.

[Article]-Review: Penetration Testing with BackTrack by Offensive Security Part 4

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Nov 27, 2009 12:53 pm

[Article]-Review: Penetration Testing with BackTrack by Offensive Security Part 4

Well here it is, the last of the weekly reviews of PWB. Next up is the final compiled review along with exam thoughts. Enjoy.

Permanent link: [Article]-Review: Penetration Testing with BackTrack by Offensive Security Part 4


Image


Ryan Linn continues his insiders look at Offensive Security's online training in Part 4 of this continuing review of 'Pentesting with BackTrack.' As a reminder, PWB is described by Offensive Security as, "An online course designed for network administrators and security professionals who need to get acquainted with the world of offensive security. This penetration testing course introduces the latest hacking tools and techniques, and includes remote live labs for exercising the material presented to the students. This course gives a solid understanding of the penetration testing process, and is equally important for those wanting to either defend or attack their network. The course can be taken from your home, as long as you have a modern computer with high speed internet."

Ryan brings it all together for you next month with a complete review of the course as well as the exam experience. Stay tuned.



Don
CISSP, MCSE, CSTA, Security+ SME
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Tue Dec 01, 2009 4:53 am

Re: [Article]-Review: Penetration Testing with BackTrack by Offensive Security Part 4

Thanks Ryan, great work. Looking forward to read about your exam experience.
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Tue Dec 01, 2009 2:46 pm

Re: [Article]-Review: Penetration Testing with BackTrack by Offensive Security Part 4

First class effort and with the exam process included, makes this one of the most complete reviews concerning a training program like this.
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed Feb 10, 2010 4:07 pm

Re: [Article]-Review: Penetration Testing with BackTrack by Offensive Security Part 4

Submitted this to digg:

http://digg.com/security/Course_Review_ ... ack_Part_4

We should have the last part of this series very soon. It will cover not only final thoughts on the course, but then continues on with the exam process. You don't want to miss Ryan's stunning results.

Stay tuned...

Don
CISSP, MCSE, CSTA, Security+ SME
<<

partek

Newbie
Newbie

Posts: 27

Joined: Thu Feb 28, 2008 6:15 pm

Post Wed Feb 10, 2010 4:23 pm

Re: [Article]-Review: Penetration Testing with BackTrack by Offensive Security Part 4

The reviews got me very intrigued with the course so I signed up. I've been with the course for 5 weeks now, squeezing in as much time between life and work as I can.

It's a very interesting course, and has really forced me to think outside the box.

I'm eagerly awaiting the final part of the series so I can have a preview of what to expect from the exam.

Great work!
CISSP, CISM, CISA, CCNA Security, OSCP, CEH
<<

Guerreiro

Newbie
Newbie

Posts: 5

Joined: Wed Feb 17, 2010 5:57 am

Post Wed Feb 17, 2010 6:33 am

Re: [Article]-Review: Penetration Testing with BackTrack by Offensive Security Part 4

I was wondering how does this course of Offensive Security stack up against SANS.org and their courses? I mean PWB is much cheaper, but does it offer the same or more or just different? If you would pit the two against each other who would win?
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Wed Feb 17, 2010 10:49 am

Re: [Article]-Review: Penetration Testing with BackTrack by Offensive Security Part 4

Guerreiro wrote:I was wondering how does this course of Offensive Security stack up against SANS.org and their courses? I mean PWB is much cheaper, but does it offer the same or more or just different? If you would pit the two against each other who would win?

It's not so much about who would win per se. I think both courses complement each other. The Sans courses cover a lot of the areas not covered in the OSCP. One such area is the business side of things. Setting up the rules of engagement, various laws etc.
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

Guerreiro

Newbie
Newbie

Posts: 5

Joined: Wed Feb 17, 2010 5:57 am

Post Wed Feb 17, 2010 11:00 am

Re: [Article]-Review: Penetration Testing with BackTrack by Offensive Security Part 4

Ok, let me ask the question slightly different;
What would be better for a beginner?
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Wed Feb 17, 2010 11:10 am

Re: [Article]-Review: Penetration Testing with BackTrack by Offensive Security Part 4

Neither. I started out doing the CEH, then progressed to the OSCP and then finally the GPEN.

If your only two options were the OSCP and GPEN I would probably shoot for the GPEN. Simply because the GPEN does a lot of hand holding. With the OSCP you are left to do a lot of the stuff on your own.  Sure there are guys on the irc channel but you will not be spoon fed. The OSCP encourages you to do your own research. And it can get get quite frustrating at times.
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed Feb 17, 2010 11:14 am

Re: [Article]-Review: Penetration Testing with BackTrack by Offensive Security Part 4

My opinion only, and note, I have not yet taken both, but this goes from what I've seen in demo's and samples of each, as well as from folks I've spoken with, who HAVE taken both.

(And I agree with what Dark_Knight JUST responded...)

Cost-wise, obviously OSCP it better.  (MUCH cheaper)  Thus, if you're not 'absolutely' certain you want to be a pentester, or want to see just how much you might get into and learn, it'd be a more affordable way to begin.  That way, if you feel over your head and decide against it, you're not out the SANS-type money.  But if you truly want to have opportunity to learn and understand more, SANS might be the better route, especially if you're willing to go to one of the bootcamps, as the ability to interact directly with an instructor, for info you may or may not understand, is very valuable, in and of itself.  BOTH will be technically challenging, and both will introduce you to concepts, methodologies, etc.  As previously noted by Dark_Knight, the legalities, etc, are also nice to gain from the SANS offerings.  

We really cannot tell you which is better for a 'beginner' as it depends on you.  If you're a GREAT self-learner, then a 60-day lab package and OSCP might be good for you, as it gives you a LOT of lab time, and hands-on practice with tools and ideas, while still affording you the ability to email the instructors and irc with other students, etc.  But if you learn better from more 'regular' interaction with instructors, in more of a class setting, then I'd definitely be leaning towards SANS to start with.  (Additionally, if you do opt for a bootcamp, you also have many other folks at the SAME point in the class as you, to openly discuss with and network with during the course.)

Ultimately, to answer your question, I don't think either would 'win', and that each is tailored for it's own learning style and methods.  Personally, if you can afford one or the other, in my opinion, I'd do both (the extra for OSCP isn't THAT much above the SANS, anyway...)  Then you'll get it all.

My 2 cents, anyway...
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Guerreiro

Newbie
Newbie

Posts: 5

Joined: Wed Feb 17, 2010 5:57 am

Post Wed Feb 17, 2010 11:35 am

Re: [Article]-Review: Penetration Testing with BackTrack by Offensive Security Part 4

First off I would like to thank both of you esteemed gentlemen for answering in such a timely fashion and with such a clear answer as well.

Well beginner is maybe a vague word, as for me personally I am now studying how to use Linux with books of the Internet. This is pure self study no holding hands and I must say I am doing all right. I also obtained a copy of old lessons of OSCP back when it was called Offensive Security 101, still using BackTrack 2. I was not daunted by their information, but I understand what you are saying. I will take your advice with me as I contemplate what to do. Also can any of you two give me any extra advice on how to get maybe a small headstart, say learn Python scripting or some such.
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Wed Feb 17, 2010 11:45 am

Re: [Article]-Review: Penetration Testing with BackTrack by Offensive Security Part 4

As it relates to the OSCP you definitely want to brush up on your Assembly fu. Get familiar with tools like Ollydbg. Also brush up on your on scripting fu(Perl,Python).
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

Guerreiro

Newbie
Newbie

Posts: 5

Joined: Wed Feb 17, 2010 5:57 am

Post Wed Feb 17, 2010 11:48 am

Re: [Article]-Review: Penetration Testing with BackTrack by Offensive Security Part 4

So Assembly, Perl and Python. At the moment I am working on learning Shell Scripting with BASH. Also OllyDBG, I am still not exactly sure how and where to use this but that is why they invented : RTFM. :)
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed Feb 17, 2010 2:15 pm

Re: [Article]-Review: Penetration Testing with BackTrack by Offensive Security Part 4

Sounds like you have a good head on your shoulders, and are understanding the points we've given you.  Even the general BASH knowledge will help you, greatly, with the ability to script connections using netcat, ssh and other tools, gather data, and to make quick work of things. 

In the NetWars cyber challenge, going on again, right now, one of the first lessons I taught another participant was how to BASH script some of his tasks, as, if you connected through their SSH tunnel, and were not quick enough at coming up with (or typing in) what you wanted to do next, some of the other players would snipe your connection, promptly, and you'd be fighting, just to stay connected, let alone to connect long enough to score points or even learn.  With the BASH scripts, if you had everything chained together properly, you could accomplish your network reconnaissance and some attacks quickly and painlessly, before they could catch you and snipe you.  This translates into real world pentesting, too, as if you are a capable scripter, you can pull many of these tasks off, quickly, clear logs and erase your tracks, and be out before many of your clients even knew you were in.  (So yes, BASH is a good one to know!)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Guerreiro

Newbie
Newbie

Posts: 5

Joined: Wed Feb 17, 2010 5:57 am

Post Thu Feb 18, 2010 3:40 am

Re: [Article]-Review: Penetration Testing with BackTrack by Offensive Security Part 4

Thanks for the compliment  :D . I am working 40+/hrs in the week and then studying on the side can all be very exhausting. Just grabbed some O'Reilly books for the Perl and Python. Anybody here got a great book that works, or a site with tutorials? :)
Next

Return to Linn

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software