Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Offsec 101 Course

  1. #1
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default Offsec 101 Course

    So i finaly managed to save up enough cash to actually be able to take this and im really considering it but i'd like to ask a few questions.

    First and foremost is the course going to be changed anytime soon, because it would really suck if i signed up and a month down the road its updated. Beyond that tho i guess im looking for any input you might have, do you think its worthwhile, should i do any sort of training ahead of time .. that sort of thing.

    One of the main reasons im thinking of taking it isnt exactly for the knowledge learned because lets face it i can pretty much figure that out on my own with a very popular search engine. I'm wanting to do it more for the structure, and most importantly the test bed as i have no real means besides my crummy network to try things out on. The cert is also a major plus and i think in my area it will go a long way towards getting me a basic computer job ... which i desperately need. "bagging grocery's just isnt cutting it"

    I know this is going to be fairly one sided as its the main source of income for the devs but i honestly don't have the money to waist if there is something better out there as im pretty much living off of roman noodles as it is.
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

  2. #2
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Join irc.freenode.net and then to the room #offsec, and speak to an Op there.
    dd if=/dev/swc666 of=/dev/wyze

  3. #3
    Just burned his ISO
    Join Date
    Apr 2009
    Posts
    22

    Default

    Quote Originally Posted by vvpalin View Post
    First and foremost is the course going to be changed anytime soon, because it would really suck if i signed up and a month down the road its updated. Beyond that tho i guess im looking for any input you might have, do you think its worthwhile, should i do any sort of training ahead of time .. that sort of thing.
    My co-worker took it and used the Hacking Exposed 5 book and passed it first time around. His testimomial is actually displayed on the website. I bought HE 6 and a few others, and will probably do something with it later in the year.

    My fav was mac and cheese.
    Beware the fury of a patient man.

  4. #4
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    I started this course a few weeks back (and am still in progress with it now) and I can say that it is hands down the best IT technical course I have done, and I have done lots of them (well into double digits), including courses from Microsoft, Novell, Cisco, SANs, ITAC, ALC Training and more.

    The only ones that have come close are the GPEN course from SANs (which has good coverage of the non technical side of the pen testing process as well as some good technical stuff) and a Hacking Windows Masterclass from ALC Training (which I did back in 2003 and which isn't offered anymore). Both of those courses however were much more expensive than the Offsec one - GPEN was about 6 times more expensive with the certification attempt included.

    The Offsec course is definitely worth doing for the technical knowledge it teaches. As to whether it will help you get a job... well the OSCP certification is not that well known yet, and a pen testing certification may not help with an entry level position anyway.

    As to what you should read to prepare - yeah Hacking Exposed is actually not a bad choice as it does provide good general coverage of the pen testing process. Otherwise you may want to grab the course outline from the offensive security site and read up on each subject covered. Strong knowledge of TCP/IP, DNS, SNMP, SMTP, port scanning, netcat use, scripting (python and bash especially), Unix and Windows will be immensively helpful.

    In particular I have used scripting, nmap and nc extensively during the course.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  5. #5
    Senior Member
    Join Date
    Jan 2010
    Posts
    126

    Default

    Quote Originally Posted by vvpalin View Post
    im pretty much living off of roman noodles as it is.
    there's nothing wrong with ramen. well, perhaps the extremely high sodium levels...

    i will go ahead and say however, while the course may be outstanding (as i'm sure it is); it's probably not going to suit your needs/intention of securing a "basic computer job". there is nothing "Basic" or fundamental (to most businesses) about pentesting. everyone here will realize you indeed have a good grasp of networking essentials, troubleshooting, etc... but the person reading your resume and ultimately making the decision to hire you most likely will not. You should remember; a good percentage of MCSE certified, *gainfully employed*, network / IS administrators will be very suprised when their network does not hold up to pentest scrutiny/security audit. Go to any office park/corporetum and just look in Kismet; the amount of companies still running WEP boggles the mind... and these are "trained professionals".

    If you want another decent "employment" scenario; go to Best Buy and talk to the "Geek Squad" salespeople working there. Explain that you are thinking about purchasing one of the laptops,netbooks,etc. they have for sale in the store. sneak in a quick trick question such as "Does it come with any restore cds, in case I accidentally wipe the hidden restore partition in qtparted/fdisk while installing linux to it?". That kid with a simple A+ cert who has 1/1000 the ability/skillset you have, is still going to get hired before you for a "basic computer job".

    just some thoughts...

    best,
    c

  6. #6
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by clone View Post
    i will go ahead and say however, while the course may be outstanding (as i'm sure it is); it's probably not going to suit your needs/intention of securing a "basic computer job".
    I agree with this, and while I alluded to this in my earlier post I'll expand on it a little now. The only type of job that the OSCP cert would be helpful in getting would be a job that involves pen testing, and those jobs are generally not IT entry level. For the rare places that do take entry level staff for this type of job (I know of a few locally) they usually only take in Uni grads or someone with some other related tertiary qualification. If my team ever gets to the point where we want to hire entry level staff (for pen testing/incident detection and response/general IT security duties), we will probably look for tertiary qualifications as a minimum, unless the candidate has significant experience in another related technical IT position.

    If you want a cert specifically to get an entry level job, A+ would be a better cert to get, plus it would be pretty cheap (buy a study book from Amazon, pay to take the test). However, A+ training would also likely bore you to tears, and would not be anywhere near as entertaining or interesting as the offsec course.

    Quote Originally Posted by clone View Post
    i will go ahead and say however, while the course You should remember; a good percentage of MCSE certified, *gainfully employed*, network / IS administrators will be very suprised when their network does not hold up to pentest scrutiny/security audit. Go to any office park/corporetum and just look in Kismet; the amount of companies still running WEP boggles the mind... and these are "trained professionals".
    And I definitely agree with this. I work with a number of such people - who have had many years experience in their particular IT field but who are completely clueless when it comes to general computer security - even where it directly relates to their responsibilities. IT security really is a specialized field, and even the fields within IT Security (cryptography, pen testing, forensics, incident response, more) are sufficiently "deep" to be considered their own speciality (and to have further sub specialities such as web pen testing, wireless pen testing, etc).
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  7. #7
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    Thank you for all the comments

    While i have been out of the computer world for a long time, i at one point had a basic computer job, and even went to school to get my A+ .. at a very reputable college no less. That was one of the biggest mistakes of my life and after getting 2 instructors fired "lack of teaching skills / knowledge" and breaking into there domain controller "legally" i realized that maybe i should have taken something more advanced. Sadly however i met my ex at that point in time and basically threw the last 5 years down the shitter.

    Its funny you bring up best buy people because everytime i go to that store i laugh, i know 99% of them couldn't understand half the things that go on. Yet the fact that i applyed and got turned down rather upsets me. Anyways i know that for a basic job im almost over qualified, but i still simply have no way of proving that i know the things i do and this will atleast provide some sort of document that can attest to my knowledge base.

    So i have pretty much decided that i am most definitely going to take the course, all thats really up in the air at the moment is the timing of it. Even if there was no cert involved i would still take it just to satisfy my insane level of curiosity. Its a blessing and a curse

    One other thing i would like to say is that i recently picked up a C|EH test book from the library and ... wow its just so incredibly basic that without reading any of it and just doing the exams i averaged atleast a 70% do they really expect people that are taking the test not to know what a port scan is or why a hacker would want to cover there tracks. It just seems so incredibly convoluted that it almost seems like a worthless application of my time to even study it. What is the point of memorizing port numbers for backorifice, or asking what a rootkit is. Honestly if someone asked me that i would say google and are you freaking kidding me?
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

  8. #8
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    While I am a huge advocate of the offsec courses and think every one should take them, you would be much better off with something largely well known and respected as the CCNA.

  9. #9
    Member
    Join Date
    Jan 2010
    Posts
    332

    Default

    And now you have that miniature devil/angel on your shoulders type of situation. I must say that I'm in the exact same situation as you are. I was also weighing my options and decided to go for a CCNA for now. My decision was mostly defined by the place that I live in. The IS / Network standards in Croatia are undeveloped and there is literally no demand for network auditing. Although, as well as anywhere, there should be for the same reasons already stated in previous posts.

    Go to any office park/corporetum and just look in Kismet;
    the amount of companies still running WEP boggles the mind...
    and these are "trained professionals".
    The awareness of potential security risks doesn't even exist.
    So that's why for now I've chosen the CCNA and later the CCNP (they're the best known and most widely requested certs here).
    I must say that, although I'm sure they're not as interesting as Offsec 101, I do enjoy the course and am learning a lot from it.
    And for the future - well I kinda still have hope (I guess like you also) that I will be able to implement the pentesting knowledge I gathered so far and use it for something good (maybe I'll be able to implement ISO/IEC 18028 - yeah, like we'll ever need it ).

    I know all of this has little to do with what you asked, just wnated to share the thoughts and maybe clarify what Purehate stated.
    SecurityTube has two new sections. Questions & News

  10. #10
    Developer muts's Avatar
    Join Date
    Jan 2006
    Posts
    272

    Default

    This is a commonly asked question, which I would like to formally answer. I will probably be updating our Offsec FAQs page very soon.

    Q) Your courses Get updated frequently. Should I wait for the next release of a version change before signing up ?

    A) Yes, we *do* update our courses frequently, to reflect the changing tools and techniques used in the industry. Each major version change of our courses comes with a price increase. Past students can upgrade their version of the course for the price difference between what they paid, and the current price of the course.

    We often retire modules (as we introduce new ones), so in essence, you would actually *benefit* buying early, as you would get two versions for the price of one.


    Hope this clears things up!

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •