Penetration Testing mailing list archives
Re: OSCP
From: "J. Oquendo" <sil () infiltrated net>
Date: Mon, 17 Nov 2008 16:02:29 -0600
On Mon, 17 Nov 2008, Craig Wilson wrote:
Hi, OSCP is great for practical knowhow but I would rather employ a CISSP anyday; why and how you would protect systems are much more important than how you break in. Its all very well knowing how to make a shell run on a poorly configed machine but understanding defensive configs to ensure the machine isn't in a position to be compromised are more important IMHO. Additionally I would ensure you have day to day experience and knowledge of why you would advocate certain things in corporate environments. Craig
Two different certs, two different purposes. I believe each has their own specific purpose so it's comparing apples and oranges. You are however so completely offbase in your assumption that a an OSCP or any other well qualified pentester is slowly looking for a method to run a "shell script" on a "poorly configured" machine. Apparently you have an isolated view of some of the research that goes on with fuzzying, intuition, session hijacking, etc., perhaps you could learn from the OSCP and other technical courses similar to it. For the CISSP types in an enterprise environment, there can only be so many managers pushing around papers and revamping policies. A thorough and knowledgeable pentester can and should be able to create the same logical reports based on their technical findings else they shouldn't be in the industry. There is a lot more than meets the eye from my perspective on what a pentester is and what the industry perceives them to be. If you're basing your opinion on the level of questions that float on this list "wHaT to0L dO I yEwS" than I can't blame you however, CISSP's aren't impressive to me. Nor is any exam that relies strictly on memorizing what's in a book. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP "Each player must accept the cards life deals him or her: but once they are in hand, he or she alone must decide how to play the cards in order to win the game." Voltaire 227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- RE: OSCP Craig Wilson (Nov 18)