDy
      Participant

      just found out at Offensive security that version 3.0 of OSCP will be available at mid-march! some info:

      The Offensive Security team is excited to announce the release date of v3.0 of the Pentesting With BackTrack Course.  On March 21, 2010 the course will be made live. The team has worked overtime to ensure the videos and labs are better than ever. With new modules, more in depth explanations and a new rich lab environment, this will prove to be a very exciting release.

      Whats new in PWB v.3.0 ?

      Aligned with BackTrack 4
      New Video recordings, updated courseware
      New Lab environment, doubled in size, modern OS’s added
      Added storylines to the lab, simulating a realistic corporate environment
      In depth Buffer Overflow module, including Linux Buffer Overflows
      New Web Application Attack modules
      The updated syllabus will be made available online on the 21st of march.

      already informed my manager, lets see if i can get some budget 😀

    • #29477
      jason
      Participant

      Nice. Glad I waited  8)

    • #29478
      UNIX
      Participant

      Mh, maybe OSCP is the next for me too. Good that they are improving their course.

    • #29479
      Ketchup
      Participant

      I really want to do this course.  I just have to find the time.  Version 3.0 sounds great, especially the indepth buffer overflow module.  My knowledge is a bit outdated there.

    • #29480
      rattis
      Participant

      Ketchup,

      I want to do it too, but my problem is more than just time. I’ll have to fund it myself, and I have other things higher priority right now. 🙁

    • #29481
      hayabusa
      Participant

      I’m looking forward to it.  I have my approval to sign up for a May class!  w00t!

    • #29482
      KrisTeason
      Participant

      I’m officially registered for the class on the 21st and I’m super stoked. I chose to pay for the 60 days lab access because I’m a full time student & I just want to make sure I have time to cover all the material. Lucky I have a couple weeks to study, I haven’t touched much exploit development material.

    • #29483
      KamiCrazy
      Participant

      Time to update my courseware ^_^

    • #29484
      cmattmiller
      Participant

      Dang, I just started last week  :-

    • #29485
      j0rDy
      Participant

      bummer cmattmiller. jus think of it as an extra mile opportunity!

      Ryan’s articles have convinced me to sign up for this course. i’m waiting for response on the budget. at this point i’m so stoked i probably will sign up anyway even if i have to pay for it myself. the only question is when! (maybe i’ll team up with hayabusa, two knows more then one right? ;D)

    • #29486
      caissyd
      Participant

      Dang, I just started last week

      I also started PWB a week ago…

      I just sent an email to Offensive-Security to find out if I will be able to upgrade my course materials when they will release the new version in 2 weeks.

      I will keep you guys posted…

    • #29487
      caissyd
      Participant

      After asking the guys at Offensive-Security.com about upgrading from PWB 2.0 to 3.0, I got this answer:

      Thank you for your interest in the PWB online course V3.0 update.

      The new version will be available from the 21st of March. We are accepting payments in advance for this upgrade.

      Here is the new pricing for various purchase options:-

      1. Upgrade from V2.0 to V3.0 – 200 USD
      2. Upgrade from V2.0 to V3.0 + 30 days in the labs- 400 USD

      So, we can upgrade for $200.

    • #29488
      hayabusa
      Participant

      The pricing was listed on their site, already  😉  (at the bottom of the page)

      http://www.offensive-security.com/penetration-testing-backtrack-online-training.php

    • #29489
      impelse
      Participant

      Prices increased ?

    • #29490
      itg33k
      Participant

      I really want to take this course and I know it’s well worth the money but since I am paying for this out of pocket and I have been told that the 60 day lab is the way to go, I cannot afford it at this time. Hopefully they will have discounts in the near future.

    • #29491
      UNIX
      Participant

      @H1t M0nk3y: Eventually you might write another e-mail, as this seems to be an auto-response. If you are lucky, you might work something out.

    • #29492
      caissyd
      Participant

      as this seems to be an auto-response

      I waited almost 4 hours for the response… ???

      The pricing was listed on their site, already

      I recall seeing it when I registered AFTER I read their email…  :-

      And since I am paying from my own pocket, I will think about paying an extra $200…

    • #29493
      hayabusa
      Participant

      @H1t M0nk3y wrote:

      The pricing was listed on their site, already

      I recall seeing it when I registered AFTER I read their email…  :-

      And since I am paying from my own pocket, I will think about paying an extra $200…

      LOL!  ;D  Wasn’t meant to be sarcastic or critical, was just pointing it out, so all could easily link to it, etc.  Trust me, as soon as I saw the original post from the email, I went looking to see what they had posted!  I greatly appreciate your post, as it’ll save me the time, and let me wait to register for v3, instead of jumping into 2, only to turn around and go to 3.

      I think the extra $200 would be worth it, myself, based on the new things they’re saying they’re adding to it.

    • #29494
      OS4998
      Participant

      @hayabusa wrote:

      I think the extra $200 would be worth it, myself, based on the new things they’re saying they’re adding to it.

      Absolutely. I’ve upgraded mid-course so I’ll be getting my courseware on the 21st and I’m getting my new labs allocated on the 21st as well. Given there’s additional focus on Buffer Overflows, Web Apps and modern operating systems I definitely see the benefit in upgrading.

      If it’s any issue, I’ve been warned that Core Impact won’t be installed in the new Version 3 XP boxes, which implies it may have been dropped from the syllabus.

    • #29495
      caissyd
      Participant

      Wasn’t meant to be sarcastic or critical

      Hayabusa, I didn’t take it bad at all! I really, really appreciate your comments. I should just do my homework first… 😛 😀

      You guys convinced me, I will upgrade to v3 for $200 !

      The Linux buffer overflow convinced me too! ;D

    • #29496
      OS4998
      Participant

      I quizzed the sales team as to when the V3 syllabus would be published and they said it’ll hit the web site next week.

    • #29497
      cmattmiller
      Participant

      I’d love to upgrade, but can’t afford it myself and the first $700 was like pulling teeth from management.  🙁

      I just have to save my pennies.

    • #29498
      partek
      Participant

      @MarcusW wrote:

      If it’s any issue, I’ve been warned that Core Impact won’t be installed in the new Version 3 XP boxes, which implies it may have been dropped from the syllabus.

      I don’t think it will really be missed if it is dropped from the course. The course really only gave an overview of it as a pentesting framework.

    • #29499
      KamiCrazy
      Participant

      Using core on OS101 was fun, but largely useless as a learning tool for pentesting…

    • #29500
      pizza1337
      Participant
    • #29501
      j0rDy
      Participant

      thanks pizza! lets have a look at the differences.

      management told me i can apply at the end of the year due to reorganizations thats going on now and they dont know where i will be stationed yet (weird that i already know and they dont, but thats a different story). so if i want to do it now i have to pay for it myself. no problem but i have to wait at least a month before i can cough up the dough.

      i’m looking at the video now, but i also noticed they removed some (possibly all?) metasploit material. i know this isnt very hard/cutting edge stuff, but basic knowledge you should have. why?

    • #29502
      hayabusa
      Participant

      Are you asking why metasploit stuff might be necessary, or why they removed it?  Not having taken v2, and preparing to take v3, I can’t speak for why it’d be removed.  It’s good knowledge to have, as you really need to understand, for instance, how to take code from a 0day or other exploit, and compile and use it, with meterpreter or others, against your targets.  

      Based on them saying ‘kernel payloads and db_autopwn’ were what was removed, I’m not so sure they removed metasploit, entirely.  The kernel payload section… I’m not sure what exactly he used to cover, so maybe it just tended to be something a bit harder to grasp and took more concentration away from other topics, etc.  Or it could be that with many of the other attack vectors that are coming to be, muts and company wanted to put attention and focus on other things.  I won’t speculate.  

      db_autopwn would take some of the learning out of the picture, by automating steps and functions that you really SHOULD understand, to be an effective pentester, and not always relying on pre-canned tools and scripts.  The same would go for the removal of CoreImpact.  As KamiCrazy mentioned, Core is so fully capable of many things, that using it in such a class could very easily lead you to become complacent / lazy, and not truly get the value and understanding that comes with manual testing procedures.  

      I know that I, personally, would MUCH rather understand the how’s and why’s of what happens underneath such tools and scripts, than to lean so heavily on commercial tools or pre-compiled scripts, etc, as it’s much more beneficial and useful, in cases where, for instance, a customer doesn’t allow you to bring your own machines and code into their network, but rather, you need to scrape together ‘available’ tools and ideas to do your tests.  You’ll be a better pentester from the experience, by learning things the hard way.  Once you truly understand these things, then using other commercial tools and scripts becomes a timesaver, not an exercise in laziness, and you can better test and validate findings from those tools, by using other knowledge and techniques.

    • #29503
      MosGuy
      Participant

      I agree with hayabusa. The way I read the changes, it came across to me like they haven’t removed metasploit fully. Likely just certain areas they likely felt either didn’t enhance the course much, or would lead to students getting to “lazy” relying on automated tools and scripts. Which as mentioned, typically leads to not fully understanding the process behind it. There’s always the option of Metasploit Unleased. Which I’m sure goes into more detail then PWB anyway.

      Of course that’s just my take on it. Like hayabusa, I haven’t done v2 tho plan to take v3 early next month. The only sure answer is to ask the OffSec team. But with Metasploit Unleased out there, I can’t see there will be any real loss of material.

    • #29504
      pizza1337
      Participant

      They do have http://www.offensive-security.com/metasploit-unleashed/  (love it)
      I hope they have full version of this course soon.

    • #29505
      j0rDy
      Participant

      metasploit unleashed is a great resource! i can understand why they removed the db_autopwn like hayabusa said, but for the completeness of the course i should have kept it in…anyway i’m convinced the quality of the course will not be less!

    • #29506
      UNIX
      Participant

      Maybe the outsourced Metasploit stuff will be included in the Wiki or the Videos of the Full version from Metasploit Unleashed.

    • #29507
      33degree
      Participant

      I want to take this course but i don’t have scripting skills, what do suggest i do? I have intermediate Linux skills. I need some help from you guys

    • #29508
      KrisTeason
      Participant

      I wouldn’t say scripting skills are exactly required for the course – but they’re definitely a plus to have!

      Throughout the course your writing various python/other scripts to do certain things so having the background is always nice. I’d just say start studying up on some python!  8)

    • #29509
      UNIX
      Participant

      If you are not in a hurry, you can work on some of the requirements you are currently lacking and take the course afterwards. Depending on the time and money (+extra lab time) you can spend on the course, it should be possible to learn the things you don’t know yet and get through it.

    • #29510
      j0rDy
      Participant

      @xXxKrisxXx wrote:

      I wouldn’t say scripting skills are exactly required for the course – but they’re definitely a plus to have!

      Throughout the course your writing various python/other scripts to do certain things so having the background is always nice. I’d just say start studying up on some python!  8)

      good info! i’m currently working up some scripting skills and start with python after that! i guess a basic knowledge would be sufficient…

    • #29511
      pizza1337
      Participant
    • #29512
      j0rDy
      Participant

      wow, this gets me even more excited! i like the try harder slogan 8)

    • #29513
      hayabusa
      Participant

      It’s nice to see the increased traffic / excitement geared towards v3.  I’m still pretty stoked to be taking this one, myself, in May.  Then, looking forward to Ryan’s review of the next one.

    • #29514
      UNIX
      Participant

      On time as announced. 🙂

    • #29515
      MosGuy
      Participant

      The latest content announcement and syllabus look great. As does the final lab challenges, it certainly looks more real world. As with many others I’m really looking forward to signing up. Especially since I’ve wanted to take the course for about two years now. If all goes as planned I’ll be enrolling in about two weeks time ;D

Viewing 39 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?