.

OSWP then OSCP, or something else first

<<

TheXero

User avatar

Full Member
Full Member

Posts: 112

Joined: Tue Dec 07, 2010 12:24 pm

Post Fri Dec 10, 2010 6:47 am

OSWP then OSCP, or something else first

Hi

My career aspirations pretty much wanting to end up as a certified penetration tester

I passed my OSWP in late August and I'm wanting to take part in the OSCP within the next yaer or so, but some people wouldn't recommend it straight off

OSWP is the only tech cert I have got, and reading reviews etc of certs I was thinking of doing (A+, Security+), those are a complete waste of time, so I'm thinking of just going straight for OSCP, however some people here don't recommend this for beginners

I have been using BackTrack for a number of years beginning with version 3 and I rarely even start a graphical session these days, as I tend to use lynx these days

I have never really done any debugging before, but I'm currently learning python and bash and I'm wandering if this is one of those courses that I would be able to do straight off

For instance, when I initially signed up for OSWP, I was scared basically because of the lack of experience I had with WiFi and the command line however my command line usage has come on very far since WiFu, but again, I'm having doubts

What would you recommend I do from here on?

Thanks
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Fri Dec 10, 2010 7:29 am

Re: OSWP then OSCP, or something else first

OSCP of course  ;) The PWB course doesn't go directly into debugging, afaik. In fact it's mostly based around penetration testing with backtrack  :)

Learning the tools, from recon to exploitation and post-exploitation, and also not using the (common) tools, but also using alternative tools like Netcat (the swiss army bla bla  ;D )

What OSCP and OSCE really takes, is primarily a lot of dedication and the ability to learn. Secondary, being able to think out of the box and think abstract yet logic. (That's what it takes of non-technical skills, but the ability to learn technical information is of course a must.)

Anyway, that's just my opinion and I know people are different too. Some might learn better in a class environment and therefore Hacking Dojo, may be better, but if you can do most on your own, then OSCP is the way to go. Even if you should get lost, there's help to get on the #offsec irc channel even though occasionally the help may be vague, not because people don't want to help, but either because you're making it too hard for yourself or because it's expected you find out by yourself because it's one of the ultimate ways to learn, you'll probably remember it the rest of your life if you do so.

For example, can you remember everything you learned during school, education, your job etc. down to almost any detail? Now compare that with what you taught yourself, by e.g. self-study, who knows it better?  :)

Anyway, I'm sure there's someone else that wants to help you in the right direction as well.
I'm an InterN0T'er
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Fri Dec 10, 2010 7:47 am

Re: OSWP then OSCP, or something else first

I would say do PWB now!

PWB: Awesome course
OSCP: Very tough exam...

If, like me, you take the course without passing the exam, you will have learned a ton of knowledge. So go with PWB all the way!
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

TheXero

User avatar

Full Member
Full Member

Posts: 112

Joined: Tue Dec 07, 2010 12:24 pm

Post Fri Dec 10, 2010 7:55 am

Re: OSWP then OSCP, or something else first

Cool :)

I think I'll continue learning python and bash over the next few months, then somehow build up the courage again and speak to my manager about enrolling in the course

I'm not nervous about his reaction because he said he will support me, but the fact that its alot of money, and technically it won't help me to do my job any better, as we're a standard Microsoft house :)

I think maybe around May/June time I will ask, hopefully by then I will be confident with python and bash

Cheers
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Fri Dec 10, 2010 8:04 am

Re: OSWP then OSCP, or something else first

hopefully by then I will be confident with python and bash


PWB isn't hard on python or shell scripting. The programs I wrote were most of the time pretty small and simple. Maybe it's my web developer background, but text manipulation, for loops and socket connections aren't difficult at all.

On the other end, if you have never programed before, you sould get use to compile and/or execute programs.

But believe me, the hard part isn't programming at all!  ;)
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

TheXero

User avatar

Full Member
Full Member

Posts: 112

Joined: Tue Dec 07, 2010 12:24 pm

Post Fri Dec 10, 2010 8:21 am

Re: OSWP then OSCP, or something else first

I'm fairly fluent in VB.net :( but obviously its Windows only, and I'm trying to get rid of it from my memory lol

But I'm pretty much going through the free online Google class on python, only watched part 1 so far, but I am hoping it will at least make me more familiar so I can begin to code my own small programs etc

Hopefully once I get better, I will be able to code my own aircrack-ng so I can begin to go into leap/peap/radius networks but that is later
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Dec 10, 2010 8:36 am

Re: OSWP then OSCP, or something else first

TheXero wrote:Cool :)

I think I'll continue learning python and bash over the next few months, then somehow build up the courage again and speak to my manager about enrolling in the course

I'm not nervous about his reaction because he said he will support me, but the fact that its alot of money, and technically it won't help me to do my job any better, as we're a standard Microsoft house :)

I think maybe around May/June time I will ask, hopefully by then I will be confident with python and bash

Cheers


Ah, but enrolling in the course (just because you'll be using Linux) will have FULL relation to your position, even in a 'standard Microsoft house.'  It may not have direct bearing on your current position (assuming that's what you meant,) but if your boss is even considering letting you expand your role into more of a penetration tester / security role, it's highly relevant.  Fact is, there are SO many reasons to justify spending on courses like this, because, in the end, they're to be used in defense of those same 'Microsoft houses.'  Good luck, and if your boss would, for some reason, require more persuasion, I'm certain that if you opened up discussions, many of us on here could give you plenty of valid justifications for it.

Again, good luck TheXero, and keep us posted.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH

Return to Security

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software