.

Online penetration testing course advice

<<

lblake

User avatar

Newbie
Newbie

Posts: 4

Joined: Sun Apr 24, 2011 4:25 pm

Post Mon Apr 25, 2011 4:21 am

Online penetration testing course advice

Hello there,


I've been a QA tester for the past 12 years I have good knowledge of operating systems including Linux (command-line level) and can configure systems from scratch.  I can programme in Java, Python and Perl to an immediate level (used 'C' back in the day) and intend to learn some assembly at some point.  I am looking to change my career from QA to penetration tester again.


I've have no experience of penetration testing but I am CEH qualified, I qualified six years ago but found that the qualification didn't open any doors (the catch-22 situation).


Which course from the list below do you advise I take as I don't really want to spend a lot of money only to find the certifcation has no merit without experience (again).


1: Hacking dojo

2: eLearnSecurity

3: SANs.org

4: OSCP training with backtrack


I've looked at the demo from eLearnSecurity and it doesn't seem to be very hands-on?  The OSCP and Hacking dojo courses look to be more hands on?  But I am bit concerned about the time factor with the OSCP course (I would go for the 90 day option).
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Mon Apr 25, 2011 3:11 pm

Re: Online penetration testing course advice

hey lblake,

welcome to the forums!

You seem to be leading more towards the OSCP course than the others you listed off. I think it's a big plus you've had years with programming and linux.

I've have no experience of penetration testing but I am CEH qualified, I qualified six years ago


If you were really aiming for PWB, I'd suggest taking the time to familiarize with some penetration testing. Maybe build a home lab to practice in. I think if you walk in having little familiarity with some of the tools in BackTrack your lab days get spent learning the syntax usages as oppose to getting your hack on. 90 day option is great, you'd learn a ton but it's best to get comfortable with what your going to be using in the course before signing up for it - especially for the OSCP course!

I've looked at the demo from eLearnSecurity and it doesn't seem to be very hands-on?


eLearnSecurity is as hands-on as you make it. I took the pro courses which came with tons of interactive slides, labs attached to the slides for you to do at your own pace, and video demos. To get the most out of the course, I'd suggest going through and completing all of the labs. Plus they're only working on making their courses better. Check the link below to see what the folks at eLS are working on getting into the course (if they haven't added it in already):
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6872.0/

Some more positives about eLearnSecurity, EthicalHacker members get a 5% discount here. Your also given 120 days to go through the course which is great and gives you a lot of time to get things done.

Can't really speak for Hacking Dojo or SANS except all of the training vendors you listed off are great. SANS certifications are well respected in the industry but they're quite pricey!

I don't really want to spend a lot of money only to find the certifcation has no merit without experience (again).


This is a field where you need the experience and the certifications/education to get hired. I'm OSCP and eCPPT certified but I'm far from being ready to pen-test in an enterprise environment.

In my opinion, I'd say go the eLearnSecurity or HackingDojo route. These will give you a solid foundation then maybe you could venture off into PWB even more prepared.
Last edited by KrisTeason on Mon Apr 25, 2011 3:14 pm, edited 1 time in total.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

lblake

User avatar

Newbie
Newbie

Posts: 4

Joined: Sun Apr 24, 2011 4:25 pm

Post Mon Apr 25, 2011 5:17 pm

Re: Online penetration testing course advice

Hello xXxKrisxXx,

Thanks for the information I've started to set up my own lab using the vmware images from the 'Metasploit' website.  I'll take another look at the eLearning course as I feel the OSCP course might be a bit much at this present time.
<<

millwalll

Post Wed Apr 27, 2011 6:49 am

Re: Online penetration testing course advice

I am doing the Hackindojo course and I love it the only fault I would say with the course is that its part time so my lesson are once a week every Tuesday.

This of course does not stop you learning off your own back.
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Wed Apr 27, 2011 12:27 pm

Re: Online penetration testing course advice

Pentesting with BackTrack would be ideal if you have some basic Linux skills and perhaps knowledge about different exploitation vectors etc. since this course really does have a high content to price value in my humble opinion  :)

Also it would be an opportunity to gain the OSCP certification which is not that widely known to HR departments yet, but some within e.g. HP are beginning to acknowledge it.
I'm an InterN0T'er
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Wed Apr 27, 2011 2:29 pm

Re: Online penetration testing course advice

Searches at Dice return the following:

OSCP - 4 hits http://goo.gl/dWs0J

OSCE - 6 hits http://goo.gl/O5Kll

eCPPT - 0 job (got hits but none actually referenced the cert)

GPEN - 9 hits http://goo.gl/bY2xr

CEH - 89 hits http://goo.gl/uw4KO

CISSP - 1387 hits http://goo.gl/1R3dc

So if you aren't having much luck with CEH, you probably won't have a lot more luck with the other hacking-centric certs from an HR standpoint, but I'd daresay you will probably gain some credibility with technical security folks in the know. Bottom line, I would not advise investing in any cert other than the CISSP if your objective is bypassing an HR filter. Not much value for a pentester true, but that's just how it is. Now going the OSCP/OSCE route to actually learn something useful? That sounds like a much more worthwhile endeavor.
Last edited by tturner on Wed Apr 27, 2011 2:31 pm, edited 1 time in total.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

millwalll

Post Wed Apr 27, 2011 2:42 pm

Re: Online penetration testing course advice

MaXe wrote:Pentesting with BackTrack would be ideal if you have some basic Linux skills and perhaps knowledge about different exploitation vectors etc. since this course really does have a high content to price value in my humble opinion  :)

Also it would be an opportunity to gain the OSCP certification which is not that widely known to HR departments yet, but some within e.g. HP are beginning to acknowledge it.


You say knowledge of different exploitations vectors if you don't have this how can you gain it ? as I planing to do OSCP soon..
<<

Grendel

User avatar

Full Member
Full Member

Posts: 246

Joined: Thu Aug 28, 2008 8:48 am

Location: Colorado Springs, CO

Post Thu Apr 28, 2011 8:00 am

Re: Online penetration testing course advice

Jamie.R wrote:I am doing the Hackindojo course and I love it the only fault I would say with the course is that its part time so my lesson are once a week every Tuesday.

This of course does not stop you learning off your own back.


Clarification:

The online classes are held once a week; however videos of all the classes for the Novice (Mukyu) and Foundational (Shodan) courses are online and can be viewed and worked on at any time... for those individuals who want to accelerate the pace of their learning.
- Thomas Wilhelm, MSCS MSM
ISSMP CISSP SCSECA SCNA IEM

Web Site:
  • http://HackingDojo.com
Author:
  • Professional Penetration Testing
  • Ninja Hacking
  • Penetration Tester's Open Source Toolkit
  • Metasploit Toolkit for Penetration Testing
  • Netcat Power Tools
<<

millwalll

Post Thu Apr 28, 2011 10:42 am

Re: Online penetration testing course advice

Grendel wrote:
Jamie.R wrote:I am doing the Hackindojo course and I love it the only fault I would say with the course is that its part time so my lesson are once a week every Tuesday.

This of course does not stop you learning off your own back.


Clarification:

The online classes are held once a week; however videos of all the classes for the Novice (Mukyu) and Foundational (Shodan) courses are online and can be viewed and worked on at any time... for those individuals who want to accelerate the pace of their learning.


That indeed is very true! and I should have pointed that out. my bad :P
Last edited by millwalll on Thu Apr 28, 2011 10:46 am, edited 1 time in total.

Return to Career Central

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software