Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 30

Thread: I passed the OSCP challenge!

  1. #11
    Member godcronos's Avatar
    Join Date
    Jan 2010
    Posts
    103

    Default Re: I passed the OSCP challenge!

    Sickness, you are right about the torrent downloads and also about the offensive labs, but I can't help think about vmware and the possibilities with it.
    I mean, if everything comes configured, where is the fun in learning how it works, why it works and how to patch it? I know we all like it easy, no matter who we are.
    I am sure you got my point in my previous post, but all that the class is, is just condensed material from a few books, that's how I see it. In the OffSec 101, the only hard time I had was with the buffer overflows and fuzzing, which one can easily find books on those topics and read up on his own, without thinking that he's got 30 days to finish the whole class. I meant, for a busy guy like myself, I hate that time restriction. If I spent the money, I want to be able within 6 month, let's say, to go through all the labs, because it's what I pay for and I want to take advantage of the whole package. If it's a self study, and mostly is nowadays, then I need time to really understand the class and not just fly through. You got to work around my time, I shouldn't have to work around yours. Right? That's why I pay you. And 30 days, I think, it's not a lot of time to immerse yourself in the whole class and understand it too, and go through all the labs and document everything. I am sure you could, if that's all you do, but I think I would find myself with shallow knowledge and not completely understand it.

  2. #12
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: I passed the OSCP challenge!

    I'm not saying you can't find with google what you learn in the course and replicate it with VirtualBOX or VMware it's just that by buying this course besides that fact that you learn things you show respect for others work.
    It's a hard subject and takes a lot of time to make such a course to provide a VPN to configure different vulnerabilities etc.

    And the courses aren't made for those who don't have time to do this. If you are a busy guy and don't work in this domain the course woun't help you very much but if you work like a pentester for example it's pure gold.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  3. #13
    Member godcronos's Avatar
    Join Date
    Jan 2010
    Posts
    103

    Default Re: I passed the OSCP challenge!

    Well, if you work as a pentester, you probably know this stuff already, wouldn't you say so?
    This is geared toward networks admins that want to learn more about security. Which is my case.
    I am still not convinced about the time restriction, but oh well, you can't have them all, I guess.
    I guess I need to understand that we are paying a teacher for his time, since the knowledge is no secret. But then, why the hype about the knowledge?

  4. #14
    Senior Member
    Join Date
    Jan 2010
    Posts
    140

    Default Re: I passed the OSCP challenge!

    Saying that the course is worth less because the material is available on other resources doesn't make any sense to me. Couldn't you find any information in any course in other locations? Why do people go to school to learn how to do math when they could just google it? Also I do setup virtual machine environments to learn and experiment. But there is something to be said about working against a mchine that you didn't install and don't already know it's holes.

    I really didn't expect this thread to turn into a debate. I just wanted to get the word out that this is a good course that is worth while. I also just wanted to do a little boasting because I'm happy I passed!

  5. #15
    Member godcronos's Avatar
    Join Date
    Jan 2010
    Posts
    103

    Default Re: I passed the OSCP challenge!

    Dude, I apologize for this! What upset me, and I know it's a personal opinion, is that you said that it's better then any other Microsoft certification that you've ever taken! I couldn't be more happy for you that you found the course so useful! I wish you the best with it and hope you can make a living using the knowledge you acquired. I just think that you overrated it a bit.
    What upsets me it's the usual hype that I see so much everywhere today. Once you get done with it ( I mean in general), you realize that you still don't know enough and you want to know more. I prefer when people keep it simple and just talk about it for what it is. There are times when I just don't care about the personal hyped opinions, but like to see personal struggles and the steps people took to get past them. That's what I think people need. Just telling people that is great, doesn't mean we should all buy it.
    As a side note, I'd love to be able to take the class, but because of the time limit imposed, I find it difficult to go through with it.
    Congratz to all those that had the luxury to spend time and finish it in 30 days! My deepest respect!

  6. #16
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default Re: I passed the OSCP challenge!

    I just want to chime back in here so that godcronos (a rather amusing amalgamation by the way) can hear from my side of the fence (and anyone else who reads).

    I don't hype the course. I recommend it, because in this industry the only other really 'useful' qualifications are the CEH and the CISSP. Anyone who has taken both will extoll the virtues of the OSCP every single time - and with good reason. Muts and the team have put together a tough environment to break into, and there is far more to the course than you seem to have gotten out of it. Every security-based person who I know has taken the course (myself included) has learned something from it - even the so-called "seasoned" security researchers. The course is, without a shadow of a doubt, the best course that you can take for this field.

    Now, having done the training required for MCSE and MCTS: Exchange Server (and a plethora of other courses), I can entirely justify the others hype. The people who have done it don't release much information on the course because there are lab challenges each and every step of the way. Doing the DNS auditing? You write down what you see because you may find it useful when doing SQL cracking later. And so on. That sort of thing just doesn't happen in the Microsoft (or others!) courses - and it shouldn't.

    Really, regardless of how much time you have, you can't get annoyed at someone enjoying the exam over MS stuff - they're chalk and cheese.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  7. #17
    Just burned his ISO
    Join Date
    Jun 2010
    Posts
    4

    Default Re: I passed the OSCP challenge!

    Quote Originally Posted by Gitsnik View Post
    I recommend it, because in this industry the only other really 'useful' qualifications are the CEH and the CISSP.
    ... and where does GPEN fit in this?

  8. #18
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Yeah, I basically agree with what Gitsnik said. I too have taken a tonne of professional training (the list of courses takes up a whole page in my resume), and the PWB course goes on the top of the list as a technical course. I have done a bunch of the Microsoft courses for example, starting with NT4, through 2000 and up to Server 2003. There is absolutely no comparison between those and PWB - like Gitsnik said - chalk and cheese. I also have tonnes of books on the subject of pentesting, I do a lot of reading on the Internet, and I saw stuff in this course that I had never seen before. So its not just an amalgamation of stuff from other sources.

    It may seem like I'm a little overenthusiastic over the course at times, but that's just an honest representation of how much I enjoyed the course and how much I got out of it. And Im ordinarily not a person who is prone to fits of excitement (not at all - I have had numerous comments from people about my stoic nature before), so that should tell you something.

    Just to show that Im not just a giant fanboy though, and to give a more complete picture, I will now mention some negative points about the course. First of all, its all technical, and theres very little focus on the other side of the pentesting process - setting scope, getting permission memos, test plans, client engagement, etc, etc. So, while the course may cover a lot of the technical side of network pentesting, it doesn't teach you everything you need to know to be a pentester. I have a feeling that this was a deliberate design decision though, and its unrealistic to think that one course could teach you everything you need to know about the subject of pentesting. The reason I qualified by statement above by saying that PWB is the best "technical" course I have done is exactly because of this reason. Technical courses are definitely the most fun courses to do (and I definitely had more fun in this course than I have had in ANY other), but they are not always what you necessarily need for your professional development.

    Second, if you're the type of person who likes lots of help from your instructors when you do a course, PWB is probably not for you. That is, unless the help you like to receive is to be told to "Try Harder" Id suspect that most long term members here don't have this attitude though, and if you did have it when you started here it probably got beat out of you pretty quickly. You will need to do some research on your own for PWB, especially if you try the extra point challenges. There is more thinking required during the exercises than is typical for most training courses, which typically give you step by step procedures that you can follow with your brain set to off.

    Those are some negatives, but the positives (cheap, tonnes of great technical content, interesting extra point challenges, cool exam) far outweigh them, and my advice to anyone thinking of taking the course is a definite "Yes", as long as you have the prerequisite knowledge and you don't mind putting the effort in to do the work. But pay attention to those qualifiers I just mentioned - I really DONT recommend the course for anyone who doesn't meet those requirements.

    And about the issue of not talking about the course content here - thats because when you enrol for the course you are sworn to a pact of secrecy about the content, and told only to reveal it to those who can demonstrate the secret OSCP handshake. OK, I just made that up, the real reason for this is that there is a dedicated forum for students to talk about how to do particular lab exercises already - one that's open only to people who have enrolled in the course, which denies people with stolen courseware access to that help. Its OK to discuss certain aspects of the course from a high level - information that might be useful to someone who is deciding whether to take the course or not, like what sort of DNS enumeration stuff is covered for example - but people should not be providing actual detail from the course here. Don't, for example, provide actual command lines, tool configuration details, screenshots from the manual, scan results from the network, etc. If someone wants that info, they can enrol in the course. And the reason for not discussing stuff from the exam should be obvious.

    Regards the time limits. Providing access to a VPN environment costs money, so I understand why the time is limited. You can get extensions to your lab time though, and you can also do certain bits of the course without the lab access with the appropriate VMs, so just do the bits you need lab access for first and do the other stuff later. I got 60 days of lab access when I did the course, but squeezed most of the work into the first 20 days, did a lot of it offline, and finished off some bits and pieces near the end.

    Quote Originally Posted by xsv10 View Post
    ... and where does GPEN fit in this?
    I personally like the GPEN, but I might be biased because Im GPEN certified.
    Last edited by lupin; 06-10-2010 at 11:34 PM. Reason: Merging my own posts
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  9. #19
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default Re: I passed the OSCP challenge!

    Quote Originally Posted by lupin View Post
    And about the issue of not talking about the course content here - thats because when you enrol for the course you are sworn to a pact of secrecy about the content, and told only to reveal it to those who can demonstrate the secret OSCP handshake.
    OMG you broke the code! Hehe jk

    There's probably no point to replying when both lupin and Gitsnik gave great answers. I also took the class about two years ago, and I pretty much agree with what they said.

    The thing that made this course my favorite was the lab and final test. It was very challenging because I didn't come from this field prior to the class. In fact I had a very hard time and it took me probably close to 300 hours to finish the class (on and offline). I think you said in a post you were doing more net admin stuff, and that would be my background as well.

    While you may see the catch phrase "Try Harder" and pretty much know what it means, it's also an attitude that carries with you after completing the course. It's about accomplishing things on your own and never giving up, even when you want to (and believe me there will be plenty of times throughout the course!).

    While there is great communication (irc,forums,email), no one is there to hold your hand. Of course you don't need to take the class to learn that mentality, but it changed drastically the way I approach everything going forward. So when a fellow class mate comes to express his or her joy after going through a 24 hour final, I understand.
    Last edited by Lincoln; 06-10-2010 at 04:41 AM.

  10. #20
    Member godcronos's Avatar
    Join Date
    Jan 2010
    Posts
    103

    Default Re: I passed the OSCP challenge!

    Thanks a lot guys for taking the time to explain what needed to be known and understood.
    I just need to clarify that I am not putting down the OS with its tools or the hard work people put in this. I guess I am a skeptic when it comes to things and don't just jump in just because everyone else is; I like to do some thinking on my own, that's were I was thinking about books and self study, which I pretty much do anyways, without the need to buy the course, which will also allow me on my own time to study. Time for me is of very much value, since I never seem to have enough and it's not because of poor scheduling, just because there's so much I want to do and I am known to be a workaholic and very focus when it comes to putting in the time to achieve something.
    I appreciate the personal input and unveiling the struggles some of you went through. Also, thanks for the advice you gave me, I will keep it in mind and apply it sometime this year when I purchase the course. I've been eager to get it for a while, it's just I am already swamped with self study and life. The price it's nothing for me, since I know I will apply it and make the money back eventually. I see it as self improvement and investing in myself, which I've never stop doing since I entered the industry in 1999, fresh out of high school. I guess at times I get eager to do it and it angers me that something else takes priority. I love the industry and the field I am in and I see myself working for the government or some higher authority protecting the things we take for granted every day.
    As my final note, I apologize I turned this thread into a personal venting session, when I should be joining others in congratulating those that have succeeded at taking the class!
    Thanks for the patience and understanding!

    Regards,
    GodCronos

Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. Penetration Challenge
    By vityav in forum OLD Pentesting
    Replies: 9
    Last Post: 03-06-2010, 07:12 PM
  2. Meterpreter - getgui.rb, cannot get passed router
    By b3r00tb4ck in forum OLD Newbie Area
    Replies: 6
    Last Post: 11-10-2009, 11:02 PM
  3. The Challenge
    By Cann0n in forum OLD Newbie Area
    Replies: 9
    Last Post: 08-29-2009, 01:18 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •