Penetration Testing mailing list archives
Re: PWB - OSCP certification for newbies
From: Eric Milam <emilam () coretechsg com>
Date: Sat, 05 Sep 2009 13:23:22 -0700
I asked that question once myself in frustration. What you are buying is the videos, the Training Documentation and the lab time. Basically you are buying a self study experience. Although I was screaming mad a few times when I couldn't figure things out, usually a day or two away from the lab helped to clear my mind. I would still recommend it for anyone who wants to get into the field, you get exposure to a lot of tools and you can do almost anything in the lab so you don't have to be afraid of messing anything up. Thanks, Eric On Sat, 2009-09-05 at 15:04 -0400, Stephen Mullins wrote:
"Try harder?" What are you paying them for? I agree with what one of the people here said though, "the one thing it teaches you is that if you can't do it by yourself then you can't do it." I think that's a lesson that most people never learn - self reliance. The lesson is that if you can't research and solve problems independently then maybe you're in the wrong business. I imagine most people would just fail, say the course sucks, and fall back on their CISSP and 6 figure salary to salve their wounded ego though. C'est la vie, Steve Mullins On Wed, Sep 2, 2009 at 6:36 PM, Eric Milam<emilam () coretechsg com> wrote:I passed my cert OSCP in July. I would have to agree with what is said below with one small caveat. There *are* people willing to help you, but it won't be the instructors. Best thing to do is to try to make a few *friends* in the IRC room and they can help you. I personally have helped many people, b/c I know how it felt to be told "Try Harder" or "We don't give answers" when all you want to do is get a nudge. There are people willing to help, but there is a lot of "Try Harder" I am taking the CTP course now and I find it the same, I don't even go to the chat room much anymore. I must note that is you go through the course and you do the challenge and pass, you will feel like king/queen of the world. I've got a lot of certs and I have to say this one went straight to the top of my resume. Hope that helps a little more.... Eric On Tue, 2009-09-01 at 09:56 +0100, Hari Sekhon wrote:Myne Computer wrote:Ok, with that said, I have another question to add. I am in about same place as Mauricio and would like to get further into training. Say someone is ok with linux, ok with networking, ok with multiple operating systems and on a decent start, where would be a good place for training in your openion to get a bit more into security, pen-testing, router configurations, firewall configurations, and anything like that.Just so you are clear on what you would be getting, there is nothing on router configurations, firewall configurations etc etc, you are expected to know all that already (which is why I mentioned they just assume you are experienced and know it all already). There is absolutely no instruction or information on such things in the course. You'd have to do all the other vendor specific courses for those things (hope you have a huge training budget!).I have been using a lot of tools like Nmap, wireshark, metasploit, and cain&able but would really like to understand this better. I have a server setup at home with multiple operating systems on many partitions I do a lot of my testing on but most of my learning comes from just google, man pages on Backtrack and reading books. I feel a good bootcamp would be nice to go through not just for the experience but the chance to talk to other people about this. Any suggestions on training or directions to take.As part of the course, answers are not given intentionally, which leads to a lot of frustration and the usual response of "try harder" and images blocking people from moaning all the time which can bring even good people to tears when they hit something tough. The one thing it teaches you is that if you can't do it by yourself then you can't do it. I personally would have liked to have been able to ask people a few things in discussions, we all would, but that's strictly not allowed especially in public, it's just not the way it operates, there is an element of hacker l33tness culture and especially the part about not giving answers, so can expect to lose a lot of sleep trying to figure stuff out by yourself, which I think is the culture they are trying to instill in you as the real one, and the whole atmosphere is against "spoon feeding". -h------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: PWB - OSCP certification for newbies Hari Sekhon (Sep 02)
- Message not available
- Re: PWB - OSCP certification for newbies Stephen Mullins (Sep 08)
- Re: PWB - OSCP certification for newbies Eric Milam (Sep 09)
- Re: PWB - OSCP certification for newbies Stephen Mullins (Sep 08)
- Message not available