Re: OSCP ?

[DaKahuna <da.kahuna () gmail com>]

I apologize for the Top Post but seems everyone else has been doing it.

I do not agree that the exam did not correspond to the training materials.  To pass the exam you had to use a majority 
of the training materials.  I will not go into the exceptions but from my point of view Metasploit was not one of them. 
 I'd be very interested in how Yiannis managed to gain root on one of the boxes without having to use Metasploit to 
produce the necessary shell code.  It took almost every concept that ws covered in the course to pass the exam and if 
you did the extra mile challenges and took the time to go through and gain root on the lab boxes without using 
Metasploit you gained an even deeper understanding and appreciation for the materials.  

I like to say that the OSCP training is like a set of carpenter tools. In the right hands it can work magic!


On Nov 4, 2010, at 4:19 PM, Saif El Sherei wrote:

> The best thing you learn dueing the course is you leaen how to thunk out of the box and try harder. I took the course 
> its amazing the material teaches you everything you need to know about the subject of pentesting if u finish the 
> final challenge before entering the certoficate challenge you should be fine. The thing abouy the exam is that you 
> need tp think out of the box a little. And isnt this what's security all about.  the whole idea behind pentesting and 
> vulnerability research and exploitation is thinking out of the box. Thats the whole concept. 
>
> Also IMHO if they exam was like the material then where is the challenge?  
>
> The best advice you can have during the course is 'Try Harder' :D
>
> Regards,
>
> Saif El-Sherei
> OSCP
>
>
> Sent from my iPhone
>
> On Nov 4, 2010, at 10:08 PM, "Yiannis Koukouras" <ikoukouras () gmail com> wrote:
>
> > It is a really meaningful certification, but I was surprised to see
> > that the study material was not corresponding to the exam. e.g. There
> > is whole chapter dedicated on metasploit and you are not allowed to
> > use metasploit during the exams!!!
> >
> > IMHO, the reading material should describe things that are in scope of the exam.
> >
> > Other than, it is the only cert who's ownership actually means that
> > you are pretty good on the subject.
> >
> > P.S. I am talking about v2.6. I hope that v3.0 has a different structure.
> >
> > Ioannis (Yiannis) Koukouras
> > CISSP, CISA, CISM
> > MSc in Computer Systems Security
> > BEng in Electronic Engineering
> > http://www.linkedin.com/in/ikoukouras
> > ---
> > The information contained in this communication is intended solely
> > for  the  use  of the individual or entity to whom it is addressed
> > and others authorized to receive it.  It may  contain confidential
> > or legally privileged information.  If  you  are  not the intended
> > recipient you are hereby notified that  any  disclosure,  copying,
> > distribution  or  taking any action in reliance on the contents of
> > this  information  is  strictly  prohibited  and  may be unlawful.
> >
> > If you have received this communication in error, please notify the
> > sender immediately  by  responding  to this email and then delete
> > it from your system.
> >
> >
> > On Wed, Nov 3, 2010 at 10:39 AM, Enis Sahin <enis.c.sahin () gmail com> wrote:
> > > I am thinking about enrolling to the course but I'm curious about one
> > > thing. Everybody keeps saying that it is a very challenging course
> > > with a tough exam and especially the chapter about buffer overflows
> > > seem intimidating. Is the course material enough to get past those
> > > parts during the exam? If not how much extracurricular activity should
> > > I perform?
> > >
> > > I bought the Gray Hat Hacking book to study about buffer overflows
> > > before the course starts because I'm worried that the lab time won't
> > > be enough to learn enough assembly and debugging to start writing
> > > exploits and practice other chapters covered in the course.
> > >
> > > How was your experience with it?
> > >
> > > Enis
> > >
> > > On 1 November 2010 19:22, Onken, Skyler <onk08001 () byui edu> wrote:
> > > > Anybody taken the eLearnSecurity course? I would be interested in seeing how it compares to the PWB/OSCP online 
> > > > version.  I am guessing that most of you took the PWB live course?
> > > > ________________________________________
> > > > From: listbounce () securityfocus com [listbounce () securityfocus com] on behalf of Chad Uretsky [curetsky () 
> > > > yahoo com]
> > > > Sent: Tuesday, October 26, 2010 10:38 PM
> > > > To: Dan Crowley; pen-test () securityfocus com
> > > > Subject: Re: OSCP ?
> > > >
> > > > Phil,
> > > >
> > > > I agree with Daniel.  The curriculum is very well done, the labs really help
> > > > solidify the understanding of the material, and the cert exam is probably the
> > > > most challenging and practical that I've taken to date.
> > > >
> > > > Kind regards,
> > > > Chad Uretsky
> > > >
> > > >
> > > >
> > > > ----- Original Message ----
> > > > From: Dan Crowley <dcrowley () coresecurity com>
> > > > To: pen-test () securityfocus com
> > > > Sent: Tue, October 26, 2010 2:49:29 PM
> > > > Subject: Re: OSCP ?
> > > >
> > > > Hi Phil,
> > > >
> > > > In my opinion, the OSCP certs are one of the few infosec certifications
> > > > out there that actually means anything. It's very hands-on, and the
> > > > material is deep and at times can be brutal for the inexperienced.
> > > >
> > > > Highly recommended.
> > > >
> > > > Cheers,
> > > > --
> > > > Daniel Crowley
> > > > Technical Specialist
> > > > Core Security Technologies
> > > > Direct: +1 (617) 695-1151
> > > > Fax: +1 (617) 399-6987
> > > >
> > > > "All the forces in the world are not so powerful as an idea whose time
> > > > has come." - Victor Hugo
> > > >
> > > >
> > > > On 10/22/2010 12:45 PM, Phil wrote:
> > > > > Hello-
> > > > >
> > > > > First post here,.... Looking for opinions of, or experience with the OSCP
> > > > > (Offensive Security Certified Pentester) curriculum.
> > > > >
> > > > > Thanks!
> > > > > Phil
> > > > >
> > > > > ------------------------------------------------------------------------
> > > > > This list is sponsored by: Information Assurance Certification Review Board
> > > > >
> > > > > Prove to peers and potential employers without a doubt that you can actually do
> > > > > a proper penetration test. IACRB CPT and CEPT certs require a full practical
> > > > > examination in order to become certified.
> > > > >
> > > > >
> > > > > http://www.iacertification.org
> > > > > ------------------------------------------------------------------------
> > > >
> > > > ------------------------------------------------------------------------
> > > > This list is sponsored by: Information Assurance Certification Review Board
> > > >
> > > > Prove to peers and potential employers without a doubt that you can actually do
> > > > a proper penetration test. IACRB CPT and CEPT certs require a full practical
> > > > examination in order to become certified.
> > > >
> > > >
> > > > http://www.iacertification.org
> > > > ------------------------------------------------------------------------
> > > >
> > > >
> > > >
> > > >
> > > > ------------------------------------------------------------------------
> > > > This list is sponsored by: Information Assurance Certification Review Board
> > > >
> > > > Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB 
> > > > CPT and CEPT certs require a full practical examination in order to become certified.
> > > >
> > > > http://www.iacertification.org
> > > > ------------------------------------------------------------------------
> > > >
> > > >
> > > > ------------------------------------------------------------------------
> > > > This list is sponsored by: Information Assurance Certification Review Board
> > > >
> > > > Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB 
> > > > CPT and CEPT certs require a full practical examination in order to become certified.
> > > >
> > > > http://www.iacertification.org
> > > > ------------------------------------------------------------------------
> > >
> > > ------------------------------------------------------------------------
> > > This list is sponsored by: Information Assurance Certification Review Board
> > >
> > > Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB 
> > > CPT and CEPT certs require a full practical examination in order to become certified.
> > >
> > > http://www.iacertification.org
> > > ------------------------------------------------------------------------
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Information Assurance Certification Review Board
> >
> > Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> > and CEPT certs require a full practical examination in order to become certified. 
> >
> > http://www.iacertification.org
> > ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------