OSCP

dlofnep

I've been looking at the security certification from Offensive Security (Developers of Backtrack), The Offensive Security Certified Professional. I've glanced over some of the coursework today - which I'm pretty impressed with.

The exam itself is a 24 hour exam, where from what I understand - you have to compromise 5 different hosts on a live network, with a further 24 hours to write up a report. From what I've been reading, it has taken on average about 16-17 hours for people to accomplish - and the difficulty rating was challenging.

I'm probably going to inevitably go for the exam when I can afford it. I was wondering has anybody here took the course + exam? And if so, what did they make of it?

syklops

/me subscribes to thread.

Im doing the SANS security training course "Hacking, exploits and incident response", in September so will offer my feedback on that, once I complete it.

I did the CEH and ECSA courses which were hands on. Tbh I found the CEH to be pretty much a waste of time. There was an awful lot of fluff in there, e.g. making your own viruses with canned tools. I cant think of a single useful(read ethical) application for that. I do kind of like the idea of white worms, but it wasnt that kind of virus, it was more embedding netcat into solitaire, and basic obfuscation techniques, to back door home PCs. Was not impressed. The ECSA was a lot better, but I think it was more the way mine was taught versus the material, I got great hands-on experience with packet analysis, with excellent explanations given for the harder parts.

Dont mean to derail your thread. Ill shut up now.

dlofnep

You're not derailing I'm happy to discuss other certs too.

I got a copy of an older OSCP course. I'm nearly half-way through, I'm quite impressed with it I have to say. The exam sounds really good!

I'll have to put it on the sideline for the moment, as I've been allowed to do the CCNA with FÁS. I'm still going to study this old OSCP content on the side though, so when the CCNA is finished, I'll enroll for the updated OSCP course.

syklops

What kind of material is in the older OSCP? Is there a lot of theory, or is there a lot of information on using specific tools?
From the site:

The OSCP is a twenty four hour exam, where a straight 24-hour period is given to that student to attempt this certification. It is a very difficult and challenging exam that will truly test the limits of the student. If a passing score is achieved the student is awarded a coveted OSCP certification.

That sounds at the same time both awesome and really challenging. $3500. Might be an idea for next years training budget.

dlofnep

It's methodology rather than theory. I mean, obviously there is theory involved but - it takes you through the actual process. I'll hit you up with a message.

Kur4mA

The fees for doing the course online are much cheaper than $3500. You can see the full list here with the most expensive one being $1100 with 90 day lab access included:

http://www.offensive-security.com/online-information-security-training/penetration-testing-backtrack/

I'm looking at doing this myself at the moment but am playing around with Linux for a while first and also waiting on a mini pc to arrive so that I can setup a little lab of sorts at home.

@dlopnef: I'd really appreciate any info on where old courseware can be gotten for the OSCP?

syklops

I read about half of that course manual last night. Its well written and reads very well. Although it does seem quite old. It referenced Red Hat Linux 7.3. That was one of the first Distros I used back around 2002.

Has the course been around that long?

Kur4mA

Yep, I believe it's been around for quite a while. The 101 course is now called the OSCP and from what I am reading the OSCP is a bit more up to date.

irishescorts

The majority of these courses are complete and utter shi*e, you'd do much better to go and choose a Cisco path.

I'm yet to see an employer hire somebody based on having an OSCP or CEH as they're both laughable to any security professional.

dlofnep

irishescorts wrote: »

The majority of these courses are complete and utter shi*e, you'd do much better to go and choose a Cisco path.

I'm currently studying for Cisco certification at the moment. That's here nor there - it's always good to broaden your horizons.

irishescorts wrote: »

I'm yet to see an employer hire somebody based on having an OSCP or CEH as they're both laughable to any security professional.

CEH, maybe - OSCP however is a much more impressive certification as it is proof that the holder possesses the ability to compromise the network, rather than have theory memorised off for an exam like the CEH.

OSCP is a 24 hour exam, which requires the attacker to compromise 5 different systems. If I was a company that focused on penetration testing, I would certainly view someone with a OSCP as being a beneficial employee.

I know a CCIE who owns a company, and is running all of his staff through the OSCP coursework at the moment. If he has confidence in it - then it's definitely worth a glance.

Have you sat the course btw? I'm just curious. If you've sat the exam, and are rubbishing based on experience - then fair enough, but if you haven't - it's a little bit unfair to pass judgement on something that you haven't taken.

In my opinion - the OSCP is the first cert that truly demonstrates ability.

digme

Just curious,does this course teach you how to code exploits?

dlofnep

digme wrote: »

Just curious,does this course teach you how to code exploits?

Yes, it covers buffer overflows and also useful shell scripts to automate enumeration and scanning.

LoLth

it teaches fuzzing and how to write an exploit (using vi and python and assembly).

it does not, however, teach python/perl/assembly you have to learn that yourself (which I dont know unfortunately - I always get to a point and then go "hang on, i've missed something here")

If anyone would be interested in taking part in a OSCP study group I'd be interested in joining However, if you dotn have an active account, you wont have lab access to practise the lessons securely (done through VPN).

Also, in the exam, they want you to submit your notes from the exam and your notes from the course including the extra credit projects which can sway an almost pass to a pass. You also cannot sit the exam without first attending the course and you cannot sign up for the course from a non-verifiable email address (gmail/hotmail etc).

All study material is watermarked with the student's real name and address. I did see a pirate copy once that had been faded to remove the watermark but a change in contrast sorted that pretty easily

oh, also, the course recently changed to v3.0 which also changed the challenges on the course (the targets you have to attack to practise the lessons and the extra credit targets) which means the config of the exam servers is also probably changed as well to better reflect the application of the changed lessons. But the exam is more about hwo you think around an issue rather than how well you remember the lessons.

irishescorts

dlofnep wrote: »

I'm currently studying for Cisco certification at the moment. That's here nor there - it's always good to broaden your horizons.



CEH, maybe - OSCP however is a much more impressive certification as it is proof that the holder possesses the ability to compromise the network, rather than have theory memorised off for an exam like the CEH.

OSCP is a 24 hour exam, which requires the attacker to compromise 5 different systems. If I was a company that focused on penetration testing, I would certainly view someone with a OSCP as being a beneficial employee.

I know a CCIE who owns a company, and is running all of his staff through the OSCP coursework at the moment. If he has confidence in it - then it's definitely worth a glance.

Have you sat the course btw? I'm just curious. If you've sat the exam, and are rubbishing based on experience - then fair enough, but if you haven't - it's a little bit unfair to pass judgement on something that you haven't taken.

In my opinion - the OSCP is the first cert that truly demonstrates ability.

Maybe the views came off a bit strong however in answer to your question, 10 years in comp sec. Having seen the material for the OSCP it would be a fun weekend but it's not something I'd consider hiring somebody on. I'd much rather go for the guy or girl with real life experience as a pen tester.

Also bear in mind this is a very new qualification with a lot of room for refinement and improvement.

By all means go for it and if you know somebody hiring based off it then your luck may be in however I'm yet to see it break into the market.

As I say, it'd be fun for sure but it's nothing I couldn't setup in my own lab and as it has no real world openings yet (or very very few) is it worth the cost?

Just out of interest, how far along are you with your Cisco?

dlofnep

irishescorts wrote: »

Maybe the views came off a bit strong however in answer to your question, 10 years in comp sec. Having seen the material for the OSCP it would be a fun weekend but it's not something I'd consider hiring somebody on. I'd much rather go for the guy or girl with real life experience as a pen tester.

The course itself is longer than a weekend. There are boot-camps of course, but the full course itself includes a VPN to a test-network to practice on, and runs for months. It's a very comprehensive course from what I've seen.

irishescorts wrote: »

As I say, it'd be fun for sure but it's nothing I couldn't setup in my own lab and as it has no real world openings yet (or very very few) is it worth the cost?

Well you could of course setup your own lab, but it allows someone who's new to pen-testing, a bit of structure with learning the vast array of topics that are required of them. It is at least veering in the right direction towards demonstrating 'ability', rather than most other certs which only demonstrate the ability to memorise sheets of paper on a short-term basis.

irishescorts wrote: »

Just out of interest, how far along are you with your Cisco?

I'm only starting the CCNA with FÁS, but it's really just a formality more than anything. I've got a decent foundation with networking, just need to brush up on Cisco specific content.

irishescorts

Yessir, the CCNA is fantastic. Worked as a network admin for 4 years before taking mine and it taught me a lot, wait until you get to the subnet calculations (nightmare).

As for structure, that's understandable however if somebody is willing to pay large sums of cash for information which can be freely obtained I guess that's up to them. I've always been happier learning alone but I guess some people can't take to that or need some motivation.

dlofnep

irishescorts wrote: »

Yessir, the CCNA is fantastic. Worked as a network admin for 4 years before taking mine and it taught me a lot, wait until you get to the subnet calculations (nightmare).

Don't worry, I got plenty of experience with subnetting in college - it was drilled into me

irishescorts wrote: »

As for structure, that's understandable however if somebody is willing to pay large sums of cash for information which can be freely obtained I guess that's up to them. I've always been happier learning alone but I guess some people can't take to that or need some motivation.

Technically I suppose, you could learn any amount of information on your own - CCNA included. But the end goal is a certification which holds weight. I think the OSCP is being seen as a credible cert from anyone I have spoken to who is familiar with the cert.

It might not be to your liking - but you have to appreciate their approach which breaks away from the braindump type of exams that anyone could pass, without demonstrating a long-term knowledge on the subject.