Jump to content

Offsec Training Courses, Any Good?


eovnu87435ds

Recommended Posts

When I first found out about this whole Offensive Information Security, I thought it was the coolest thing in the world to actually be payed to do something as fun as finding flaws and exploits in a network environment. I've always wanted to take one of the classes offered by Offensive Security, but there were always a few things that stood in my way. First it was the money. $750 is a lot of money to throw at an online course that I want to take in my leisure time. Then, of course, school started up, which sucked up alot of my time, and I was in need for a new computer so most of my money went towards that. With my computer nearly done and winter break soon approaching, I am thinking of taking the plunge and signing up for the pentesting with backtrack 3.0 course, so that I can at least have the majority of it done by the time school starts back up. So before I decide to commit, I am trying to conduct a bit of research to see if it's really worth it.

Has anyone here ever taken the course? If so, do you think it was worth it?

Also, I'm a bit skeptical about this "Offensive Security Certified Professional" certificate. In the real world, how much merit is it actually worth?

FWIW I'm majoring in Computer Engineering, which is a major that involves programming as much as it involves the hardware perspective of computers and embedded systems. I'm able to pick things up really quickly, so I do alot of technical and electronics-oriented stuff too(arduino, FIRST robotics competitions, graphic arts, technical theater and party DJing/lighting, with a little bit of web design)

Link to comment
Share on other sites

Offsec isn't so much about a cert or adding some letters after your name, its about actual physical penetration to do the tasks you would need in the real world. No text book answers or cram exams will help you pass their tests. There are no multiple choice guesses. You aren't going to read a book and memorize some test questions to pass like you could for a Microsoft or Cisco cert.

Don't knock it, because their courses aren't a walk through, even for people who have been doing security for many years, and they update and change their labs around all the time to keep them fresh with the latest attacks. You have to actually hack machines and do stuff that no other tests out there really put you through. These are real machines in their network setup for you to penetrate and break into and you have to deliver the results or you fail.

If you can do what they put you through in their courses, then you should be able to pass just about any other Security cert there is.

Link to comment
Share on other sites

Offsec isn't so much about a cert or adding some letters after your name, its about actual physical penetration to do the tasks you would need in the real world. No text book answers or cram exams will help you pass their tests. There are no multiple choice guesses. You aren't going to read a book and memorize some test questions to pass like you could for a Microsoft or Cisco cert.

Don't knock it, because their courses aren't a walk through, even for people who have been doing security for many years, and they update and change their labs around all the time to keep them fresh with the latest attacks. You have to actually hack machines and do stuff that no other tests out there really put you through. These are real machines in their network setup for you to penetrate and break into and you have to deliver the results or you fail.

If you can do what they put you through in their courses, then you should be able to pass just about any other Security cert there is.

I thought so... It's more like "here's how x works. now that you know how x works, go do task y," right? Basically, once you are taught the skill, you have to do an exercise that will use that skill, along with others you have learned already in order to accomplish it. Correct me if I'm wrong.

Link to comment
Share on other sites

I thought so... It's more like "here's how x works. now that you know how x works, go do task y," right? Basically, once you are taught the skill, you have to do an exercise that will use that skill, along with others you have learned already in order to accomplish it. Correct me if I'm wrong.

I really need to get my ass in gear and take the courses myself. Probably help me get a job quicker too.

Their courses offer 30, 60 and 90 day packages, with the ability to purchase more lab time to prepare.

I'd say just look at the syllabus for 1 of their multiple courses: http://www.offensive-security.com/document...h-backtrack.pdf

There is a lot of info to learn in there, and its all real world usable stuff, so you decide where the value is, not us.

Link to comment
Share on other sites

Some of my co-workers are trying to talk management into paying for their OSCP training and certification. I currently have a CEH (had to do self-study, no boot camp for me :( ) and I'd love to tackle OSCP someday as a natural progression of my pentesting eduaction.

But for right now, I'm trying to get my CISSP done before the end of the year (highly unlikely, at this point), more as my employment-in-a-bad-economy "insurance policy" then really feeling it's going to teach me anything I don't already know.

The HR peons most companies put in charge of screening resumes for infosec positions don't recognize certs like CEH or SSCP, both of which I unfortunately have...but the dim bulb over their head flickers up when they see Sec+ or especially CISSP. :lol:

Though it's getting more name recognition, I'm afraid OSCP is kind of in that same category of stuff no one will know what it is unless they specifically ask for it in the job ad.

Edited by chikpee
Link to comment
Share on other sites

Some of my co-workers are trying to talk management into paying for their OSCP training and certification. I currently have a CEH (had to do self-study, no boot camp for me :( ) and I'd love to tackle OSCP someday as a natural progression of my pentesting eduaction.

If you don't mind me asking, did you do any training at all? Also what books did you buy?

I am also thinking in getting CEH certified.

Cheers Dude!

Link to comment
Share on other sites

well i'm curious, i was also thinking of doing CEH, but unfortunately/ fortunately im not in states, an i'm a student, is the EC- very strict about this

If you have opted for self-study and not attended training, you must have at least two years of information security related experience.

i have worked in sales, as a technician (3 years part time while I'm studying) ... but never in infosec, and i dont think there is any company that does that around here.. so what do i say in this form

sorry i hijacked you thread :P

edit: something weird, i went through the personvue site to register for CEH, logged in using my account. but they didn't ask me for the voucher the EC was talking about!

Edited by charm_quark
Link to comment
Share on other sites

I have some knowledge of Information Security and I am very good with all areas of networking and servers.

Link to comment
Share on other sites

@ Infiltrator

Unfortunately, my company wouldn't shell out for the week-long boot camp, so I had to do self-study (already had more than the prerequisite 1 year of sec experience by that time).

For self study, I used...

Exam Cram CEH Guide

Official EC-Counil CEH Review Guide

Plus, a sh*tload of practice questions from a colleague who'd done the bootcamp

The Exam Cram book is a little out-of-date (published in 2006), but was a very good resource. I would recommend it.

The official EC-Council book was a waste of a good twenty bucks. Horrible, vague info (and the exam is very detail-oriented), and HORRIBLE editing. In fact, the most irritating thing of all was apparently someone did a Find->Replace on the entire document for the letters "be" that caused every sentence that started with them to be mashed into the previous one. And apparently, if you shell out the $500 for the official courseware and lesson plans (the CEH-bootcamp-in-a-box), the editing and spelling on it are even worse.

Link to comment
Share on other sites

@ Infiltrator

Unfortunately, my company wouldn't shell out for the week-long boot camp, so I had to do self-study (already had more than the prerequisite 1 year of sec experience by that time).

For self study, I used...

Exam Cram CEH Guide

Official EC-Counil CEH Review Guide

Plus, a sh*tload of practice questions from a colleague who'd done the bootcamp

The Exam Cram book is a little out-of-date (published in 2006), but was a very good resource. I would recommend it.

The official EC-Council book was a waste of a good twenty bucks. Horrible, vague info (and the exam is very detail-oriented), and HORRIBLE editing. In fact, the most irritating thing of all was apparently someone did a Find->Replace on the entire document for the letters "be" that caused every sentence that started with them to be mashed into the previous one. And apparently, if you shell out the $500 for the official courseware and lesson plans (the CEH-bootcamp-in-a-box), the editing and spelling on it are even worse.

Do you have any other security certifications and other books to recommend at all.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...