Penetration Testing mailing list archives

Re: OSCP

From: "J. Oquendo" <sil () infiltrated net>
Date: Mon, 17 Nov 2008 16:02:29 -0600

On Mon, 17 Nov 2008, Craig Wilson wrote:

Hi,

OSCP is great for practical knowhow but I would rather employ a CISSP anyday; why and how you would protect systems 
are much more important than how you break in.  Its all very well knowing how to make a shell run on a poorly 
configed machine but understanding defensive configs to ensure the machine isn't in a position to be compromised are 
more important IMHO.

Additionally I would ensure you have day to day experience and knowledge of why you would advocate certain things in 
corporate environments.

Craig



Two different certs, two different purposes. I believe each has
their own specific purpose so it's comparing apples and oranges.
You are however so completely offbase in your assumption that a
an OSCP or any other well qualified pentester is slowly looking
for a method to run a "shell script" on a "poorly configured"
machine. Apparently you have an isolated view of some of the
research that goes on with fuzzying, intuition, session hijacking,
etc., perhaps you could learn from the OSCP and other technical
courses similar to it.

For the CISSP types in an enterprise environment, there can only
be so many managers pushing around papers and revamping policies.
A thorough and knowledgeable pentester can and should be able to
create the same logical reports based on their technical findings
else they shouldn't be in the industry. There is a lot more than
meets the eye from my perspective on what a pentester is and what
the industry perceives them to be. If you're basing your opinion
on the level of questions that float on this list "wHaT to0L dO
I yEwS" than I can't blame you however, CISSP's aren't impressive
to me. Nor is any exam that relies strictly on memorizing what's
in a book.



=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP

"Each player must accept the cards life deals him
or her: but once they are in hand, he or she alone
must decide how to play the cards in order to win
the game." Voltaire

227C 5D35 7DCB 0893 95AA  4771 1DCE 1FD1 5CCD 6B5E
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------

Current thread:

Re: OSCP, (continued)
- - Re: OSCP Chaitanya (Nov 17)
  - Message not available
    - Re: OSCP Taras P. Ivashchenko (Nov 18)
- Re: OSCP Craig Wilson (Nov 17)
  - RE: OSCP Abe Getchell (Nov 17)
    - Re: OSCP Michael Condon (Nov 17)
    - Re: OSCP Morning Wood (Nov 18)
    - Re: OSCP Robin Wood (Nov 18)
    - RE: OSCP John Babio (Nov 18)
    - Re: OSCP Chris Griffin (Nov 18)
    - Re: OSCP Pedro Drimel (Nov 17)
  - Re: OSCP J. Oquendo (Nov 17)
    - Re: OSCP Michael Condon (Nov 18)
    - Re: OSCP J. Oquendo (Nov 18)
  - Message not available
    - RE: OSCP Craig Wilson (Nov 18)
  - Re: OSCP acey deucey (Nov 18)
- Re: Re: OSCP prdiez (Nov 18)