.

SANS vs Offensive Security

<<

pharmerjoe

Newbie
Newbie

Posts: 14

Joined: Sun Jan 29, 2012 1:45 pm

Post Fri Feb 17, 2012 3:07 pm

SANS vs Offensive Security

Ok, I'm opening a can of worms, and there will be a lot of testosterone being thrown about  ;D While it is hard to say for sure, I think most would agree SANS and OffSec have probably the best hacking courses in the world, at the moment. While OffSec has a much more hands-on approach and is miles better in that respect as well as the examination, in terms of actual course content and what they cover, is SANS superior (esp. when taking 660 ans 710 into account)? And lets completely disregard the cost.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Feb 17, 2012 3:17 pm

Re: SANS vs Offensive Security

I can't speak for SANS' courses, as I've not taken them.  I took the GPEN exam, and was able to complete that without a class, so I'm not a big fan of written exams.  Book knowledge is easy to attain.  

That said, I would love to take 542 and compare it to OffSec's stuff, as I think the web-app angle and techniques taught by Kevin and the SANS instructors are likely really good. So I think that's one area I'd be interested to hear about, as well.

But in terms of examination and actual certification, nothing, IMHO, compares to hands-on, practical exams.  And OffSec has pretty much locked in a solid title, on that (short of sil's "Real World" course he talked about, a while back, which sounds even deeper, so maybe someday, I'll be able to jump into that one, too...)

I'm content, right now, working on OSCE, so I'll save my other thoughts for later.   ;)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Fri Feb 17, 2012 3:34 pm

Re: SANS vs Offensive Security

I think they're complimentary. For example, compare GPEN and OSCP. OSCP is undoubtedly more technical and hands-on, but GPEN also covers more legal issues, presentation, and other business issues. I can't speak to any of the more advanced material from either at this time, but I would suspect that you will find they each have strengths and weakness. If you can only choose one, you should compare the course breakdown and syllabus to determine which one would be most appropriate for you.
The day you stop learning is the day you start becoming obsolete.
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Fri Feb 17, 2012 4:02 pm

Re: SANS vs Offensive Security

I have taken courses from both organisations. I think they complement each other quite well. there are however a few differences:

Support
----------------
SANS: If you go the ondemand route then you have access to a virtual mentor for a period of 4 months. They will answer just about ANY question you throw at them. And the turnaround times are usually quick. In my experience the VM[Virtual Mentors] have been quite knowledgeable.

OFFSEC: You are essentially on your own. In most instances you have to reach out to other students for assistance. It gets frustrating at times especially when your back is against the wall and you are told to "Try Harder".

Content
------------------
SANS: The material is solid although I have found a few instances where the material was incorrect or riddled with typos. They also seem to cover a broader range topics. So for instance the GPEN took the student through the entire sequence of events to perform a pentest - get out of jail free card, scoping, laws, rules of engagement and a host of other soft topics.

OFFSEC: Here again, the material is very good. It does however tend to be a bit more focused.

Labs
-----------------
OFFSEC: Hands down the best lab I have experienced to date. And this is both in terms of layout and exercises.

Course Material:
SANS: You actually recieve text books that you can add to your library I guess. The content is well laid out and easy to get through.

OFFSEC: You receieve a water marked pdf file. So in the end it boils down to preference. A pdf you can always take with you. Walking around with a bag full of books ................

Exam
----------------------
SANS: Still multiple choice. Now even though this is open book, if you do not KNOW the material you will still have a hard time passing.

OFFSEC:To the DEATH. Enough said :)

Offerings:
SANS: Has a wider array of certifications to choose from. However OFFSEC has recently added a few new ones.

In the end it boils down to your learning style. If you want guidance and a bit of hand holding then go SANS. If you want to suffer immense pain then go OSCP. For best results do them both.
Last edited by Dark_Knight on Fri Feb 17, 2012 4:07 pm, edited 1 time in total.
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

hell_razor

User avatar

Jr. Member
Jr. Member

Posts: 90

Joined: Wed Jul 14, 2010 10:44 am

Post Fri Feb 17, 2012 4:33 pm

Re: SANS vs Offensive Security

Another thought that applies to many security professionals, SANS is DoD compliant in much of their coursework, and I am not so sure OffSec will help you there.  I am not saying SANS is better, just perhaps better represented in the govt.
A+, Network+, Server+, CISSP, GSEC, GCIH, GPEN, GCIA, GISP, GCFW
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Fri Feb 17, 2012 6:56 pm

Re: SANS vs Offensive Security

hayabusa wrote:That said, I would love to take 542 and compare it to OffSec's stuff, as I think the web-app angle and techniques taught by Kevin and the SANS instructors are likely really good. So I think that's one area I'd be interested to hear about, as well.


It is possible to pass GWAPT without studying, I was lucky to be offered a practice exam last year and the exam was okay, but I wasn't intrigued. The SEC542 course, will teach you the basics, but won't teach you any advanced stuff, or for that sake give you the practical hands-on you really want to learn, at least, that's what a live-class student told me after I had a few sessions with him (for free and fun) in 2011 or 2010.

Not saying it's a bad course, just keep in mind you won't become a real web app sec pro, but you'll cover a lot of different topics, and dive into topics not many other courses provide, but it still lacks some of the really interesting and cool topics, but that can change of course  :)
I'm an InterN0T'er
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Feb 17, 2012 8:54 pm

Re: SANS vs Offensive Security

Well, that pretty much answers that.  While I was intrigued, if it was as much book as the GPEN, then it wasn't something I'd want to fork the cash out on.  I had another EH-net'er I was talking to, on PM, today, who told me if I can get through WAHH2, I could likely pass GWAPT.  So I think I'll save the money, perhaps just take the exam, at some point, and save my cash.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Fri Feb 17, 2012 10:03 pm

Re: SANS vs Offensive Security

hayabusa wrote:I had another EH-net'er I was talking to, on PM, today, who told me if I can get through WAHH2, I could likely pass GWAPT.  So I think I'll save the money, perhaps just take the exam, at some point, and save my cash.


That's my plan as well. I ordered WAHH2 yesterday and will probably make an exam attempt in the next 2-3 months. I'll definitely keep you posted.
The day you stop learning is the day you start becoming obsolete.
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Mon Feb 20, 2012 11:57 am

Re: SANS vs Offensive Security

Since the SANS courses prepare you for the GIAC certs, it certainly has more recognition by non-security folk (HR) than OffSec.  But that hopefully will change.  I would also agree about the DoD compliance.  OffSec can certainly compliment the SANS material by giving you that much needed hands-on experience.  If need be you can always emphasize the OffSec material in your cover letter or during phone interviews.

Also OffSec is more of a time investment than a monetary one.  SANS is pretty structured.  Get through material, take 1st practice test, review your weak areas and mark the hell out of your books.  Take 2nd practice exam if you think you need to and then go take the real exam.

OffSec - here is the content, we will give you a taste, here is the lab, go have some fun.  Now, do it for real and give us a report on your findings!  I really like the courses that emphasize the report writing.
Certs: GCWN
(@)Dewser

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software