.

OSCP, Beginner?

<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Fri Jul 23, 2010 7:07 pm

OSCP, Beginner?

Hi all,

I am looking at getting into pentesting, and I have been throwing the choices around in my head for some time. As someone with no real pentesting experience, is OSCP recommended?

i am also considering CEH,CPT,CPTE,and any other T1 pentesting certs, if anyone thinks one of these would be more appropriate.

I want to mention my experience: A+N+/S+, Security5, CIW Associate

Thanks in advance.
sectestanalysis.blogspot.com/‎
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Fri Jul 23, 2010 8:36 pm

Re: OSCP, Beginner?

Hi SS,
My first certification was the CEH and it served as a great introduction to the field of penetration testing. The material was just enough to get me started. The exercises/labs looking back at them now were pretty basic :) So the 'exploits' were against a windows 2000 box and if I remember correctly the exploit was the good old rpc_dcom. Point is it was nothing fancy, but at the end of the course it got me thinking about security. So everything I did from that point on was done with security in mind.

The OSCP on the other hand was a different beast. This course took it to an entire new level. So, I remember 'reading' about buffer overflows in the CEH. Well I actually did it in the OSCP. A lot of the topics covered in the CEH came to life in the OSCP. Sql injection that I had read about in the CEH, I actually got the chance to do it on several occasions. Another is example is metasploit. During the CEH, someone in the class used msf to pwn the windows 2000 server. And let me tell you I was blown away by it. Fast forward to the OSCP and I was not only using the msf but I was actually editing some of the exploits. Really getting into the guts. And where as in the CEH I could identify exploits that were say in the C programming language, in the OSCP I was editing the code.

The OSCP is also ALL YOU. No lecturers to run to. Nobody to hold your hand and spoon feed you. It can be REALLY frustrating at times. Google and the oscp irc channel become your best friend. The exam is also another thing. You have 24hrs to pwn a set of boxes that you are seeing for the first time. No multiple choice exam. So the OSCP will take your skills to the next level.

So now that you have all this 'raw' skill it now needs to be refined. Enter the Sans GPEN. This course covers the business side of things. So it takes you through setting everything up on the business side. Things like rules of engagement, various laws, establishing scope etc are covered. Really important stuff. And it also further explains some of the concepts learned in the OSCP. Rainbow tables comes to mind.

So having said ALL that you could run with the CEH and then make your way up to the OSCP.

My .02
Last edited by Dark_Knight on Fri Jul 23, 2010 8:43 pm, edited 1 time in total.
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Fri Jul 23, 2010 8:37 pm

Re: OSCP, Beginner?

I can't really answer if OSCP is a beginner course or not. There are a couple of reviews on the site to look at. Ryan Lynn (apollo I think) and J0rDy.

However, if you have no experience with it yet, I'd recommend a little reading. Professional Penetration Testing (I'm liking it so far, even if the book is falling a part on me), and Hacking for Dummies. Maybe Hacking Exposed.
OSWP, Sec+
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Fri Jul 23, 2010 9:21 pm

Re: OSCP, Beginner?

I wouldn't recommend OSCP for a beginner even if it was the first certification I opted for. What made me feel comfortable with taking the course is I've been using BackTrack For 3 years. This may be the first time anyone's seen me suggest this but since the CEH is something you plan on going for, I'd say consider that first. It has more popularity and the negative if any is that it's very tool / theory based. People taking the course can walk out of the class with the certification and not prove that they know how to hack.

If your looking to go a cheaper route and want to get your hands dirty for a cheap price, Learn Security Online has a beginners course called "So You Wanna Be A Pentester". For $300 and access to the LSO lab environment to test your skills, this one's a steal.

Heorot.NET's Shodan Certified Penetration Tester (1DCPT) course is currently discounted (and I think it's only going to be discounted for another 2 or 3 days) could be another option. The course is affordable and comes with the book chrisj recommended, "Professional Penetration Testing".

I'm currently going through eLearnSecurity Online's Training Course thanks to Don and I definitely see it as an option for a beginner too. Jason has reviewed the course here and has coined it, 'The CEH Killer'.

Goodluck and welcome to the forums.

Kris
Last edited by KrisTeason on Fri Jul 23, 2010 9:29 pm, edited 1 time in total.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Sat Jul 24, 2010 2:17 am

Re: OSCP, Beginner?

Thank you all for your welcomes, and your input. This is obviously something I am going to think long and hard on.

thank you.
sectestanalysis.blogspot.com/‎
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Sat Jul 24, 2010 7:34 am

Re: OSCP, Beginner?

I'll keep it short and sweet,,,  xxxKrisxxx and Dark_Knight echoed my sentiments, and experiences, almost exactly.  Start with the CEH, or even the Professional Penetration Testing book, by Wilhelm, then see how you're feeling, from there.

Good luck, and keep us informed as you move forward.  We're here to discuss and help!
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Sun Jul 25, 2010 11:53 am

Re: OSCP, Beginner?

Thanks, Well, I already have the Pro Pentesting book, and I was working with it, but two things are standing in my way, One, lack of dedicated time. I just finished a six month job training course that had me covering everything from vista, server 08, to UNIX, and security+. Two: too many books! That book is one of about five or six I have been trying to read while studying for other certs. I am hoping that over the next month I can focus on one area at a time. In fact, i'm starting right now!
sectestanalysis.blogspot.com/‎
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Sun Jul 25, 2010 12:06 pm

Re: OSCP, Beginner?

Good, just focus in one area.
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Sun Jul 25, 2010 4:53 pm

Re: OSCP, Beginner?

Based on that, SephStorm, you definitely wouldn't want to start with OSCP.  You'd quickly run yourself ragged, and I think you'd likely give up way too quickly (it's a LOT of dedicated time, especially if you're new to much of it.

Yeah do the book, and consider CEH, before trying to focus on a challenge like OSCP.

Good luck, and keep us posted on how you're coming along.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Tue Jul 27, 2010 6:54 pm

Re: OSCP, Beginner?

I will, thanks.
sectestanalysis.blogspot.com/‎

Return to OSCP - Offensive Security Certified Professional

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software