+ Reply to Thread
Results 1 to 6 of 6
  1. Junior Member
    Join Date
    Dec 2017
    Posts
    28
    #1

    Default OSCP vs HTB difficulty

    Hey all,

    I would like to understand the difficulty of OSCP compared to say medium difficulty HTB boxes. This is mostly to level set my expectations as to how much time is going to be needed to get certified. I have not purchased the PWK training, however I would like to get it done in the next ~30days.

    Any advice would be great.
    Thanks
    T
    Reply With Quote Quote  

  2. SS
  3. Junior Member
    Join Date
    Feb 2018
    Posts
    15

    Certifications
    OSCP
    #2
    HTB systems are largley CTF based. Its mostly flags and hints obfuscated in odd places. You can get most HTB systems with the right fuzzing and word lists. That said, HTB systems generally take a lot longer for this reason and since you're playing with word lists and odd tools they can seem a lot harder.

    OSCP lab systems are usually pretty straight forward. I've gotten every system except one in the lab so far and only one or two felt like a HTB system. It's a different setup entirely.

    OSCP is focused on real world scenarios, stuff you may see on a pentest. HTB is based on stuff you'll see in competitions.

    One thing I think HTB has over the OSCP lab is the challenges. I wish OSCP had challenges like those to help with learning some of the content.
    Reply With Quote Quote  

  4. Junior Member
    Join Date
    Dec 2017
    Posts
    28
    #3
    Thanks for the feedback. The enum part of HTB sometimes get to me, I think i spent 2 days on the pfsense box just running various wordlists... bit unnecessary...

    I guess Ill just bite the bullet and buy the 30day lab.
    Reply With Quote Quote  

  5. Senior Member BuzzSaw's Avatar
    Join Date
    Jul 2016
    Posts
    253

    Certifications
    OSCP | CEH | SSCP | VCP6 | VCP-NV | VCP-Cloud | VCP6-NV | VCP5-DCV | VCP4 | MCTS | MCP
    #4
    With all due respect to datakan, I don't agree with the comments above.

    "OSCP is focused on real world scenarios, stuff you may see on a pentest. HTB is based on stuff you'll see in competitions." -- I think this is largely not true in my experience.

    On one hand, I can think of no less than 3 OSCP targets that were not much more than CTF style targets. Things that would have little to no use "in the real world" OTHER than getting your mind to think in a puzzle solving mode.

    On the other hand, I actually used my notes from rooting one of the HTB boxes recently in the real world ... In fact, the exact syntax ...

    Both can and will provide valuable insight, lessons, and knowledge. But, using one as a gauge for the other is hard.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Nov 2016
    Location
    Iowa
    Posts
    154

    Certifications
    OSCP, OSWP, CISSP, CCNA Cyber Ops, Sec+
    #5
    +1 what datakan said. OSCP/PWK is a training course with course materials, and with one or three exceptions, every lab box falls within the scope of what they want to teach you. HTB, on the other hand, has no scope, and often the authors of those boxes are trying hard to be tricky, cute, or clever, so the challenges often tend to be very unrealistic, bordering on puzzles or trivia.

    Also, I think that's a wonderful suggestion to OSCP/PWK for challenges.
    -------------------------------------------------------
    Security Engineer/Analyst/Geek, Pen Testing
    Reply With Quote Quote  

  7. Junior Member
    Join Date
    Feb 2018
    Posts
    15

    Certifications
    OSCP
    #6
    Quote Originally Posted by BuzzSaw View Post
    With all due respect to datakan, I don't agree with the comments above.

    "OSCP is focused on real world scenarios, stuff you may see on a pentest. HTB is based on stuff you'll see in competitions." -- I think this is largely not true in my experience.

    On one hand, I can think of no less than 3 OSCP targets that were not much more than CTF style targets. Things that would have little to no use "in the real world" OTHER than getting your mind to think in a puzzle solving mode.

    On the other hand, I actually used my notes from rooting one of the HTB boxes recently in the real world ... In fact, the exact syntax ...

    Both can and will provide valuable insight, lessons, and knowledge. But, using one as a gauge for the other is hard.
    Not sure what you're disagreeing with me on. You pretty much said exactly what I did.

    There are 54 boxes in the lab. 3-4 CTF like ones does not make it anything remotely like HTB, plus those 3-4 CTF boxes are doable in 1-2 hours for a reasonably competent person. HTB systems will take hours if not days just to fuzz them correctly.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks