HaX0r Posted January 25, 2016 Share Posted January 25, 2016 Hi all, Just a quick post about certs. Im new to Security so thinking about doing Offensive Security course but need to save up ha ha. I am currently a sys admin/devops and want to move into pen testing as thats where I have wanted to be for a long time. Anyone else here done any similar certs? if so what was your experience, was it useful to do etc? Quote Link to comment Share on other sites More sharing options...
FlashB Posted January 25, 2016 Share Posted January 25, 2016 Doing OSCP now. It's kicking my butt but it's fun. I am going to have to extend my lab time for a second time. Be sure to realize you need LOTS of time to go through the training, and then hack all the boxes in the lab (up to 60 if you want to crack them all) before you even think about taking the exam. You also have to be able to solve things on your own. There are things that aren't documented perfectly on purpose. I've heard a lot of positive feedback about OSCP. Only drawbacks I've read about is that some things could be more up to date (but you learn a ton) and the only thing I personally see as negative is that a lot of people don't even know what the cert is. Some folks in InfoSec seem to only know about CEH, CISSP and SANS stuff. That doesn't mean it's not well worth the money which is a lot cheaper than any SANS class with a lot more hands on. I personally am a big fan of OSCP. I say go for it and you will not regret it. Quote Link to comment Share on other sites More sharing options...
HaX0r Posted January 25, 2016 Author Share Posted January 25, 2016 Doing OSCP now. It's kicking my butt but it's fun. I am going to have to extend my lab time for a second time. Be sure to realize you need LOTS of time to go through the training, and then hack all the boxes in the lab (up to 60 if you want to crack them all) before you even think about taking the exam. You also have to be able to solve things on your own. There are things that aren't documented perfectly on purpose. I've heard a lot of positive feedback about OSCP. Only drawbacks I've read about is that some things could be more up to date (but you learn a ton) and the only thing I personally see as negative is that a lot of people don't even know what the cert is. Some folks in InfoSec seem to only know about CEH, CISSP and SANS stuff. That doesn't mean it's not well worth the money which is a lot cheaper than any SANS class with a lot more hands on. I personally am a big fan of OSCP. I say go for it and you will not regret it. Yeah I hear its the go to course for hands on training for pen testing. Only area where I am weak is programming so not sure if I will need more practice as it deals with writing shell code. Quote Link to comment Share on other sites More sharing options...
FlashB Posted January 25, 2016 Share Posted January 25, 2016 Well, it's mostly Python I think that could help you. The rest isn't too bad, although I can tell you that currently I'm having trouble wrapping my brain around Buffer Overflows and altering exploits to fit the situation. But I think if I go through about 10 more times I'll have those :) Quote Link to comment Share on other sites More sharing options...
HaX0r Posted January 26, 2016 Author Share Posted January 26, 2016 Yeah buffer overflow sounds tough! Il start to download pre made vulnerable vms to play around with. Quote Link to comment Share on other sites More sharing options...
BanjoFox Posted March 8, 2016 Share Posted March 8, 2016 (edited) Myself and a couple of other guys in my study group took our OSCP exams last week. Learning was hard as all heck, but man it was good times :D Two of the four (myself included) that took it were able to pass. The MOST IMPORTANT thing with OSCP is to DOCUMENT WELL! If you guys want more pointers/help hit me up :D BanjoFox OSCP ;D p.s. The course is not set on any one particular programming/scripting language. Many sample codes are in Python, but you also have to write a Bash script to automate pings, as well as modify exploits in C, ASP.NET, Perl, and Ruby (Metasploit module). Edited March 8, 2016 by BanjoFox Quote Link to comment Share on other sites More sharing options...
theblacksheep Posted April 16, 2016 Share Posted April 16, 2016 I'm also new to the scene, is there any guide for me to better start off? Quote Link to comment Share on other sites More sharing options...
Sinn3rman Posted April 23, 2016 Share Posted April 23, 2016 I just booked in the other day, I start may 1st Apart from dabbling since childhood, my programming experience sits at around 11 chapters of "learn python the hard way" I dabble with mint/xubuntu/kali/redhat. Lets just say my shell is soft. I do have determination so how hard this ends up will be on my effort vs actual intellect. (ask me this again in 30days please lol) I have Sec+ behind me so I am comfortable with concepts. Why am I doing it? 1. To prove to myself I can do this. 2. People told me I will fail. 3. I don't have 5k for GPEN. 4. Cause I will actually learn hands on. Soo looking forward to this! Quote Link to comment Share on other sites More sharing options...
ale Posted April 24, 2016 Share Posted April 24, 2016 Buffer Overflows, don't let the name scare you. Before I did my OSCP training that's all I had in mind. I was truly terrified of them. but once you dig in you'll see how easy it isI literally solved the questions in the book and learned it in 6 hours. when you do your OSCE, and get into ASLR And DEP bypass. that's where you need to be afraid...be very afraid.. Quote Link to comment Share on other sites More sharing options...
BanjoFox Posted April 25, 2016 Share Posted April 25, 2016 For those who are about to OSCP... I give you this. Lord of the Root https://www.vulnhub.com/entry/lord-of-the-root-101,129/ Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.