+ Reply to Thread
Page 2 of 3 First 12 3 Last
Results 26 to 50 of 67

Thread: Oscp

  1. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    3,824

    Certifications
    BS-CST CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA
    #26
    Thanks for the info guys! I've been looking into taking this course and I wondered what stuff I should know before hand. Finish the CCNA, then start working on this stuff!
    WIP:
    MS in Legal Studies - Drexel University
    Mobile Forensics
    Kotlin
    Python
    Reply With Quote Quote  

  2. SS -->
  3. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    3,824

    Certifications
    BS-CST CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA
    #27
    WIP:
    MS in Legal Studies - Drexel University
    Mobile Forensics
    Kotlin
    Python
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #28
    I would definitely start with something like Learning Python: Amazon.com: Learning Python: Powerful Object-Oriented Programming (Animal Guide) (9780596158064): Mark Lutz: Books

    That one you mentioned is definitely not a beginner book, and it goes way beyond what is necessary for the OSCP. I'd recommend that as a prerequisite for the OSCE, along with Gray Hat Hacking, The Shellcoders Handbook, and Hacking: The Art of Exploitation (2nd).
    Reply With Quote Quote  

  5. Junior Member
    Join Date
    Feb 2010
    Posts
    7

    Certifications
    CEH,OSCP,GPEN
    #29
    Quote Originally Posted by L0gicB0mb508 View Post
    The more I take this class, the less I like it. I love the idea of this class, and it has taught some things. I also know people have raved over this class and exam, but there are just too many problems.

    If they release a new version of BackTrack, they should probably look at the training and make the proper adjustments. If you do take it, save yourself a lot of hassle and stick with BT3, simply because BT4 lacks some of the tools and files you will need to even complete the exercises. It's a pretty big pain in the @$$ sometimes.

    I think also in order to take this puppy you need to have a decent grip on security concepts, linux, common tools, and common vulnerabilities. If you are looking for a course to hold your hand and help you learn pentesting, this isn't it. I know most courses do expect you to study beyond what is taught, but I find PWB to be a little lofty in it's goals of self study/research. The biggest element of this being Perl or Python scripting. You honestly NEED to know how to script, or at least be able to steal and edit scripts. It's not really practical for you to manually enter a few thousand usernames to enumerate SMTP user information.

    It's a fun class if you have the background. I don't want to scare anyone off of taking it, but I wanted whoever takes it in the future to be fully aware of what they are getting into. I'll keep you all posted
    I don't necessarily agree with the ^^. I did the course albeit using BackTrack 3 and a lot of what you mentioned is needed I did not have. I did not have as you put it "decent grip on security concepts, linux, common tools, and common vulnerabilities". Now I don't know what your definition of decent grip is, but prior to taking the course all I had under my belt was the CEH. And in my opinion the CEH does not account for a decent grip on anything.

    You also mentioned that one NEEDS to know how to script, or at least be able to steal and edit scripts. Again I don't necessarily agree as the FIRST time I wrote a script using perl/python was actually during the course. Was it a challenge? Indeed it was. I must hasten to add though that my background is in programming.

    I hear you on the point of self study research as during the course I felt the same way. It can be quite FRUSTRATING at times. Especially when you are at your wits end and all you can hear is Try Harder. In fact I even emailed muts complaining about the approach. And was still told to try harder . However what helped me TREMENDOUSLY was the irc channel.

    The final challenge was indeed that, one HELL of a CHALLENGE. At one point during the challenge I again told muts that it was just not going to work. And that I wanted to end my attempt and try again another day. He told me that if I didn't complete it he would kick my **** Suffice to say I persisted and earned the cert.

    I will agree that if your looking for some one to hold your hand then yes its not for you. It was during the OSCP that I did assembly for the FIRST TIME. Prior to that I had no clue what a JMP ESP meant etc. I will admit it did take some getting used to. But it was fun.
    Last edited by _Dark_Knight_; 02-06-2010 at 12:57 AM.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #30
    Quote Originally Posted by _Dark_Knight_ View Post
    I don't necessarily agree with the ^^. I did the course albeit using BackTrack 3 and a lot of what you mentioned is needed I did not have. I did not have as you put it "decent grip on security concepts, linux, common tools, and common vulnerabilities". Now I don't know what your definition of decent grip is, but prior to taking the course all I had under my belt was the CEH. And in my opinion the CEH does not account for a decent grip on anything.

    You also mentioned that one NEEDS to know how to script, or at least be able to steal and edit scripts. Again I don't necessarily agree as the FIRST time I wrote a script using perl/python was actually during the course. Was it a challenge? Indeed it was. I must hasten to add though that my background is in programming.

    I hear you on the point of self study research as during the course I felt the same way. It can be quite FRUSTRATING at times. Especially when you are at your wits end and all you can hear is Try Harder. In fact I even emailed muts complaining about the approach. And was still told to try harder . However what helped me TREMENDOUSLY was the irc channel.

    The final challenge was indeed that, one HELL of a CHALLENGE. At one point during the challenge I again told muts that it was just not going to work. And that I wanted to end my attempt and try again another day. He told me that if I didn't complete it he would kick my **** Suffice to say I persisted and earned the cert.

    I will agree that if your looking for some one to hold your hand then yes its not for you. It was during the OSCP that I did assembly for the FIRST TIME. Prior to that I had no clue what a JMP ESP meant etc. I will admit it did take some getting used to. But it was fun.
    From my personal experience, your experience seems to be much closer to mine than some of the other reviews. This course is as much as learning how to think creatively and come up with solutions on your own as it is straight-forward instruction.

    I'd encourage people to not get scared off by things like exploit development. Just walk through the examples and get a basic understanding of how things like that work. I never write my own exploits, but I have had to make minor tweaks to the code. I also like to able to have a general understanding of what they're doing since you're not always able just point-and-click with Metasploit; sometimes you actually have to compile the code and execute an exploit that way. Nothing ruins a pen tester's day like getting yourself owned

    Welcome to the forums DK!
    Reply With Quote Quote  

  7. Junior Member
    Join Date
    Feb 2010
    Posts
    7

    Certifications
    CEH,OSCP,GPEN
    #31
    Quote Originally Posted by dynamik View Post
    From my personal experience, your experience seems to be much closer to mine than some of the other reviews. This course is as much as learning how to think creatively and come up with solutions on your own as it is straight-forward instruction.

    I'd encourage people to not get scared off by things like exploit development. Just walk through the examples and get a basic understanding of how things like that work. I never write my own exploits, but I have had to make minor tweaks to the code. I also like to able to have a general understanding of what they're doing since you're not always able just point-and-click with Metasploit; sometimes you actually have to compile the code and execute an exploit that way. Nothing ruins a pen tester's day like getting yourself owned

    Welcome to the forums DK!
    I totally agree. Thanks for the welcome
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #32
    Quote Originally Posted by _Dark_Knight_ View Post
    I totally agree. Thanks for the welcome
    Anytime. So, set a date for the OSCE yet?

    That GPEN you have is nice as well. For anyone looking for a more straight-forward pen testing course, I'd highly recommend that. I think the GPEN and OSCP compliment each other immensely.
    Reply With Quote Quote  

  9. Junior Member
    Join Date
    Feb 2010
    Posts
    7

    Certifications
    CEH,OSCP,GPEN
    #33
    Quote Originally Posted by dynamik View Post
    Anytime. So, set a date for the OSCE yet?

    That GPEN you have is nice as well. For anyone looking for a more straight-forward pen testing course, I'd highly recommend that. I think the GPEN and OSCP compliment each other immensely.
    I don't think I have the guts required to sit the OSCE. At least not yet
    I have come close to signing up but alas I didn't follow through.

    I have to agree with you again though, the GPEN compliments the OSCP quite well. I stopped listening to the audio after a while and just read the manuals. Ed speaks at the speed of light
    Reply With Quote Quote  

  10. Cyber Ninja L0gicB0mb508's Avatar
    Join Date
    Apr 2005
    Location
    Teh Tubes
    Posts
    535

    Certifications
    GCIA, GCIH, MCP, Net+, Sec+, CCNA, Proj+, A+, CIW, AESA, CCNA:Sec
    #34
    Some interesting responses, and I do respect everyone's opinion on the class. I'm pretty well finished with it, I haven't set a date for the challenge yet. Anyway, on with the hate (just kidding).

    I have no issues with a class that challenges you to think outside the box. Actually I really prefer a challenge. I love the challenge this course has provided, but that was never my issue here.

    My issue is I paid for someone to teach me about ethical hacking. I paid for some expert level knowledge to be passed in my direction. I didn't pay for a class that tells me to go read the foundational material from a wiki page. I expected that to be taught, that's why I paid for the class. If you ask for help you get the old "try harder".

    This is my opinion of course. So far everyone but me seems to really think it was awesome. Maybe I'm just missing something, I dunno.
    Reply With Quote Quote  

  11. Junior Member
    Join Date
    Feb 2010
    Posts
    7

    Certifications
    CEH,OSCP,GPEN
    #35
    Quote Originally Posted by L0gicB0mb508 View Post
    Some interesting responses, and I do respect everyone's opinion on the class. I'm pretty well finished with it, I haven't set a date for the challenge yet. Anyway, on with the hate (just kidding).

    I have no issues with a class that challenges you to think outside the box. Actually I really prefer a challenge. I love the challenge this course has provided, but that was never my issue here.

    My issue is I paid for someone to teach me about ethical hacking. I paid for some expert level knowledge to be passed in my direction. I didn't pay for a class that tells me to go read the foundational material from a wiki page. I expected that to be taught, that's why I paid for the class. If you ask for help you get the old "try harder".

    This is my opinion of course. So far everyone but me seems to really think it was awesome. Maybe I'm just missing something, I dunno.
    I completely understand where your coming from. I felt the SAME way in the initial stages hell what am I saying through out the ENTIRE course.
    But it was one HELL of ride.
    Reply With Quote Quote  

  12. Cyber Ninja L0gicB0mb508's Avatar
    Join Date
    Apr 2005
    Location
    Teh Tubes
    Posts
    535

    Certifications
    GCIA, GCIH, MCP, Net+, Sec+, CCNA, Proj+, A+, CIW, AESA, CCNA:Sec
    #36
    Quote Originally Posted by _Dark_Knight_ View Post
    I completely understand where your coming from. I felt the SAME way in the initial stages hell what am I saying through out the ENTIRE course.
    But it was one HELL of ride.
    i like your style. It is one hell of a ride. It's full of crushing defeats and some very good wins haha.
    Reply With Quote Quote  

  13. Censorship is Un-American JockVSJock's Avatar
    Join Date
    Dec 2006
    Location
    SATX
    Posts
    1,101

    Certifications
    M.S. in MIS/MBA, Network+, A+, Linux+, Security+, C|EH
    #37
    I was at a infosecurity outing where I live and two guys talking two had alot of praise for these certs. I was wondering what others though of these say Vs the SANS certs?

    thanks
    Reply With Quote Quote  

  14. Cyber Ninja L0gicB0mb508's Avatar
    Join Date
    Apr 2005
    Location
    Teh Tubes
    Posts
    535

    Certifications
    GCIA, GCIH, MCP, Net+, Sec+, CCNA, Proj+, A+, CIW, AESA, CCNA:Sec
    #38
    Quote Originally Posted by JockVSJock View Post
    I was at a infosecurity outing where I live and two guys talking two had alot of praise for these certs. I was wondering what others though of these say Vs the SANS certs?

    thanks
    These are a lot cheaper and more "hands on" than most of the SANS stuff. They also don't hold your hand nearly as much. It's pretty enjoyable once you get passed the delivery of the content. That's really been the only complaint I have had.

    Update on my progress.
    I've finished all the course videos and most of the labs. I should be scheduling to take this in the next week. I'm messing around in the labs as we speak. Just messing around I was able to get a shell on 3 servers, so I feel pretty confident on the lab. This course has definitely helped me in my technical understanding of attacks. No matter what, it's been pretty fun.
    Reply With Quote Quote  

  15. Cyber Donkey slinuxuzer's Avatar
    Join Date
    Jul 2003
    Location
    East Texas
    Posts
    612

    Certifications
    VCDX:NV - A+ Net+ Sec+ MCSA08 CISSP CCNA B.S. IT/WGU
    #39
    Quote Originally Posted by JDMurray View Post
    For anyone who is not an OS or app pen tester by profession, I would recommend the following course of action to be performed for a month or two before you actually start the PWB (OSCP) course:View the tutorial videos at Offensive Security to get an idea of what the class materials are like.
    • If you are unfamiliar with Ubuntu (Debian) Linux or KDE, should learn how to configure networking, install and upgrade software packages using both the GUI shell and the command line.
    • If you do not know Linux at all, you invest in an Intro to Linux book or class to learn all you can about using and managing a Linux box. The objectives of the CompTIA Linux+ certification is an excellent reference of Linux commands and features you should know.
    • Browse through the tools on BackTrack available in the /pentest subdirectory and the KDE menu. Become familiar with the use of the more common pen testing tools.
    • Know how to write simple bash shell scripts or other types of UNIX or Linux shell scripting.
    • Knowing either Perl or Python is a great help in the OSCP class; they are used by several of the assignments. Spend some time learning to write very basic programs in either or both of these languages.
    • Understand the fundamental organization and operational principles of computer architecture (e.g., stack, heap, CPU registers). Understand the lifecycle of a running program and how it “lives” in the computer.
    • Learn the basics of Intel x86 assembly language and how it is used to create an operation program.
    • Learn how to use Ollydbg or IDA Pro to load and step through the execution of a program. YouTube has a lot of videos on these disassemblers. Books on reverse engineering do as well.
    • Read through the posts in the forums at forums.offensive-security.com. You will gain access to more forums after you have signed up for the course, and read through the posting on those as well.
    • If you are not on IRC then now’s the time to learn how by visiting the Offensive Security channel at irc://freenode/offsec. For an IRC client, I use the ChatZilla add-on for FireFox.

    If you manage to accomplish most of these tasks before starting the actual PWB class, you will be well ahead of most of your fellow classmates. Much of your introductory work will already be completed and you won't waste valuable lab time trying to figure out how to do things like use Linux commands, write shell scripts, or install software. Instead, you will be ready and confidant to connect to the virtual lab and start working on the PWB modules.
    Thanks JD, this is the info I was seeking the CISSP forum, this is a great post.

    I would also like to add to anyone interested that located at

    Heorot.net • Index page

    There are some "Live Cd's" that are basically .iso's you can run in Vmware player, these are vulnerable *nix machines that you can pentest against, now if only they would have had all this when I was 14
    Reply With Quote Quote  

  16. Junior Member
    Join Date
    Oct 2008
    Posts
    16
    #40
    You really need to understand some basics concepts of programing and memory layout.

    The exam has you writing an exploit
    Reply With Quote Quote  

  17. Member
    Join Date
    Oct 2010
    Location
    Atlanta
    Posts
    64

    Certifications
    OSCE, OSCP, OSWP, RHCE, CNE, STS:DLP, CISSP, ISSAP, ISSEP, ISSMP, CSSLP, CAP
    #41
    In comparing the 2 (Offensive Security and SANS), OffSec's course teach real world technical penetration testing skills. In other words, someone that is able to get through all of the course material and pass the exam, has a very strong foundation in the technical skills required for penetration testing.

    You're taught how to think like a hacker along with understanding the process of real world penetration testing.

    SANS material while being excellent, is not nearly as hands on or process driven. If you can do both the OffSec courses and SANS that of course would be your best bet, but dollar for value, it's difficult to beat the OSCP offering.
    Reply With Quote Quote  

  18. Junior Member Registered Member
    Join Date
    Dec 2010
    Posts
    2
    #42

    Default OSCP Advice needed please

    Hi Guys/Girls: This Thread has been very useful. I'm going to take the OSCP in about a month. I am Network+, Security+, and CEH Certified. A couple of quick questions if I may --
    I have 'little Python/Perl' experience, but I fiddled around with C++ programming 'years' ago.
    I've been exploring BT4, and now it seems that I should be using BT3 (Correct?)
    Any advice/suggestions would be greatly appreciated. Thanks in advance
    Post Script:
    Yes I actually am a 'Ex-Circus Musician'
    Bass player for the Bently Bros Circus
    Reply With Quote Quote  

  19. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,596
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #43
    I used BT4 for the OSCP course last years and had no problems.
    Reply With Quote Quote  

  20. Junior Member Registered Member
    Join Date
    Nov 2011
    Location
    Malaysia
    Posts
    1

    Certifications
    CEH,ENSA,MSCP
    #44

    Thumbs up thank you

    Hai guys, as always.... thank you for the guide, been thinking really hard whether or not should i be taking this examination with my current skills ><. From the previous posts shows that i need to be familiar with linux scripting and basic configurations. Need to learn more

    Again thank you ^^
    Reply With Quote Quote  

  21. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,652

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #45
    Quote Originally Posted by L0gicB0mb508 View Post
    These are a lot cheaper and more "hands on" than most of the SANS stuff. They also don't hold your hand nearly as much. It's pretty enjoyable once you get passed the delivery of the content. That's really been the only complaint I have had.

    Update on my progress.
    I've finished all the course videos and most of the labs. I should be scheduling to take this in the next week. I'm messing around in the labs as we speak. Just messing around I was able to get a shell on 3 servers, so I feel pretty confident on the lab. This course has definitely helped me in my technical understanding of attacks. No matter what, it's been pretty fun.
    How did the exam go?
    Currently working on: Resting
    Reply With Quote Quote  

  22. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #46
    Quote Originally Posted by veritas_libertas View Post
    How did the exam go?
    I don't think he took it or he didn't pass. I think he said something about his experience going to poop and he started to hate Offensive Security. I'd really want to take this course but I know I will only be able to afford the 30 day length. I have quite a few books that I am going to read to prepare for it. Maybe by the time I get to the point when I am ready to take it, I will have more cash on hand. Are you planning on going for it Veritas?
    Reply With Quote Quote  

  23. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,652

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #47
    Quote Originally Posted by Bl8ckr0uter View Post
    I don't think he took it or he didn't pass. I think he said something about his experience going to poop and he started to hate Offensive Security. I'd really want to take this course but I know I will only be able to afford the 30 day length. I have quite a few books that I am going to read to prepare for it. Maybe by the time I get to the point when I am ready to take it, I will have more cash on hand. Are you planning on going for it Veritas?
    No, just curious. We had someone give a presentation at our Greenville ISSA, and during the presentation he talked about his experience getting the OSCP. He seemed to really like the whole experience.
    Currently working on: Resting
    Reply With Quote Quote  

  24. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #48
    Quote Originally Posted by veritas_libertas View Post
    No, just curious. We had someone give a presentation at our Greenville ISSA, and during the presentation he talked about his experience getting the OSCP. He seemed to really like the whole experience.
    Ah I see. I am set to do the SSCP next time it comes around my neck of the woods and then when I pass (yea big talk right lol) I can think about doing the OSCP for CE credits. I just wish the course was like $500 instead of $750+. I know the cert doesn't have the name recognition as say a CEH or something but the skills taught seem to be essential for security analyst/engineers.
    Reply With Quote Quote  

  25. Senior Member ipchain's Avatar
    Join Date
    Nov 2006
    Posts
    290

    Certifications
    <- do not define you.
    #49
    Quote Originally Posted by veritas_libertas View Post
    No, just curious. We had someone give a presentation at our Greenville ISSA, and during the presentation he talked about his experience getting the OSCP. He seemed to really like the whole experience.
    OSCP is unique in many ways. I have enjoyed the experience so far, and although I've had to interrupt my OSCP studies to focus on the CISSP, I plan on extending my lab time for another 30 days once the CISSP results are out.

    Save a bit of money and go for it - it's an adventure you won't regret embarking on! I will post a review once I get through it all and take the exam, but so far so good!
    Reply With Quote Quote  

  26. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #50
    Quote Originally Posted by ipchain View Post
    Save a bit of money and go for it - it's an adventure you won't regret embarking on! I will post a review once I get through it all and take the exam, but so far so good!
    Would you say that it has been worthwhile and worth the money? Moreso than GPEN? Also (as I know you are a Senior security resource) all other things equal if you saw someone with OSCP, CCNP, CCNP:S vs someone with SSCP,CCNP,CCNP:S which person would you lean towards for a JR security analyst role (again all other things being equal including personality, experience, etc)?
    Reply With Quote Quote  

+ Reply to Thread
Page 2 of 3 First 12 3 Last

Social Networking & Bookmarks