+ Reply to Thread
Page 1 of 2 1 2 Last
Results 1 to 25 of 26
  1. Junior Member Registered Member
    Join Date
    Jul 2017
    Posts
    1
    #1

    Default Pentesting course advise

    I hope someone can advise me as to the best next course to take career-wise. I realize there are many of these types of posts, however this one is more pentesting specifically.


    I'm a woman in the IT Security industry, as a junior Pentester (learning on the job, with guidance from a more senior pentester). I've recently passed my CEH and now am eager to do a more hands on practical course in pentesting.


    Do I go with EC-council's LPT/ECSA (one week bootcamp), eLearnings online eCPPT (at may own pace) or the ultimate Ofensive Sec's OSCP (3-months - although i'm concerned this might be a VERY steep learning curve)? Or are there other options that i'm missing here?


    Any advise would be much appreciated.

    Thanks
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    May 2006
    Posts
    1,863

    Certifications
    CISSP, CCSP, eJPT, ITIL,PA ACE,Qualys Certified Specialist, A+
    #2
    Look at the eJPT from elearnsecurity, that's the foundation for the other elearnsecurity paths.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Dec 2007
    Location
    Grand Rapids, Michigan
    Posts
    1,833

    Certifications
    Network+ : A+ : Security+ : eJPT : Life+
    #3
    The eJPT is a great starting course. It's hands on but you answer questions. People have went from eJPT to eCPPT and then OSCP, eCPPT then OSCP or just OSCP. The OSCP is what people are asking compared to the eJPT and eCPPT.
    Booya!!
    ------------------------------------------------------------------------------------------
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
    Reply With Quote Quote  

  5. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #4
    If your company is buying, look into SANS stuff. If you are paying, stick with Elearn until you are ready for the OSCP course.
    Reply With Quote Quote  

  6. Member
    Join Date
    May 2017
    Posts
    89
    #5
    Quote Originally Posted by jamesleecoleman View Post
    The eJPT is a great starting course. It's hands on but you answer questions. People have went from eJPT to eCPPT and then OSCP, eCPPT then OSCP or just OSCP. The OSCP is what people are asking compared to the eJPT and eCPPT.
    it is would be big jump if from eJPT to OSCP direct without eCPPT ?
    Reply With Quote Quote  

  7. Junior Member
    Join Date
    Jun 2016
    Posts
    20
    #6
    What kind of tasks do you do in your current job? What do you manage just fine, and when do you need guidance from your mentor? Since you actually have some experience in the field, I'd look over the syllabus of all your candidates and think about (discuss with your mentor as well!) what the proper startinig point is. If you're doing well in your current role, I don't see why you would need the eJPT. The eCPPT could be a good exercise, and make you more independent in your current job. The exam emulates a real-world engagement with quality reporting. The OSCP is better recognized and is considered a greater challenge, although I'm witholding my judgement until I have attempted it.

    The eLS exams don't expire if you buy the highest price plan, depending on how much time you have that may be a factor (the lab hours you buy do expire though, they are good for two years).

    Either way, follow ElearnSecurity on Twitter, and sign up for their newsletter. They usually have a promotion during late July/August IIRC. Also, they regularly give out invitations to the eJPT course (material only, no labs or exam) on Twitter and Reddit, which will give you an impression of their course structure and platform.

    The OSCP is more recognized, and at the moment has higher value on a resume. If it's your own money, think about what's important to you. The eCPPT will give you more or less complete material with a flexible schedule and a real-world exam scenario to talk about, the OSCP will give you resume value and recognition. On the technical skills they teach they are fairly equal, from my research, with OSCP additionally showing an ability to do your own research.
    Last edited by boot; 07-10-2017 at 03:35 PM. Reason: Removed a sentence that wasn't right for this thread.
    Reply With Quote Quote  

  8. Member
    Join Date
    Nov 2016
    Location
    Iowa
    Posts
    62

    Certifications
    OSCP, CISSP, Sec+
    #7
    What is your background and what are your daily duties as a junior pen tester? The more broad your background and the more things you do day-to-day, the more of a headstart you'll have in aiming high.
    -------------------------------------------------------
    Security Engineer/Analyst/Geek, Pen Testing
    Reply With Quote Quote  

  9. Member
    Join Date
    May 2017
    Posts
    89
    #8
    Quote Originally Posted by boot View Post
    What kind of tasks do you do in your current job? What do you manage just fine, and when do you need guidance from your mentor? Since you actually have some experience in the field, I'd look over the syllabus of all your candidates and think about (discuss with your mentor as well!) what the proper startinig point is. If you're doing well in your current role, I don't see why you would need the eJPT. The eCPPT could be a good exercise, and make you more independent in your current job. The exam emulates a real-world engagement with quality reporting. The OSCP is better recognized and is considered a greater challenge, although I'm witholding my judgement until I have attempted it.

    The eLS exams don't expire if you buy the highest price plan, depending on how much time you have that may be a factor (the lab hours you buy do expire though, they are good for two years).

    Either way, follow ElearnSecurity on Twitter, and sign up for their newsletter. They usually have a promotion during late July/August IIRC. Also, they regularly give out invitations to the eJPT course (material only, no labs or exam) on Twitter and Reddit, which will give you an impression of their course structure and platform.

    The OSCP is more recognized, and at the moment has higher value on a resume. If it's your own money, think about what's important to you. The eCPPT will give you more or less complete material with a flexible schedule and a real-world exam scenario to talk about, the OSCP will give you resume value and recognition. On the technical skills they teach they are fairly equal, from my research, with OSCP additionally showing an ability to do your own research.
    you mean between OSCP and eCCPT the difficulty level to pass the exam almost the same ?
    Reply With Quote Quote  

  10. Junior Member
    Join Date
    Jun 2016
    Posts
    20
    #9
    Quote Originally Posted by vynx View Post
    you mean between OSCP and eCCPT the difficulty level to pass the exam almost the same ?
    Overall, yes, that seems to be the consensus among those with first-hand experience. They are difficult in different ways, but the technical skills they demand seem to be roughly the same. Both courses require you to understand how things work. The studies aren't about learning and memorizing, they're all about practicing and understanding.

    Both exams are two-parted, first part is penetration testing and second part is report writing. The OSCP is 2x24 hours, the eCPPT is 2x7 days, so obviously you have more time to think during the eCPPT.
    Reply With Quote Quote  

  11. Member
    Join Date
    May 2017
    Posts
    89
    #10
    Quote Originally Posted by boot View Post
    Overall, yes, that seems to be the consensus among those with first-hand experience. They are difficult in different ways, but the technical skills they demand seem to be roughly the same. Both courses require you to understand how things work. The studies aren't about learning and memorizing, they're all about practicing and understanding.

    Both exams are two-parted, first part is penetration testing and second part is report writing. The OSCP is 2x24 hours, the eCPPT is 2x7 days, so obviously you have more time to think during the eCPPT.
    can you give real example you mean difficult in different ways ?
    Reply With Quote Quote  

  12. Junior Member
    Join Date
    Jun 2016
    Posts
    20
    #11
    • eCPPT is 14 days, OSCP is 2 days. While the eCPPT probably has more targets/work to be done, it's not 7 times the workload of the OSCP. More time per target, if you're stuck you can research, sit back, and think.
    • Both require reports. OSCP provides example reports, eCPPT provides a general reporting guide. eLS seems to weigh the report higher than OSCP. If you're a bad writer, passing the eCPPT report evaluation will likely be more challenging. According to eLS, most students who fail do so because their report is bad, not because they failed to compromise the targets.

    Is that real enough?
    Reply With Quote Quote  

  13. Member
    Join Date
    May 2017
    Posts
    89
    #12
    Quote Originally Posted by boot View Post
    • eCPPT is 14 days, OSCP is 2 days. While the eCPPT probably has more targets/work to be done, it's not 7 times the workload of the OSCP. More time per target, if you're stuck you can research, sit back, and think.
    • Both require reports. OSCP provides example reports, eCPPT provides a general reporting guide. eLS seems to weigh the report higher than OSCP. If you're a bad writer, passing the eCPPT report evaluation will likely be more challenging. According to eLS, most students who fail do so because their report is bad, not because they failed to compromise the targets.
    Is that real enough?
    thats very clear for the exam related, anyway can you give real example for the labs and material ? i really appreciate your information
    Reply With Quote Quote  

  14. Member
    Join Date
    Feb 2017
    Location
    Washington
    Posts
    55

    Certifications
    CEHv9, OSWP, eJPT, A+, Security+, Linux+, LPIC-1, CCENT, Linux Essentials
    #13
    The labs are where the biggest difference and way of approach vary. OSCP opens you up to a lab of about 50 or so host that you have free reign to hack away at. There are some subtle hints in the forums and from the admins, but in large part you will have to figure out how to compromise these hosts on your own, which is where you really learn from your own experience. That's the real value in pursuing OSCP.

    eCPPT has the Hera labs which are much more focused. If your lab is about SMB enumeration, your going to be practicing SMB enumeration and if you can't quite figure out the objective there's a guide to help walk you through it. Much more "Hand Holding" approach in these labs. You still learn a lot but not much outside of the course, while OSCP requires a TON of self research and study outside the material to progress in the labs.

    Both labs teach you a lot, but in my honest opinion the OSCP labs are much better for learning and for actual experience. I've done labs for both and have attempted both exams so ask whatever you would like and I'll answer as best I can without violating the NDAs.
    Reply With Quote Quote  

  15. Member
    Join Date
    May 2017
    Posts
    89
    #14
    Quote Originally Posted by airzero View Post
    The labs are where the biggest difference and way of approach vary. OSCP opens you up to a lab of about 50 or so host that you have free reign to hack away at. There are some subtle hints in the forums and from the admins, but in large part you will have to figure out how to compromise these hosts on your own, which is where you really learn from your own experience. That's the real value in pursuing OSCP.

    eCPPT has the Hera labs which are much more focused. If your lab is about SMB enumeration, your going to be practicing SMB enumeration and if you can't quite figure out the objective there's a guide to help walk you through it. Much more "Hand Holding" approach in these labs. You still learn a lot but not much outside of the course, while OSCP requires a TON of self research and study outside the material to progress in the labs.

    Both labs teach you a lot, but in my honest opinion the OSCP labs are much better for learning and for actual experience. I've done labs for both and have attempted both exams so ask whatever you would like and I'll answer as best I can without violating the NDAs.
    for the labs,is both OSCP and eCCPT have workaround or solutions if we stuck and dont know what to do for "capture the flag"?
    Reply With Quote Quote  

  16. Member
    Join Date
    Feb 2017
    Location
    Washington
    Posts
    55

    Certifications
    CEHv9, OSWP, eJPT, A+, Security+, Linux+, LPIC-1, CCENT, Linux Essentials
    #15
    eCPPT labs do have a guide for if you get stuck and can't figure it out. OSCP has no guides to solutions, but there are some hints you can find in the student forums if you get stuck.
    Reply With Quote Quote  

  17. Member
    Join Date
    May 2017
    Posts
    89
    #16
    Quote Originally Posted by airzero View Post
    eCPPT labs do have a guide for if you get stuck and can't figure it out. OSCP has no guides to solutions, but there are some hints you can find in the student forums if you get stuck.
    student forums mean closed forum only for the student?
    Reply With Quote Quote  

  18. Member
    Join Date
    Feb 2017
    Location
    Washington
    Posts
    55

    Certifications
    CEHv9, OSWP, eJPT, A+, Security+, Linux+, LPIC-1, CCENT, Linux Essentials
    #17
    Yes. Once you register for the course you will get lifetime access to the forums.
    Reply With Quote Quote  

  19. Member
    Join Date
    Mar 2013
    Posts
    63

    Certifications
    CISSP, OSCP, GWAPT, IAM
    #18
    I started the OSCP within a couple months of starting my first pentest job. It was a great experience, but it would have been better if I had prepared for the course a head of time. The eLearn Security courses are good, I took the web app pentesting course and the mobile pentesting course. Cybrary.it has some great free courses and several pentesting courses. The Advance Pentesting course is based on Georgia Weidman's book Penetration Testing:A Hands-On Introduction to Hacking. The book and Cybrary course would be good to build your base and prepare you for the OSCP. The OSCP cert and lab is a great experience and the OSCP has helped me in my career. Build your own lab, and or download vulnerable VMs and practice with them. There are walkthroughs for the vulnerable VMs, which will help.
    Reply With Quote Quote  

  20. Member
    Join Date
    May 2017
    Posts
    89
    #19
    Quote Originally Posted by airzero View Post
    The labs are where the biggest difference and way of approach vary. OSCP opens you up to a lab of about 50 or so host that you have free reign to hack away at. There are some subtle hints in the forums and from the admins, but in large part you will have to figure out how to compromise these hosts on your own, which is where you really learn from your own experience. That's the real value in pursuing OSCP.

    eCPPT has the Hera labs which are much more focused. If your lab is about SMB enumeration, your going to be practicing SMB enumeration and if you can't quite figure out the objective there's a guide to help walk you through it. Much more "Hand Holding" approach in these labs. You still learn a lot but not much outside of the course, while OSCP requires a TON of self research and study outside the material to progress in the labs.

    Both labs teach you a lot, but in my honest opinion the OSCP labs are much better for learning and for actual experience. I've done labs for both and have attempted both exams so ask whatever you would like and I'll answer as best I can without violating the NDAs.
    with 50 lab, it is realistic to make it done in 30 days ? i just thinking if we work from mon to fri, and we only have time after office hour to learn it. can i know based on your experience, how long it will take to finish 50 lab ?
    Reply With Quote Quote  

  21. Junior Member
    Join Date
    Sep 2015
    Posts
    23

    Certifications
    OSCE, OSCP, CEH, CCSK, MCSA
    #20
    Quote Originally Posted by vynx View Post
    with 50 lab, it is realistic to make it done in 30 days ? i just thinking if we work from mon to fri, and we only have time after office hour to learn it. can i know based on your experience, how long it will take to finish 50 lab ?
    It depends how much time you can spend on it. I did it in 30 days with full time job (actually I did get 60 days lab time, but got all the lab machines within the first 30 days, and then scheduled the exam as soon as they had dates available)
    Reply With Quote Quote  

  22. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #21
    50 boxes in 30 days is a daunting task for any unseasoned computer lover.
    If you are new to the game, opt for 60 or 90 days.
    You don't need to pop all 50 to take the test, but you need more than 10 if you plan on turning in a lab report.
    Reply With Quote Quote  

  23. Senior Member kMastaFlash's Avatar
    Join Date
    Aug 2012
    Posts
    876

    Certifications
    A+, Network+,Security+, EMCISA v2, MCP, MTAx2 , MCPS, CCENT, CCNA R&S,C|EH,C|HFI,MCTS, Linux+,LPIC-1,E|CSS,E|CES,GPEN,OSWP,Server+,LPT,GCIH
    #22
    I say in all honesty, practice with some VMs from Vulnhub before deciding to invest the money into ECSA/LPT or any other certifications. CEH will give you a theory methodology to follow and the different steps. Try the Vulnhub VMs before so you can see what it is really all about. Looks can be deceiving! OSCP is way to much for someone with just a CEH. If you have you GPEN and do OSCP that is one thing. Even ECSA will be a lot since they have the pen test challenge only valid for 30 days of access. That's my 2 cents but OP will do what they want anyways.l
    2017:E|CSA E|CSP,E|CIH,eLearnSecurity,CSA+ Courses 2018: C|ND,ICND2,CCSK,CISSP,CCNA-Security 2019: CWNA 2020: LPIC-2
    Reply With Quote Quote  

  24. Member
    Join Date
    May 2017
    Posts
    89
    #23
    Quote Originally Posted by deyavi View Post
    It depends how much time you can spend on it. I did it in 30 days with full time job (actually I did get 60 days lab time, but got all the lab machines within the first 30 days, and then scheduled the exam as soon as they had dates available)
    you mean for the exam date is depends on the lab avaibility?
    Reply With Quote Quote  

  25. Junior Member
    Join Date
    Sep 2015
    Posts
    23

    Certifications
    OSCE, OSCP, CEH, CCSK, MCSA
    #24
    Quote Originally Posted by vynx View Post
    you mean for the exam date is depends on the lab avaibility?
    Both lab time and exam depends on availability. You share the lab environment (there are multiple lab environments) during the course with a limited number of students. The exam lab is not shared with any student.
    Reply With Quote Quote  

  26. Senior Member MrAgent's Avatar
    Join Date
    Oct 2010
    Location
    Northern Virginia
    Posts
    1,283

    Certifications
    Sec+, MCP, MCSA 2003, MCTS, MCITP:VA, VCP5, MCSA 2012, MCSE Private Cloud, MCSE Server Infrastructure, C|EHv7, RHCSA, OSCP, GCIH, OSWP
    #25
    If you're comfortable with Linux and Windows CLI, I'd just jump in and do the OSCP. It's not as bad as everyone makes it out to be, and is a much higher ROI compared to the other listed certifications.
    2016 Goals: GCIH, OSWP - DONE!
    My OSCP review http://www.jasonbernier.com/oscp-review/
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 2 1 2 Last

Social Networking & Bookmarks