OSCP vs Hacking Dojo

Viewing 38 reply threads
  • Author
    Posts
    • #6518
      El33tsamurai
      Participant

      I am really think about taking the OSCP class and cert but also saw Hacking Dojo which is better?

    • #40379
      rattis
      Participant

      I haven’t done the OSCP, but Hacking Dojo basically walks you through understanding a frame work involved in doing pentesting. You can take the exam to move up to the next section. I’ve only done the Shodan class. I liked it. For the Hacking Dojo, you’ll get more out of it, if you can build your own lab to play with as you go.

      PWB / OSCP is on my list to do in the near future, but want more basics before I jump in to it.

    • #40380
      cd1zz
      Participant

      Does Hacking Dojo have a live lab environment? From my basic searches it doesn’t appear so. I think that’s one of the most valuable (and funnest) parts of OSCP. You actually have to execute the concepts that they taught you in a foreign environment.

      +1 for OSCP

    • #40381
      El33tsamurai
      Participant

      That is what I was thinking too, I really want to get in that lab.  But then the price tag of the other was less.  Wanted to make sure if they did have a live lab then maybe it would be worth it.

    • #40382
      rattis
      Participant

      Nope, no live lab. Which really is why I haven’t done any of the homework, because I need to build new lab.

    • #40383
      lorddicranius
      Participant

      Hacking Dojo provides you with vulnerable ISO’s to work with.  It requires you to either have an spare machine to use, or just use a virtual environment (VMWare Player/Workstation, VirtualBox, etc).  I think most of us students have gone the virtual environment route.

    • #40384
      j0rDy
      Participant

      somehow i think providing VM’s is a better solution. I know i haven’t touched quite a few of the systems that are in the OSCP labs, which is a shame cause good practise is hard to get. i know its probably wishful thinking but if OSCP would provide all the systems as VM’s i would have learned even more then i already did! then again they would have to rethink the whole 30/60/90 day access concept…

    • #40385
      Anonymous
      Participant

      I guess it all depends on your experience if you are pretty new to security then Hackingdojo. If you can write bash script and know networking,bit programming,basic metasploit,nmap ect then OSCP

      However Hackingdojo is really good course it teaches you what you doing rather than how to use tools so you have a much better understanding of things.

      I have not done the OSCP yet but from what I heard its not easy and I would say it was more aimed at someone who has maybe a years pen testing experience.

    • #40386
      Darktaurus
      Participant

      I have not taken the HackingDojo course but I know the OSCP course teaches you most of the steps in a pentest.  The thing I was most impressed with, was the Pentest report.  That teaches you to organize your thoughts and hacks, then present them in a very detailed and comprehensible report. 

      I was able to achieve and recreate each hack just by going thru my notes and practicing.  That really helps when you think of the number of machines that you are attacking.  If I had to pick, I would still go with the OSCP.  I think a beginner can get thru the course.  It just may require more time than someone with more experience. 

    • #40387
      rattis
      Participant

      @lorddicranius wrote:

      Hacking Dojo provides you with vulnerable ISO’s to work with.  It requires you to either have an spare machine to use, or just use a virtual environment (VMWare Player/Workstation, VirtualBox, etc).  I think most of us students have gone the virtual environment route.

      My virtual environment is overloaded at the moment (runs on my laptop). 😉
      So I really do need a new box just for running the VM environment for a lab.

    • #40388
      El33tsamurai
      Participant

      @lorddicranius wrote:

      Hacking Dojo provides you with vulnerable ISO’s to work with.  It requires you to either have an spare machine to use, or just use a virtual environment (VMWare Player/Workstation, VirtualBox, etc).  I think most of us students have gone the virtual environment route.

      A vm is just not as real as a real machine you know what I mean? 

    • #40389
      El33tsamurai
      Participant

      @Jamie.R wrote:

      I guess it all depends on your experience if you are pretty new to security then Hackingdojo. If you can write bash script and know networking,bit programming,basic metasploit,nmap ect then OSCP

      However Hackingdojo is really good course it teaches you what you doing rather than how to use tools so you have a much better understanding of things.

      I have not done the OSCP yet but from what I heard its not easy and I would say it was more aimed at someone who has maybe a years pen testing experience.

      From what I have read from other people it did not sound like a years pen testing experience was needed.  As long as you know Linux and have a basic understanding for Python you should be good to go.  Or am I wrong?  I am working on my masters in info sec and I know what everything is on the syllabus of the PWB class.  I just don’t know how to implement it all, which is why the class is looking really good to me.

    • #40390
      El33tsamurai
      Participant

      @j0rDy wrote:

      somehow i think providing VM’s is a better solution. I know i haven’t touched quite a few of the systems that are in the OSCP labs, which is a shame cause good practise is hard to get. i know its probably wishful thinking but if OSCP would provide all the systems as VM’s i would have learned even more then i already did! then again they would have to rethink the whole 30/60/90 day access concept…

      But then again VM’s would be nice but the class would prob cost like 3 to 5 times more.

    • #40391
      El33tsamurai
      Participant

      @Agoonie wrote:

      I have not taken the HackingDojo course but I know the OSCP course teaches you most of the steps in a pentest.  The thing I was most impressed with, was the Pentest report.  That teaches you to organize your thoughts and hacks, then present them in a very detailed and comprehensible report. 

      I was able to achieve and recreate each hack just by going thru my notes and practicing.  That really helps when you think of the number of machines that you are attacking.  If I had to pick, I would still go with the OSCP.  I think a beginner can get thru the course.  It just may require more time than someone with more experience. 

      Thanks that sounds good, seen that I am working on my masters in info sec its time to get more certs under my belt.

    • #40392
      rattis
      Participant

      @El33tsamurai wrote:

      A vm is just not as real as a real machine you know what I mean? 

      Actually, no. Not sure what you mean. 🙂 Considering everyone is consolidating to VM Systems, I think a VM is more real world like than not.

      1) hosting sites are leveraging hardware costs by doing VMs
      2) companies are doing the same in rented data centers by buying blades and moving to vms. Or buying pizza box servers and installing VMS

      Cloud? Yep…

      I’m reading the latest edition of Hacking Exposed: Web Applications (3rd edition), and it talks about people using VMs too. My examples I listed above though were from personal experience.

    • #40393
      lorddicranius
      Participant

      @chrisj wrote:

      @lorddicranius wrote:

      Hacking Dojo provides you with vulnerable ISO’s to work with.  It requires you to either have an spare machine to use, or just use a virtual environment (VMWare Player/Workstation, VirtualBox, etc).  I think most of us students have gone the virtual environment route.

      My virtual environment is overloaded at the moment (runs on my laptop). 😉
      So I really do need a new box just for running the VM environment for a lab.

      lol I know what you mean.  My current “mobile lab” isn’t beefy enough to run many VM’s.  I really do need another machine, too.

    • #40394
      El33tsamurai
      Participant

      @chrisj wrote:

      @El33tsamurai wrote:

      A vm is just not as real as a real machine you know what I mean? 

      Actually, no. Not sure what you mean. 🙂 Considering everyone is consolidating to VM Systems, I think a VM is more real world like than not.

      1) hosting sites are leveraging hardware costs by doing VMs
      2) companies are doing the same in rented data centers by buying blades and moving to vms. Or buying pizza box servers and installing VMS

      Cloud? Yep…

      I’m reading the latest edition of Hacking Exposed: Web Applications (3rd edition), and it talks about people using VMs too. My examples I listed above though were from personal experience.

      1) VM’s take away the ability to allow you to hack wireless.
      2) VM’s there are no routers or switches to go through.
      3) Its a Fake network.

      Yes everyone is going VM’s but in your fake VM lab you don’t have what I have stated above which are huge parts of businesses.

      If you look at me have a laptop that can hold alot but no switch’s, router’s, extra so having something like that available to practice I feel is more real word.  Does this make more sense when I say you know what I mean?

    • #40395
      lorddicranius
      Participant

      @El33tsamurai wrote:

      @chrisj wrote:

      @El33tsamurai wrote:

      A vm is just not as real as a real machine you know what I mean? 

      Actually, no. Not sure what you mean. 🙂 Considering everyone is consolidating to VM Systems, I think a VM is more real world like than not.

      1) hosting sites are leveraging hardware costs by doing VMs
      2) companies are doing the same in rented data centers by buying blades and moving to vms. Or buying pizza box servers and installing VMS

      Cloud? Yep…

      I’m reading the latest edition of Hacking Exposed: Web Applications (3rd edition), and it talks about people using VMs too. My examples I listed above though were from personal experience.

      1) VM’s take away the ability to allow you to hack wireless.
      2) VM’s there are no routers or switches to go through.
      3) Its a Fake network.

      Yes everyone is going VM’s but in your fake VM lab you don’t have what I have stated above which are huge parts of businesses.

      If you look at me have a laptop that can hold alot but no switch’s, router’s, extra so having something like that available to practice I feel is more real word.  Does this make more sense when I say you know what I mean?

      But now you’re going beyond the scope of what a “virtual machine” is/does.  It’s called a “virtual machine,” not a “virtual network.”  That’s not to say though that you can’t create a “virtual network” on a single machine though.  I ran across a blog post not too long ago where a guy used pfSense as a router between two separate virtual networks, all hosted on a single laptop.  While it’s not Cisco IOS firmware, etc in your virtual network, you do have the ability to mess with firewall rules, routes, etc all on a single machine using a virtual network.

      As for wireless, I haven’t tried to mess with that using only one machine.  I personally use a laptop hosting a BackTrack VM with an Alfa wireless card connected as my attack machine, a WRT54GL for my WAP, and my phone or iPod as the client (which probably isn’t more than what any other infosec pro/hobbyist/enthusiast already has).  I do wonder though if I might be able to use the built-in wireless card/host OS as the client…then it’d all be contained on one laptop, aside from the WAP.  Gonna have to try that soon.

    • #40396
      El33tsamurai
      Participant

      But the subject at hand here had to do with a at home lab but this is going no where I am sorry should of been more specific.

    • #40397
      lorddicranius
      Participant

      True, but was regarding a home lab for Hacking Dojo and/or the PWB course.  I know VM’s work fine for Hacking Dojo and from what I’ve heard, you aren’t hacking switches/routers in PWB, just other virtual machines (hosted by Offensive Security).

      Just making sure we’re all on the same page 🙂

    • #40398
      El33tsamurai
      Participant

      Ok, from the diagrams I saw online there was some sort of firewall that you had to get through I just assumed it was some sort of router.

    • #40399
      tturner
      Participant

      @El33tsamurai wrote:

      1) VM’s take away the ability to allow you to hack wireless.
      2) VM’s there are no routers or switches to go through.
      3) Its a Fake network.

      Yes everyone is going VM’s but in your fake VM lab you don’t have what I have stated above which are huge parts of businesses.

      If you look at me have a laptop that can hold alot but no switch’s, router’s, extra so having something like that available to practice I feel is more real word.  Does this make more sense when I say you know what I mean?

      1 – VMs allow direct access to USB attached devices, including USB wireless adapters. I can hack wireless all day from within a VM.

      2 – take a look at GNS3, my virtual lab includes routers running Cisco IOS, switch modules on those routers and also the generic switches that come with GNS3. I have also recently connected my virtual environment to some real world physical switches and it works flawlessly.

      3 – Why is it fake? What determines real or not? I’m still sending and receiving packets. It really depends on how you configure your environment. I can include physical devices if I wish to, or keep it isolated or anything in between. It’s the flexibility with the click of a button that is so powerful. The main downside is that the VM environment is not natively identical to your real world environment, but if it gets you 95% of the way (or closer) there for 5% of the cost then that’s a no-brainer to me. Don’t throw the baby out with the bathwater.

      That being said, there ARE instances where running in a VM can cause problems, like for VM aware malware that changes characteristics based on whether it’s running in a VM or not. This is usually to counter RE tactics. Snapshots are godly!  ;D

    • #40400
      El33tsamurai
      Participant

      @tturner wrote:

      @El33tsamurai wrote:

      1) VM’s take away the ability to allow you to hack wireless.
      2) VM’s there are no routers or switches to go through.
      3) Its a Fake network.

      Yes everyone is going VM’s but in your fake VM lab you don’t have what I have stated above which are huge parts of businesses.

      If you look at me have a laptop that can hold alot but no switch’s, router’s, extra so having something like that available to practice I feel is more real word.  Does this make more sense when I say you know what I mean?

      1 – VMs allow direct access to USB attached devices, including USB wireless adapters. I can hack wireless all day from within a VM.

      2 – take a look at GNS3, my virtual lab includes routers running Cisco IOS, switch modules on those routers and also the generic switches that come with GNS3. I have also recently connected my virtual environment to some real world physical switches and it works flawlessly.

      3 – Why is it fake? What determines real or not? I’m still sending and receiving packets. It really depends on how you configure your environment. I can include physical devices if I wish to, or keep it isolated or anything in between. It’s the flexibility with the click of a button that is so powerful. The main downside is that the VM environment is not natively identical to your real world environment, but if it gets you 95% of the way (or closer) there for 5% of the cost then that’s a no-brainer to me. Don’t throw the baby out with the bathwater.

      That being said, there ARE instances where running in a VM can cause problems, like for VM aware malware that changes characteristics based on whether it’s running in a VM or not. This is usually to counter RE tactics. Snapshots are godly!  ;D

      In the VM it does not show up as a wireless device it comes through the host machine and it shows up as a Ethernet card not wireless device.

      So with GNS3 you are able to use your vms in the environment as well?  This looks cool I have been using Packet Tracer to practice for my Cisco certs.

      Yeah I agree on point three but it was designed by you making a hacking challenge 100% easier because you know all the configs of all the devices this is the major draw back here.

      I agree snap shots are amazing. 

    • #40401
      cd1zz
      Participant

      El33tsamurai

      That is why you should do OSCP! Because you don’t know any of that!

    • #40402
      lorddicranius
      Participant

      @El33tsamurai wrote:

      In the VM it does not show up as a wireless device it comes through the host machine and it shows up as a Ethernet card not wireless device.

      I’m not sure I understand what you mean.  My Alfa USB wireless device shows up as wlan0 on a BackTrack VM.  I can then see all the wireless stats via “iwconfig” also.

    • #40403
      rattis
      Participant

      It’s not easy, but you can set up wireless to the VM. It’s how you pass the device to it. With the Alfa cards, you can pass it as a usb device.

      Anyway… The VMs have the following options. Host only (you have to be on the VM Server), natted, bridged. Most of mine are bridged.

      The point of a VM lab over a hardware lab is that you can rebuild faster, and not be limited by 1 box to 1 system.

      Example my full lab:
      WRT54GL
      2 Alfa wireless cards (USB)
      3 Pentium 3 desktop. Each one running a different version of linux
      1 Laptop running 5 Virtual guests in bridged mode (base is debian, vms are: Backtrack, Fedora, 2 WinXP, Ubuntu)
      1 triple boot netbook (win7, ubuntu, backtrack)
      3 cisco routers
      3 cisco swtiches

      I use the laptop and netbook as day to day boxes, and want a new desktop to run the VMs on, as well as add to being a day to day box at home.

    • #40404
      jsm725
      Participant

      Sounds like El33tsamurai has the USB card on the host and not mounted directly to the VM. I just took the OSWP training using a virtual image and an Alpha card. It shows up (when mounted directly to the VM) as wlan0.

      Also, definitely look into GNS3. A seriously awesome tool.

    • #40405
      El33tsamurai
      Participant

      @cd1zz wrote:

      El33tsamurai

      That is why you should do OSCP! Because you don’t know any of that!

      Good call I am putting money together to get working on this.

    • #40406
      El33tsamurai
      Participant

      @lorddicranius wrote:

      @El33tsamurai wrote:

      In the VM it does not show up as a wireless device it comes through the host machine and it shows up as a Ethernet card not wireless device.

      I’m not sure I understand what you mean.  My Alfa USB wireless device shows up as wlan0 on a BackTrack VM.  I can then see all the wireless stats via “iwconfig” also.

      See my wireless does not.

    • #40407
      El33tsamurai
      Participant

      @jsm725 wrote:

      Sounds like El33tsamurai has the USB card on the host and not mounted directly to the VM. I just took the OSWP training using a virtual image and an Alpha card. It shows up (when mounted directly to the VM) as wlan0.

      Also, definitely look into GNS3. A seriously awesome tool.

      I have added and will use it thanks alot.

    • #40408
      rattis
      Participant

      @El33tsamurai wrote:

      See my wireless does not.

      What virtual host are you using? VMWare, Xen, VirtualBox, other?

    • #40409
      El33tsamurai
      Participant

      I have VMware workstation 7

    • #40410
      rattis
      Participant

      http://blip.tv/dgconsultinguk/rtl8187-in-vmware-backtrack-4-r2-4534759

      Give that a try see what you can come up with

    • #40411
      El33tsamurai
      Participant

      Thanks I will give it a try

    • #40412
      El33tsamurai
      Participant

      Ok, I am going to take the OSCP class now for the people that have taken the class, is it better to have Backtrack in a VM or installed for the class?

    • #40413
      KrisTeason
      Participant

      Either will do El33tsamurai. Your actually provided a Custom VM of BT4 with the course containing some extras. The extras being simple stuff like bookmarked links where you can read-up on material, etc.

    • #40414
      El33tsamurai
      Participant

      What did you use?

    • #40415
      hayabusa
      Participant

      I used the BT VM from the class, but any would’ve sufficed.

    • #40416
      El33tsamurai
      Participant

      Thanks

Viewing 38 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?