Penetration Testing mailing list archives
Re: OSCP ?
From: DaKahuna <da.kahuna () gmail com>
Date: Thu, 4 Nov 2010 19:20:16 -0400
I apologize for the Top Post but seems everyone else has been doing it. I do not agree that the exam did not correspond to the training materials. To pass the exam you had to use a majority of the training materials. I will not go into the exceptions but from my point of view Metasploit was not one of them. I'd be very interested in how Yiannis managed to gain root on one of the boxes without having to use Metasploit to produce the necessary shell code. It took almost every concept that ws covered in the course to pass the exam and if you did the extra mile challenges and took the time to go through and gain root on the lab boxes without using Metasploit you gained an even deeper understanding and appreciation for the materials. I like to say that the OSCP training is like a set of carpenter tools. In the right hands it can work magic! On Nov 4, 2010, at 4:19 PM, Saif El Sherei wrote:
The best thing you learn dueing the course is you leaen how to thunk out of the box and try harder. I took the course its amazing the material teaches you everything you need to know about the subject of pentesting if u finish the final challenge before entering the certoficate challenge you should be fine. The thing abouy the exam is that you need tp think out of the box a little. And isnt this what's security all about. the whole idea behind pentesting and vulnerability research and exploitation is thinking out of the box. Thats the whole concept. Also IMHO if they exam was like the material then where is the challenge? The best advice you can have during the course is 'Try Harder' :D Regards, Saif El-Sherei OSCP Sent from my iPhone On Nov 4, 2010, at 10:08 PM, "Yiannis Koukouras" <ikoukouras () gmail com> wrote:It is a really meaningful certification, but I was surprised to see that the study material was not corresponding to the exam. e.g. There is whole chapter dedicated on metasploit and you are not allowed to use metasploit during the exams!!! IMHO, the reading material should describe things that are in scope of the exam. Other than, it is the only cert who's ownership actually means that you are pretty good on the subject. P.S. I am talking about v2.6. I hope that v3.0 has a different structure. Ioannis (Yiannis) Koukouras CISSP, CISA, CISM MSc in Computer Systems Security BEng in Electronic Engineering http://www.linkedin.com/in/ikoukouras --- The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify the sender immediately by responding to this email and then delete it from your system. On Wed, Nov 3, 2010 at 10:39 AM, Enis Sahin <enis.c.sahin () gmail com> wrote:I am thinking about enrolling to the course but I'm curious about one thing. Everybody keeps saying that it is a very challenging course with a tough exam and especially the chapter about buffer overflows seem intimidating. Is the course material enough to get past those parts during the exam? If not how much extracurricular activity should I perform? I bought the Gray Hat Hacking book to study about buffer overflows before the course starts because I'm worried that the lab time won't be enough to learn enough assembly and debugging to start writing exploits and practice other chapters covered in the course. How was your experience with it? Enis On 1 November 2010 19:22, Onken, Skyler <onk08001 () byui edu> wrote:Anybody taken the eLearnSecurity course? I would be interested in seeing how it compares to the PWB/OSCP online version. I am guessing that most of you took the PWB live course? ________________________________________ From: listbounce () securityfocus com [listbounce () securityfocus com] on behalf of Chad Uretsky [curetsky () yahoo com] Sent: Tuesday, October 26, 2010 10:38 PM To: Dan Crowley; pen-test () securityfocus com Subject: Re: OSCP ? Phil, I agree with Daniel. The curriculum is very well done, the labs really help solidify the understanding of the material, and the cert exam is probably the most challenging and practical that I've taken to date. Kind regards, Chad Uretsky ----- Original Message ---- From: Dan Crowley <dcrowley () coresecurity com> To: pen-test () securityfocus com Sent: Tue, October 26, 2010 2:49:29 PM Subject: Re: OSCP ? Hi Phil, In my opinion, the OSCP certs are one of the few infosec certifications out there that actually means anything. It's very hands-on, and the material is deep and at times can be brutal for the inexperienced. Highly recommended. Cheers, -- Daniel Crowley Technical Specialist Core Security Technologies Direct: +1 (617) 695-1151 Fax: +1 (617) 399-6987 "All the forces in the world are not so powerful as an idea whose time has come." - Victor Hugo On 10/22/2010 12:45 PM, Phil wrote:Hello- First post here,.... Looking for opinions of, or experience with the OSCP (Offensive Security Certified Pentester) curriculum. Thanks! Phil ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: OSCP ? d3vil (Nov 01)
- <Possible follow-ups>
- RE: OSCP ? Onken, Skyler (Nov 01)
- Re: OSCP ? Enis Sahin (Nov 04)
- Re: OSCP ? Yiannis Koukouras (Nov 04)
- Re: OSCP ? Saif El Sherei (Nov 04)
- Re: OSCP ? DaKahuna (Nov 05)
- Re: OSCP ? Enis Sahin (Nov 04)
- Re: OSCP ? Geoff Galitz (Nov 08)
- Re: OSCP ? Scott (Nov 08)