Jump to content

Security Certs


HaX0r

Recommended Posts

Hi all,

Just a quick post about certs.

Im new to Security so thinking about doing Offensive Security course but need to save up ha ha.

I am currently a sys admin/devops and want to move into pen testing as thats where I have wanted to be for a long time.

Anyone else here done any similar certs? if so what was your experience, was it useful to do etc?

Link to comment
Share on other sites

Doing OSCP now. It's kicking my butt but it's fun. I am going to have to extend my lab time for a second time. Be sure to realize you need LOTS of time to go through the training, and then hack all the boxes in the lab (up to 60 if you want to crack them all) before you even think about taking the exam. You also have to be able to solve things on your own. There are things that aren't documented perfectly on purpose.

I've heard a lot of positive feedback about OSCP. Only drawbacks I've read about is that some things could be more up to date (but you learn a ton) and the only thing I personally see as negative is that a lot of people don't even know what the cert is. Some folks in InfoSec seem to only know about CEH, CISSP and SANS stuff. That doesn't mean it's not well worth the money which is a lot cheaper than any SANS class with a lot more hands on. I personally am a big fan of OSCP. I say go for it and you will not regret it.

Link to comment
Share on other sites

Doing OSCP now. It's kicking my butt but it's fun. I am going to have to extend my lab time for a second time. Be sure to realize you need LOTS of time to go through the training, and then hack all the boxes in the lab (up to 60 if you want to crack them all) before you even think about taking the exam. You also have to be able to solve things on your own. There are things that aren't documented perfectly on purpose.

I've heard a lot of positive feedback about OSCP. Only drawbacks I've read about is that some things could be more up to date (but you learn a ton) and the only thing I personally see as negative is that a lot of people don't even know what the cert is. Some folks in InfoSec seem to only know about CEH, CISSP and SANS stuff. That doesn't mean it's not well worth the money which is a lot cheaper than any SANS class with a lot more hands on. I personally am a big fan of OSCP. I say go for it and you will not regret it.

Yeah I hear its the go to course for hands on training for pen testing. Only area where I am weak is programming so not sure if I will need more practice as it deals with writing shell code.

Link to comment
Share on other sites

Well, it's mostly Python I think that could help you. The rest isn't too bad, although I can tell you that currently I'm having trouble wrapping my brain around Buffer Overflows and altering exploits to fit the situation. But I think if I go through about 10 more times I'll have those :)

Link to comment
Share on other sites

  • 1 month later...

Myself and a couple of other guys in my study group took our OSCP exams last week. Learning was hard as all heck, but man it was good times :D

Two of the four (myself included) that took it were able to pass.

The MOST IMPORTANT thing with OSCP is to DOCUMENT WELL!

If you guys want more pointers/help hit me up :D

BanjoFox

OSCP ;D

p.s. The course is not set on any one particular programming/scripting language. Many sample codes are in Python, but you also have to write a Bash script to automate pings, as well as modify exploits in C, ASP.NET, Perl, and Ruby (Metasploit module).

Edited by BanjoFox
Link to comment
Share on other sites

  • 1 month later...

I just booked in the other day, I start may 1st :wacko:

Apart from dabbling since childhood, my programming experience sits at around 11 chapters of "learn python the hard way"

I dabble with mint/xubuntu/kali/redhat. Lets just say my shell is soft.

I do have determination so how hard this ends up will be on my effort vs actual intellect. (ask me this again in 30days please lol)

I have Sec+ behind me so I am comfortable with concepts. Why am I doing it? 1. To prove to myself I can do this. 2. People told me I will fail. 3. I don't have 5k for GPEN. 4. Cause I will actually learn hands on.

Soo looking forward to this!

Link to comment
Share on other sites

Buffer Overflows, don't let the name scare you. Before I did my OSCP training that's all I had in mind. I was truly terrified of them. but once you dig in you'll see how easy it is
I literally solved the questions in the book and learned it in 6 hours. when you do your OSCE, and get into ASLR And DEP bypass. that's where you need to be afraid...be very afraid..

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...