+ Reply to Thread
Results 1 to 14 of 14
  1. Senior Member
    Join Date
    Jun 2011
    Location
    Maryland
    Posts
    190

    Certifications
    GWAPT, CISSP, eJPT, CEH, Sec+, ITIL-F, BS:IS
    #1

    Question eCPPT or Go Straight to OSCP?

    Hello TE,

    I am torn between which certification to go for next: eCPPT or OSCP?

    I took the eJPT beginning of this year and absolutely LOVED the content and structure of the exam. The way they designed the course I truly learned. In fact to really internalize something you need to go through it 3-4 times. eJPT you read the slides first, then watch the videos then do the lab. 3x by default if you do everything. Then you use some of the previous skills you picked up to do more advanced things through the course. It is my understanding the eCPPT is eLearnSecurity's main course where they spent the most effort on.

    For next 6 weeks, I am going to be learning Python and Bash. Then spend a solid week on Linux fundamentals as i am rusty. I have been in IT for over 10 years and really done almost everything outside of programming/development. I am currently a pen tester at work but main focus on web apps. I use Kali almost daily.

    Think I should do the eCPPT or jump straight to the OSCP? My main hesitations with eCPPT is do I really want to spend $1099 then have to pay $1100 weeks after passing for OSCP. I am in DC area and hardly anyone has heard of eCPPT but OSCP does have that killer reputation so I do need/want OSCP for sure.

    I am excited no matter which cert I decide on first as these are something I want to do and not necessarily need to do.

    Appreciate any feedback!

    P.S. I know eLearn does black friday sales. Searching around I did not see the eCPPT course itself being on discount last few years. I know there is the full bundle but that is not worth it to me as not too interested in the other courses per reviews.
    Reply With Quote Quote  

  2. SS -->
  3. They are watching you NetworkNewb's Avatar
    Join Date
    Feb 2015
    Location
    Off the grid
    Posts
    2,667

    Certifications
    A+/Net+/Sec+, CCENT, CCNA:Sec, CCSK, GCIH
    #2
    I'd definitely go straight for OSCP.
    Last edited by NetworkNewb; 10-04-2017 at 08:57 PM.
    Reply With Quote Quote  

  4. Senior Member yoba222's Avatar
    Join Date
    Jun 2013
    Posts
    436

    Certifications
    LFCS, GCIH, eJPT, CCNA, CAPM, Sec+, Net+, A+
    #3
    I'm in the same boat but Linux right now and then Python for the rest of the year.

    So OSCP or eCPPT & OSCP?

    By my logic, would we be missing out on learning things doing only the OSCP? I don't know that answer.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Jun 2011
    Location
    Maryland
    Posts
    190

    Certifications
    GWAPT, CISSP, eJPT, CEH, Sec+, ITIL-F, BS:IS
    #4
    Quote Originally Posted by yoba222 View Post
    I'm in the same boat but Linux right now and then Python for the rest of the year.

    So OSCP or eCPPT & OSCP?

    By my logic, would we be missing out on learning things doing only the OSCP? I don't know that answer.
    Yes, it is tough. I am starting to think to do eCPPT first then OSCP after. That way education/learning wise I will definitely "get it" ya know?
    Reply With Quote Quote  

  6. Junior Member
    Join Date
    Jul 2017
    Posts
    24
    #5
    Quote Originally Posted by ZzBloopzZ View Post
    Hello TE,

    I am torn between which certification to go for next: eCPPT or OSCP?

    I took the eJPT beginning of this year and absolutely LOVED the content and structure of the exam. The way they designed the course I truly learned. In fact to really internalize something you need to go through it 3-4 times. eJPT you read the slides first, then watch the videos then do the lab. 3x by default if you do everything. Then you use some of the previous skills you picked up to do more advanced things through the course. It is my understanding the eCPPT is eLearnSecurity's main course where they spent the most effort on.

    For next 6 weeks, I am going to be learning Python and Bash. Then spend a solid week on Linux fundamentals as i am rusty. I have been in IT for over 10 years and really done almost everything outside of programming/development. I am currently a pen tester at work but main focus on web apps. I use Kali almost daily.

    Think I should do the eCPPT or jump straight to the OSCP? My main hesitations with eCPPT is do I really want to spend $1099 then have to pay $1100 weeks after passing for OSCP. I am in DC area and hardly anyone has heard of eCPPT but OSCP does have that killer reputation so I do need/want OSCP for sure.

    I am excited no matter which cert I decide on first as these are something I want to do and not necessarily need to do.

    Appreciate any feedback!

    P.S. I know eLearn does black friday sales. Searching around I did not see the eCPPT course itself being on discount last few years. I know there is the full bundle but that is not worth it to me as not too interested in the other courses per reviews.
    My take is whether you're paying out of pocket or your company is paying, I will approach it as follows:
    Download the eCCPT syllabus and go through line-by-line assessing/checking if my skills level are current with the syllabus. Browse through the "Sticky: List of recent OSCP threads". If they are not, I will "bite the bullet", go on a diet: air diet, dash diet etc... to save and take the eCCPT course. You're lucky to be working as a Web app Pen Tester so you're way ahead. Another consideration is that eCCPT is less on Web App content so your Web app can complement the eCCPT course in preparation for the OSCP.
    I think you will then have less of a learning curve and not too stressed out when you approach the OSCP. I'm in a similar situation although I work primarily as a Vulnerability Analyst. I'm reviewing my foundation of linux admin, programming, etc... since I've been "away from these" for some time.
    This is not a race...I'd rather approach this as the Ethiopians and Kenyans doing a middle to long distance running rather than a sprint like Usain Bolt. If your skills set are current, then you can do a "Bolt".
    BTW: I like your approach of going through a course/labs 3-4 times to internalize the materials. I'm doing the same at my end. I'm also in the DC area so when you're about to start the OSCP you can ping me to check if I'm done with my foundations. For me I will at least go through the eCCPT course before taking OSCP.
    Reply With Quote Quote  

  7. Junior Member
    Join Date
    Feb 2016
    Posts
    28

    Certifications
    eMAPT, CEH, MCP, Qualys Certified Specialist
    #6
    Start with eCCPT first if you are not experienced enough. The OSCP book&videos are horrible and the course has a pretty steep learning curve.
    Reply With Quote Quote  

  8. They are watching you NetworkNewb's Avatar
    Join Date
    Feb 2015
    Location
    Off the grid
    Posts
    2,667

    Certifications
    A+/Net+/Sec+, CCENT, CCNA:Sec, CCSK, GCIH
    #7
    Quote Originally Posted by ottucsak View Post
    Start with eCCPT first if you are not experienced enough. The OSCP book&videos are horrible and the course has a pretty steep learning curve.
    This ^^^ The only reason I would think about doing eCCPT is if I really wanted videos on certain subjects. Even then... that price is so high I would probably stick to the books and other options for learning. Can't imagine that cert is gonna be all that useful since it pretty much unknown to everybody.

    I'll actually admit I did purchase it the eCCPT course when it did come out awhile back. Wasn't super impressed myself... (and even got the updated version in hopes it would be a lot better) But others seem to think differently. Personally, I'd pass. Just my 2 cents on it though.
    Reply With Quote Quote  

  9. Senior Member TeKniques's Avatar
    Join Date
    Jul 2004
    Location
    Oregon, USA
    Posts
    1,250

    Certifications
    OSCP, CISA, CISSP, SSCP, MCSA 2008, MCSE 2003: Security, MCDST, MCP, Security+, Network+, A+, Project+, CCENT, CCNA
    #8
    I've never taken the eCPPT so my opinion may be a bit too subjective. That being said, if you are not ready to commit a decent amount of time to study for the OSCP then I would recommend to start with the former. I don't necessarily agree with the comment about the books and videos for the OSCP being horrible. All the subjects covered are more like primers and it is expected of you as the student to research and expand your horizons. It is unreasonable to expect the subjects to be covered in totality in the material. For example, there is a section on cross-site scripting in both the videos and pdf you are provided. However, the topic of cross-site scripting is so large that you could probably write a whole book on it to cover the vulnerability and potential exploitation in detail.
    Reply With Quote Quote  

  10. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    242

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CASP, C|EH, OSCP
    #9
    I'm with TeKniques, I don't agree with the above statement about the OSCP material either. It's actualy some of the best material out there, especially for stack based BoFs. They just don't spoon feed it to you, which is what everyone is looking for these days. As for the OPs question, I would say if you have the time, it wouldn't hurt to do the eCPPT first although it wont make hiring managers raise thier eyebrows like the OSCP will.
    Reply With Quote Quote  

  11. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #10
    Skip eLearn. They are a waste compared to OSCP.
    Reply With Quote Quote  

  12. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Posts
    3,363

    Certifications
    GCFA, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #11
    As a pentester you are expected to know a lot more than what's covered in any one cert! While OSCP get the name recognition by pentesting hiring managers it doesn't cover web based attacks - something you WILL be asked about in the interview.

    I would say do eCPPT, then do OSCP, and consider doing a lot more certs in the web pentesting arena, eLearnSecurity got more web-based certs, and if you work for an employer that pays for training then consider SANS courses as well.

    What I'm trying to say is, don't take a minimalist approach with pentesting certs, because people will expect a lot from you and the threat landscape is ever changing.

    Enjoy the ride!
    Goal: GCFA (DONE), GPEN
    Reply With Quote Quote  

  13. Senior Member TeKniques's Avatar
    Join Date
    Jul 2004
    Location
    Oregon, USA
    Posts
    1,250

    Certifications
    OSCP, CISA, CISSP, SSCP, MCSA 2008, MCSE 2003: Security, MCDST, MCP, Security+, Network+, A+, Project+, CCENT, CCNA
    #12
    Completely agree with McxRisley

    Another point to add to the discussion ....

    While I agree that more knowledge in the vast area of penetration testing is worthwhile, I want to debunk the perception that the OSCP is void of web application penetration testing. The videos, pdf, and the labs cover web application penetration testing at an introductory level that unless you have any prior experience in penetration testing, won't seem that introductory level. Cross-site scripting, SQL injection, file inclusion, path traversal, and session tampering are all covered ... and I'd like to also point out, may be on the exam. These random statements saying that web based attacks aren't covered simply aren't true. It is true that advanced web application attacks are not covered and you will need to look at the OSWE course for that, which unfortunately is only offered at Black Hat currently.
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    Apr 2014
    Posts
    147
    #13
    I'd say it depends on the financials. If you've got money to burn for education, or your company is paying... do both. It can't hurt. As you said, eLearns format and approach is really good. If money is a factor, then just do the OSCP. It's the king of the hill, and the ROI is much better. On top of that you can take it, if you don't fare well, you can utilize a million free resources to improve in the areas you struggled and extend/retake.
    Reply With Quote Quote  

  15. Not a Senior Member
    Join Date
    Apr 2010
    Location
    Alberta, Canada
    Posts
    143

    Certifications
    WGU BSIT, VCP 5, MCITP: EA W2K8, MCITP: Enterprise Technician, A+, Security+, MCTS: Exchange 2007, MCTS: Win 7,MCTS: SCCM,CEH, CCNA,VCAP5-DCA
    #14
    I was initially Planning to do the OSCP.
    While doing my prestuding - I kept finding that i had a lot of knowledge gap.
    Yesterday I Signed up for the eJPT - looked at the material and I was pretty happy.
    I have changed my thinking and i will do the eJPT, eCPPT, and possibly the new pen testing extreme certification.
    I will then look at the OSCP.

    The end goal is first build your skill set. Get armed with knowledge, and elearningsecurity has seem to master that.
    Once I have finished the above certification, then I will attempt OSCP - which is what employers want.

    The only negative with the above strategy is = Cost.
    Postive = Get In learn what you need at a faster pace, so you can move on.

    OSCP is still the final goal, but first goal should be learn the job and skillset in the most effective and efficient manner
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks