confuscious1080 Posted November 26, 2017 Share Posted November 26, 2017 Anyone know of any affordable pen testing courses I cannot afford the OSCP and think the CEH is probably irrelevant. Was looking at some of Elearns courses specifically the EJPT but thought it may be to junior as I already have a Cisco CCNA in Cybersecurity Quote Link to comment Share on other sites More sharing options...
digininja Posted November 26, 2017 Share Posted November 26, 2017 Check pentester academy and security tube, well worth the money. Quote Link to comment Share on other sites More sharing options...
confuscious1080 Posted November 26, 2017 Author Share Posted November 26, 2017 Do you get certifications and exams for these courses though or are they just courses Quote Link to comment Share on other sites More sharing options...
digininja Posted November 26, 2017 Share Posted November 26, 2017 Why not go and look? Quote Link to comment Share on other sites More sharing options...
confuscious1080 Posted November 26, 2017 Author Share Posted November 26, 2017 Good Idea thank you for the replies they both look like very good websites I am also UK based myself Quote Link to comment Share on other sites More sharing options...
elkentaro Posted November 26, 2017 Share Posted November 26, 2017 8 hours ago, digininja said: Check pentester academy and security tube, well worth the money. Yep, +1 for Security Tube, even their free mega-primers are some solid courses. Quote Link to comment Share on other sites More sharing options...
digip Posted November 27, 2017 Share Posted November 27, 2017 The goal should be training, and not so much a certification. Certs are a bonus. Once you HAVE the training and some practical hands-on training, and can do all the things (or some) then I'd say shoot for things like your OSCP, Sans, etc. Employers want people with skills first, and certs, while a great foot in the door, can come later and many employers today, may be willing to even pay for your course if you want to get your OSCP, and you can tell them this when being interviewed, about your training goals. I'd say, do the hard work first, self training, etc, put the time and effort in, learn everything you have an interest in (even if just introducing the concepts into your daily work), and be passionate about what you want to do. People often hit plateaus, get discouraged, or even quit because they think they can't afford it, aren't learning fast enough, but I can tell you, if you really love what you're doing, you'll find a way to pay for those courses(eventually) and that should only be for you to validate to yourself you know and understand these things, and competently do them for a living, if that is your end goal. One thing you can also do to practice, VulnHub and Hack the Box CTF's, 2 free online resources with the ability to get hands-on experience, much like you would with the OSCP course's labs. You can self pace yourself, and use walkthroughs to help better understand some of the basics as well. Just understand, labs leave you to learn on your own, where training like Security Tube, is a learning side/book knowledge and examples, where OSCP, is both lecture, reading and video materials, and, full lab access to hack real networks(which is required to pass your exam). While OSCP might be too expensive for you now, I also wouldn't say waste your money if you aren't already at some level of experience getting shells on windows and linux machines and pivoting through them on a network. You'd be better served spending a few months getting acquainted with much of this through some of those other resources I and others listed here, and I'm sure some will offer some other alternatives too. Good luck!! Quote Link to comment Share on other sites More sharing options...
confuscious1080 Posted November 28, 2017 Author Share Posted November 28, 2017 Thank you for your detailed response on the subject at present I am reading through the Web Application Hackers Handbook had a recent interview for a pen test company and failed the test rig scored to low with regards to XSS and SQL injections. I have also been practicing more with Mutillidae. At present I have also just achieved a Cisco CCNA in Cyersecurity through their scholarship programme, this is where I believe that I learned the most especially with regards to network protocols and attacks ie ARP spoofing, DNS poisoning, DHCP starvation, MITM stuff on switched networks. Looking for more experience actually pen testing think I need to run through more CTF's have a solid knowledge of all the tools and how they work its just the looking through code and finding injection points in say HTML etc that lets me down as I have zero programming knowledge though picking up HTML, CSS and Javascript quite quick would also like to learn Python. Quote Link to comment Share on other sites More sharing options...
confuscious1080 Posted November 28, 2017 Author Share Posted November 28, 2017 Also reading Hacking the Art of Exploitation by Jon Eriksson but I find that really heavy going. Quote Link to comment Share on other sites More sharing options...
digininja Posted November 28, 2017 Share Posted November 28, 2017 For the real world side of this, get yourself to conventions. In the UK we have BSides {London, Leeds, Manchester}, SecuriTay, and, in my biased opinion, SteelCon. Various areas also have Defcon groups and OWASP chapters. The social side of security is a huge one when trying to get a job, there is a lot about who you know and who you impress at the right time. That doesn't mean you have to have amazing skills to impress, just be enthusiastic and show it. Most smaller firms, when they hire, they hire on enthusiasm and if you are at a con raving about the talk you've just seen or the lab you've just built at home then it will do you a lot better than any cert will do. Quote Link to comment Share on other sites More sharing options...
confuscious1080 Posted November 28, 2017 Author Share Posted November 28, 2017 Yeah that is true I do not really have any connections at all in the real world concerning it I have a LInkedin people and also people I met on my Cisco course but I have not met any of them in real life lol Quote Link to comment Share on other sites More sharing options...
digininja Posted November 28, 2017 Share Posted November 28, 2017 Get out and meet people then. Most of the people I know who change jobs, do it as a result of who they know in the new company, especially in either smaller firms or big firms with dedicated security teams. Another option is to get a job with your current skills in a company that has a security team and then somehow slide your way across. Become the bridge between your team and theirs or put in some extra hours helping them with things. I was on site with a client a few weeks ago just as a guy was moving from basic call centre member to the security team. He had introduced himself to the head of security, told her what he wanted to do then put in hours to prove it. Was really good to see him swap his call centre ID for a security one. He was mostly self taught in a small Scottish town with very little local resources. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.