PaulDotCom mailing list archives
Re: OSCP certification?
From: Ryan B <broadydownunder () gmail com>
Date: Tue, 21 May 2013 13:10:12 +1000
Hi Don, I got my start in InfoSec with the OSCP and I would highly recommend the course if you're new(ish) to Penetration Testing (more novice than absolute beginner, although both are fine, one will require more personal study though) It is by no means the only training you should get and I'd recommend you continue your studies after the course but if you're looking for a Pentester Bootcamp, it's really good. The best part about the OSCP is the Lab. The Lab has about 40-50 systems if I recall correctly, and they vary in difficulty to compromise. The easiest would probably end up being a Windows 2003 box vulnerable to the good old MS08-067 "netapi" exploit and the most complicated would be PAIN and SUFFERANCE which you can enjoy for many sleepless nights. The thing I like most about OSCP is it's not a "Here's a bunch of tools and how to use them" course. They really do work at the bits and bytes level of Pentesting. You will learn about Port Scanning and ARP poisoning but learning the make up of the packets, reconstructing your own through painful processes and in most cases, you'll need to build your own ARP Poisoning tools and Port Scanners using Bash, Python, Ruby or Perl. Only then should you defer to the Tools we all love. That way you get an understanding of what's going on "under the hood" and a greater appreciation for what the developers of your toolkits have built. Another important rule, No Nessus, No Metasploit in the Lab! The point of the Lab is to understand how to find and identify vulnerabilities. Then find available exploits (exploit-db, packetstorm, securityfocus, osvdb, cve-details), modify the shellcode to make them work for you, then go after the system. Finally, you'll be using some impressive SSH tunneling to exploit the hosts multiple subnets away through bridged machines you find in the Lab. The Certification is a 24 hour exercise, you'll be given 5 machines and asked to do your best. Normally, one of the machines will not have a listed exploit but one you will have to research and build yourself. The rest will be challenging machines requiring multiple exploits to achieve root. Vulnerability Scanners and Metasploit again are not permitted in the Certification. One year after finishing the OSCP, I'll admit that it may not have the biggest reputation amongst employers, but it will shape you into a Pentester that's not reliant on his toolkit. g0tm1lk wrote a great review of the OSCP you can read up on here: http://blog.g0tmi1k.com/2011/07/review-pentesting-with-backtrack-pwb.html Cheers and best of luck with the course. On Tue, May 21, 2013 at 12:12 AM, Don Pandori <dpinfosecurity () gmail com>wrote:
Was looking for thoughts/comments on the OSCP certification. I can't afford to get to SANS this year, even as a work study, so I'm looking at the Pen Testing with Backtrack training that Offensive Security offers. The online course looks pretty kick-ass and I like that the certification is more like a practical rather than filling in bubbles. Thanks in advance! Don _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- OSCP certification? Don Pandori (May 20)
- Re: OSCP certification? Ryan B (May 21)