eovnu87435ds Posted November 2, 2010 Share Posted November 2, 2010 When I first found out about this whole Offensive Information Security, I thought it was the coolest thing in the world to actually be payed to do something as fun as finding flaws and exploits in a network environment. I've always wanted to take one of the classes offered by Offensive Security, but there were always a few things that stood in my way. First it was the money. $750 is a lot of money to throw at an online course that I want to take in my leisure time. Then, of course, school started up, which sucked up alot of my time, and I was in need for a new computer so most of my money went towards that. With my computer nearly done and winter break soon approaching, I am thinking of taking the plunge and signing up for the pentesting with backtrack 3.0 course, so that I can at least have the majority of it done by the time school starts back up. So before I decide to commit, I am trying to conduct a bit of research to see if it's really worth it. Has anyone here ever taken the course? If so, do you think it was worth it? Also, I'm a bit skeptical about this "Offensive Security Certified Professional" certificate. In the real world, how much merit is it actually worth? FWIW I'm majoring in Computer Engineering, which is a major that involves programming as much as it involves the hardware perspective of computers and embedded systems. I'm able to pick things up really quickly, so I do alot of technical and electronics-oriented stuff too(arduino, FIRST robotics competitions, graphic arts, technical theater and party DJing/lighting, with a little bit of web design) Quote Link to comment Share on other sites More sharing options...
c0r Posted November 2, 2010 Share Posted November 2, 2010 It's the best course around,but...with a little googling you can find everything yourself....for free. c Quote Link to comment Share on other sites More sharing options...
digip Posted November 3, 2010 Share Posted November 3, 2010 Offsec isn't so much about a cert or adding some letters after your name, its about actual physical penetration to do the tasks you would need in the real world. No text book answers or cram exams will help you pass their tests. There are no multiple choice guesses. You aren't going to read a book and memorize some test questions to pass like you could for a Microsoft or Cisco cert. Don't knock it, because their courses aren't a walk through, even for people who have been doing security for many years, and they update and change their labs around all the time to keep them fresh with the latest attacks. You have to actually hack machines and do stuff that no other tests out there really put you through. These are real machines in their network setup for you to penetrate and break into and you have to deliver the results or you fail. If you can do what they put you through in their courses, then you should be able to pass just about any other Security cert there is. Quote Link to comment Share on other sites More sharing options...
eovnu87435ds Posted November 3, 2010 Author Share Posted November 3, 2010 Offsec isn't so much about a cert or adding some letters after your name, its about actual physical penetration to do the tasks you would need in the real world. No text book answers or cram exams will help you pass their tests. There are no multiple choice guesses. You aren't going to read a book and memorize some test questions to pass like you could for a Microsoft or Cisco cert. Don't knock it, because their courses aren't a walk through, even for people who have been doing security for many years, and they update and change their labs around all the time to keep them fresh with the latest attacks. You have to actually hack machines and do stuff that no other tests out there really put you through. These are real machines in their network setup for you to penetrate and break into and you have to deliver the results or you fail. If you can do what they put you through in their courses, then you should be able to pass just about any other Security cert there is. I thought so... It's more like "here's how x works. now that you know how x works, go do task y," right? Basically, once you are taught the skill, you have to do an exercise that will use that skill, along with others you have learned already in order to accomplish it. Correct me if I'm wrong. Quote Link to comment Share on other sites More sharing options...
digip Posted November 3, 2010 Share Posted November 3, 2010 I thought so... It's more like "here's how x works. now that you know how x works, go do task y," right? Basically, once you are taught the skill, you have to do an exercise that will use that skill, along with others you have learned already in order to accomplish it. Correct me if I'm wrong. I really need to get my ass in gear and take the courses myself. Probably help me get a job quicker too. Their courses offer 30, 60 and 90 day packages, with the ability to purchase more lab time to prepare. I'd say just look at the syllabus for 1 of their multiple courses: http://www.offensive-security.com/document...h-backtrack.pdf There is a lot of info to learn in there, and its all real world usable stuff, so you decide where the value is, not us. Quote Link to comment Share on other sites More sharing options...
chikpee Posted November 4, 2010 Share Posted November 4, 2010 (edited) Some of my co-workers are trying to talk management into paying for their OSCP training and certification. I currently have a CEH (had to do self-study, no boot camp for me :( ) and I'd love to tackle OSCP someday as a natural progression of my pentesting eduaction. But for right now, I'm trying to get my CISSP done before the end of the year (highly unlikely, at this point), more as my employment-in-a-bad-economy "insurance policy" then really feeling it's going to teach me anything I don't already know. The HR peons most companies put in charge of screening resumes for infosec positions don't recognize certs like CEH or SSCP, both of which I unfortunately have...but the dim bulb over their head flickers up when they see Sec+ or especially CISSP. Though it's getting more name recognition, I'm afraid OSCP is kind of in that same category of stuff no one will know what it is unless they specifically ask for it in the job ad. Edited November 4, 2010 by chikpee Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted November 5, 2010 Share Posted November 5, 2010 Some of my co-workers are trying to talk management into paying for their OSCP training and certification. I currently have a CEH (had to do self-study, no boot camp for me :( ) and I'd love to tackle OSCP someday as a natural progression of my pentesting eduaction. If you don't mind me asking, did you do any training at all? Also what books did you buy? I am also thinking in getting CEH certified. Cheers Dude! Quote Link to comment Share on other sites More sharing options...
charm_quark Posted November 6, 2010 Share Posted November 6, 2010 (edited) well i'm curious, i was also thinking of doing CEH, but unfortunately/ fortunately im not in states, an i'm a student, is the EC- very strict about this If you have opted for self-study and not attended training, you must have at least two years of information security related experience. i have worked in sales, as a technician (3 years part time while I'm studying) ... but never in infosec, and i dont think there is any company that does that around here.. so what do i say in this form sorry i hijacked you thread :P edit: something weird, i went through the personvue site to register for CEH, logged in using my account. but they didn't ask me for the voucher the EC was talking about! Edited November 6, 2010 by charm_quark Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted November 6, 2010 Share Posted November 6, 2010 I have some knowledge of Information Security and I am very good with all areas of networking and servers. Quote Link to comment Share on other sites More sharing options...
charm_quark Posted November 6, 2010 Share Posted November 6, 2010 well in some fields so do i , but i'm just wondering how they decide if they will allow you to write! Quote Link to comment Share on other sites More sharing options...
chikpee Posted November 9, 2010 Share Posted November 9, 2010 @ Infiltrator Unfortunately, my company wouldn't shell out for the week-long boot camp, so I had to do self-study (already had more than the prerequisite 1 year of sec experience by that time). For self study, I used... Exam Cram CEH Guide Official EC-Counil CEH Review Guide Plus, a sh*tload of practice questions from a colleague who'd done the bootcamp The Exam Cram book is a little out-of-date (published in 2006), but was a very good resource. I would recommend it. The official EC-Council book was a waste of a good twenty bucks. Horrible, vague info (and the exam is very detail-oriented), and HORRIBLE editing. In fact, the most irritating thing of all was apparently someone did a Find->Replace on the entire document for the letters "be" that caused every sentence that started with them to be mashed into the previous one. And apparently, if you shell out the $500 for the official courseware and lesson plans (the CEH-bootcamp-in-a-box), the editing and spelling on it are even worse. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted November 10, 2010 Share Posted November 10, 2010 @ Infiltrator Unfortunately, my company wouldn't shell out for the week-long boot camp, so I had to do self-study (already had more than the prerequisite 1 year of sec experience by that time). For self study, I used... Exam Cram CEH Guide Official EC-Counil CEH Review Guide Plus, a sh*tload of practice questions from a colleague who'd done the bootcamp The Exam Cram book is a little out-of-date (published in 2006), but was a very good resource. I would recommend it. The official EC-Council book was a waste of a good twenty bucks. Horrible, vague info (and the exam is very detail-oriented), and HORRIBLE editing. In fact, the most irritating thing of all was apparently someone did a Find->Replace on the entire document for the letters "be" that caused every sentence that started with them to be mashed into the previous one. And apparently, if you shell out the $500 for the official courseware and lesson plans (the CEH-bootcamp-in-a-box), the editing and spelling on it are even worse. Do you have any other security certifications and other books to recommend at all. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.