Penetration Testing mailing list archives
RE: OSCP
From: Craig Wilson <cwilson () ppilearning com>
Date: Tue, 18 Nov 2008 11:41:33 +0000
You appear to have misread my message - I have both certs, the OCSP is fine if you want to know how to break things that are already broken. I am more interested in how to ensure that things are not broken in the first place. -----Original Message----- Craig Wilson Senior IT Network Administrator & Support Analyst T. 0207 264 5113 M. 07899895510 F. 02072645101 E. cwilson () ppilearning com W. http://www.ppilearning.com/ P Think Green - Please do not print this email unless you really need to http://www.ppilearning.com/promotions/winserver2008register.php This email and any attachments are confidential information and solely intended to be read by the email addressees above. If you inadvertently receive this email, your access is unauthorised and you may not copy, disclose, distribute or otherwise use this email and its contents. If you have received this email in error, please inform us immediately at mailto:SA () PPILearning com and delete all copies from your system. PPI Learning Services accepts no legal liability for the contents of this email including any errors, interception or interference, as internet communications are not secure. Whilst PPI Learning Services and the sender have taken every precaution to prevent transmission of computer viruses, should this inadvertently occur we do not accept any liability. Any offer or acceptance of a contract for goods or services made in this email is subject to our standard terms and conditions (available on request), unless other terms and conditions have been agreed in writing between authorised signatories of the parties. PPI Learning Services Limited. Registered Address: 3-5 Crutched Friars, London, EC3N 2HR. Registered in United Kingdom Company Number 06008725 -----Original Message----- From: J. Oquendo [mailto:sil () e-fensive net] Sent: 17 November 2008 21:35 To: Craig Wilson Cc: pen-test () securityfocus com Subject: Re: OSCP On Mon, 17 Nov 2008, Craig Wilson wrote:
Hi, OSCP is great for practical knowhow but I would rather employ a CISSP anyday; why and how you would protect systems are much more important than how you break in. Its all very well knowing how to make a shell run on a poorly configed machine but understanding defensive configs to ensure the machine isn't in a position to be compromised are more important IMHO. Additionally I would ensure you have day to day experience and knowledge of why you would advocate certain things in corporate environments. Craig
Two different certs, two different purposes. I believe each has their own specific purpose so it's comparing apples and oranges. You are however so completely offbase in your assumption that a an OSCP or any other well qualified pentester is slowly looking for a method to run a "shell script" on a "poorly configured" machine. Apparently you have an isolated view of some of the research that goes on with fuzzying, intuition, session hijacking, etc., perhaps you could learn from the OSCP and other technical courses similar to it. For the CISSP types in an enterprise environment, there can only be so many managers pushing around papers and revamping policies. A thorough and knowledgeable pentester can and should be able to create the same logical reports based on their technical findings else they shouldn't be in the industry. There is a lot more than meets the eye from my perspective on what a pentester is and what the industry perceives them to be. If you're basing your opinion on the level of questions that float on this list "wHaT to0L dO I yEwS" than I can't blame you however, CISSP's aren't impressive to me. Nor is any exam that relies strictly on memorizing what's in a book. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP "Each player must accept the cards life deals him or her: but once they are in hand, he or she alone must decide how to play the cards in order to win the game." Voltaire 227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- RE: OSCP, (continued)
- Re: OSCP Pedro Drimel (Nov 17)
- RE: OSCP Craig Wilson (Nov 18)