.

Acquiring Knowledge

<<

Lubinski

Newbie
Newbie

Posts: 26

Joined: Fri Dec 03, 2010 1:34 pm

Post Tue Dec 07, 2010 1:50 pm

Acquiring Knowledge

After looking through a few certifications I have come to the end result that I will purchase the PWB courseware from the Offsec guys.

My main goal is to gain knowledge to support the Bachelors in Information Security I have. This looks like a great place to start.

I'm not a huge Linux person atm but I have been working more and more with Backtrack lately.

Is this course appropriate or should I start lower on the ladder?

I see a course from elearnsecurity but It does not look as good or come as highly recommended.
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Tue Dec 07, 2010 2:36 pm

Re: Acquiring Knowledge

If you have a Bachelors in InfoSec and have been exposed to Penetration Testing and Vulnerability Assessment in your classes I'd say go for it if your willing to suffer a little bit. I don't have a degree in InfoSec, and I opted for the course.

The questions I'd ask myself before taking the class is, how comfortable am I with BackTrack? Personally I walked in knowing a good amount of Metasploit, NMap, Reconnaissance, knew how to compile and run exploits, fix some public versions of exploits, and had some python experience I had gotten from school.

I wouldn't say this is a beginner course, during the exam your basically thrown into a cage with lions and forced to fend for your own *;D*

eLearnSecurity's not a bad course at all. I think it depends on your comfortability level in the field of Hacking. I would definitely recommend it for the absolute beginner. You get more Web Application testing knowledge out of it then you do out of PWB, and it's a great course to start with.

I personally had a blast in PWB and thought the OffSec Style of PWB training (which is basically, "Here's the lab guide, here's the course videos, there's 50+ machines spread out across 4 subnets - Happy Hacking), was more of my personal learning style.

There's a few of us who have our OSCP certifications on this board, don't feel hesitant to ask questions!

Welcome to the forums!

-kris
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Tue Dec 07, 2010 3:26 pm

Re: Acquiring Knowledge

Lubinski wrote:I see a course from elearnsecurity but It does not look as good or come as highly recommended.


This is like the saying "opinions are like..." Here are a few things I'd like to throw out to you - for you to ponder.... Certification ... Learning... Which do you prefer?

Certification - overrated at times especially when one is seeking to "dump" - I need to pass this class!!!. You're likely to retain little and not learn at the end of the day.

Learning - always in fashion

There is no "wrong" course to learn from. I haven't taken eLearnSecurity's course because I don't need it - and I'm not saying this to be arrogant. I'd actually LOVE to take it for the sake of learning something, but at the end of the day, it doesn't benefit me so I choose to focus my money and time elsewhere. I would STILL learn from it I'm sure though. There are plenty of people here who have taken it and liked it alot. There were some who didn't.

As for the OSCP, you state you have little Linux experience (based off your statement: I'm not a huge Linux person atm but I have been working more and more with Backtrack lately.) so my perception/interpretation is, you will find the OSCP difficult and likely fail the first, second and perhaps the third time around. You WILL LEARN doing the OSCP but it might be akin to jumping into trigonometry without understanding basic algebra.

Back in 06/07 I started a "Pentesting 101" write up (http://infiltrated.net/pentesting101.html) where I laid down what I felt was a STRONG 52 week step-by-step to become a decent/well rounded pentester. It includes understanding the entire gamut of operating systems, networking, applications, etc.. There will NEVER be an "all inclusive" course to become a "ninja pentester" as there are too many variables (web applications, presentation layers, covert channels(networking), etc.) the key to it all is understanding as much as possible.

E.g., when I did my RWSP, I was completely on all their machines and was completely stumped on MSSQL syntaxing. Guess what? I come from a Linux/BSD/Solaris world. Postgres (check), MySQL (check), Oracle (check)... MSSQL? Nah, not my cup of tea. Had I taken the time for a refresher, I'd of not wasted time - in the end, I ran out of time. Anyhow, because of what you mention (minor *nix) experience, I suggest you start with ELearnSecurity, get comfortable with it, then aim for the OSCP only AFTER you're extremely comfortable with not only Linux, but a variety of topics.
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Tue Dec 07, 2010 4:10 pm

Re: Acquiring Knowledge

After reading sil's comment and going over mine, I don't want to make it seem like I'm setting you up for a rough time in PWB Lubinski.

You WILL LEARN doing the OSCP but it might be akin to jumping into trigonometry without understanding basic algebra.


This is very true in this situation. My first post made it come off like PWB was easy if you had some good background. I hadn't mentioned that I had been using BackTrack since 2007 prior to taking PWB in 2010. I'm not saying you need to have years experience in linux to sign-up, they mainly want you to be comfortable.

Are these the only two vendors you've compared? Have you looked into HackingDojo or LearnSecurityOnline yet? These are other positive places to get your hands dirty at affordable prices too.

-kris
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

Lubinski

Newbie
Newbie

Posts: 26

Joined: Fri Dec 03, 2010 1:34 pm

Post Tue Dec 07, 2010 5:42 pm

Re: Acquiring Knowledge

Thanks for the replies, I am currently looking at the various other options posted here.

I did not mean to portray elearnsecurity as a bad option, just that the PWB course looks better after looking at both. Price is sort of a major factor here so we will see what the budget boils down to.

I will keep you posted and thanks for all the info.
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Tue Dec 07, 2010 6:34 pm

Re: Acquiring Knowledge

Courses by Offensive Security, are highly recommendable and you will learn a lot but also go through a rough period of learning, including trial and error  ;)

I've done OSCE, and that was pain inserted directly into my cerebrum  ;D

It was awesome though, and it has given me something I can use for the rest of my life.


I haven't tried LSO, eLearnSecurity and Heorot (Hacking Dojo) yet, but in the future I most likely will  :)
I'm an InterN0T'er
<<

alucian

User avatar

Full Member
Full Member

Posts: 228

Joined: Mon Dec 29, 2008 2:01 pm

Location: Montreal, Canada

Post Thu Dec 09, 2010 9:58 am

Re: Acquiring Knowledge

In my opinion, in your case, the best place to start will be hacking dojo. It will start you from the basic, and while it will cost you less money you'll get an inside view of the pentest world. If you'll like it you'll learn a lot, if you'll not like... you'll save money and find yourself a new career path (firewalls, compliance...)

One of the biggest advantages of hackingdojo is that you will actually talk with the instructor (Tom) and you can ask him almost anything. On the oposites, doing OSCP you'll be on your own (in a lions cage  :) ).
CISSP ISSAP, CISM/A, GWAPT, GCIH, GREM, GMOB, OSWP
<<

Lubinski

Newbie
Newbie

Posts: 26

Joined: Fri Dec 03, 2010 1:34 pm

Post Sat Dec 11, 2010 7:23 pm

Re: Acquiring Knowledge

I will take another look at the dojo. Thanks for tip. Can someone describe the experience they have had with hackingdojo.com? I got some information off of their site but if you can fill in the spaces that would be wonderful.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Sat Dec 11, 2010 8:12 pm

Re: Acquiring Knowledge

While I've not taken the courses from the Dojo, yet, I have Tom's book (Professional Penetration Testing,) and it's a good read.  In addition, Tom is a member here (Grendel,) so along with others' experiences, you can ask him plenty, as well.

Good luck.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Lubinski

Newbie
Newbie

Posts: 26

Joined: Fri Dec 03, 2010 1:34 pm

Post Sat Dec 11, 2010 10:56 pm

Re: Acquiring Knowledge

Excellent. I feel like i stumbled upon a golden trove of usefulness here..
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Wed Dec 22, 2010 7:50 pm

Re: Acquiring Knowledge

I don't think that just because you don't have that much Linux experience that you shouldn't take the course. I didn't have that much linux exp either and I passed on my first try. BUT I did have to work my ass off at it. I had to ramp up my Linux skills really fast and now they're acceptable. I just passed a couple weeks ago and documented my experience here if you're interested: http://networkadminsecrets.blogspot.com/2010/12/offensive-security-certified.html

The bottom line is if you have solid fundamentals, meaning you understand routing/protocols and how an OS works, you could probably get to where you need to be in 60-90 days. Quite frankly if you don't pass on the first try its not that big of a deal because you can retake for $60. Its not like you have to drop $500 to retake the exam. Put in the hard word and it will pay off.
<<

mayjune

Post Thu Dec 23, 2010 5:51 pm

Re: Acquiring Knowledge

Thank you so much guys for your inputs....
It was highly valuable. I am considering hackingDojo, and more imp to brushing up my fundamental skills side by side.
Thanks again.

Return to OSCP - Offensive Security Certified Professional

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software