Jump to content
desmo

Anybody here who has ECPPT, WAPT, WAPTX and OSCP?

Recommended Posts

desmo

As the title suggests, I am looking for someone who did all of the courses/certs mentioned in the title.

I have a few questions regarding the choice of my next course.

 

thanks

Share this post


Link to post
Share on other sites
0xiris

Feel free to PM if you have any further questions.

  • Like 1

Share this post


Link to post
Share on other sites
cfernandez
On 8/1/2017 at 8:57 AM, desmo said:

Questions have been resolved :)

what were there answers? 

Share this post


Link to post
Share on other sites
desmo
3 hours ago, cfernandez said:

what were there answers? 

The answer (at least for my situation): When I am done with my current eLS courses/certs, I will do my best to get OSCP. Next will be WAPTX, as soon as the next version is released.

  • Like 1

Share this post


Link to post
Share on other sites
cfernandez

I am done with the ones here.. but did not take the OSCP because I been told is super outdated.. and if is just to have the cert.. i am not sure is worth the 800 dollars.. and I do not like that they force you to take

the kali course that is very low level, way lower than the PTPv4, if I could just take the test.. then I will had already. Did they update their content in the last 12months? I have not been paying attention.

Share this post


Link to post
Share on other sites
desmo
1 minute ago, cfernandez said:

I am done with the ones here.. but did not take the OSCP because I been told is super outdated.. and if is just to have the cert.. i am not sure is worth the 800 dollars.. and I do not like that they force you to take

the kali course that is very low level, way lower than the PTPv4, if I could just take the test.. then I will had already. Did they update their content in the last 12months? I have not been paying attention.

I am not sure if the Offsec content has been updated. However, I have to say, OSCP (and OSCE as well) is something I'd like to achieve and I see it as a personal challenge. I will do PTPv4 before that anyways as I already signed up for the course and I think its a good preparation for the Offsec courses. Additionally, I think that OSCP might help me to get a foot in the door of Infosec. We will see. Even if its a bit outdated, I see it as training and I am sure, the more different scenarios you have seen/solved/survived, the better you will do in technical interviews and later on the job itself.

Share this post


Link to post
Share on other sites
chavezdm1285

Offensive Security courses are great! I have both OSCP & OSCE. The OSCP course has recently been updated, but the course isn't really about attacking new technology, it's made for you to understand the concepts, build a testing methodology, and thinking like an attacker. Both courses are very fun, but require a lot of dedication and personal investment. If you aren't a self-cleaning and willing to put in the time to do research on a particular topic or technology then Offsec Courses aren't for you. They aren't going to hand you the answers and will make you work for them.
 

But over they are amazing courses, tough but far. I highly recommend them to anyone trying to getting into Red Teaming/Pentesting.

  • Like 3

Share this post


Link to post
Share on other sites
p4rkb4nk

hello @ll,

I am almost done with all offensive security and elearn security certs. And they are the best certs i had ever make. thanks to offfsec and elearn.

BUT: Can anybody suggest another security course provider?

greetz

Share this post


Link to post
Share on other sites
rash1

I heard you're not allowed to use Metasploit in the OSCP exam, so how can we take that exam down? Can someone or an admin who took the OSCP exam shed some light here?

  • Like 1

Share this post


Link to post
Share on other sites
riccardoancarani94

For what I know, in the OSCP exam you are allowed to use metasploit against only one target.
Automatic scanners like Nessus and Openvas are also banned.
In Offsec website you can find everything that you can and can't do (I don't remember where now).

Share this post


Link to post
Share on other sites
rash1
17 hours ago, riccardoancarani94 said:

For what I know, in the OSCP exam you are allowed to use metasploit against only one target.
Automatic scanners like Nessus and Openvas are also banned.
In Offsec website you can find everything that you can and can't do (I don't remember where now).

How can we leverage what we learned in PTPv4 to take out OSCP then? In this course we rely almost entirely on Metasploit to carry out the exploitation phase.

Share this post


Link to post
Share on other sites
riccardoancarani94

It's supposed to be hard.
When I wrote to Armando asking if the PTP course was too much tool oriented, he said to me that in the real world those kind of tools save you a lot of time (ignoring them is like reinventing the wheel every day)
The OSCP view is that if you want to be a serious penetration tester, you can not rely just on a tool, you should be able to carry on a test without any tool that "makes the work" for you.

Said that, with the PTP we have a big advantage when dealing with OSCP, everything that you make with metasploit can be replicated.
The techniques are the same, it changes just the way you approach them.
Knowing what you have to do is way more important than knowing how to do it (a 5 min google search can solve most of this problems)

Share this post


Link to post
Share on other sites
element

I  am convinced that tools will always facilitate your tasks, but keep in mind that some times you cannot use them, or part of them.. therefore it is not an option being able to accomplish the tasks in a different way, at "a  lower level"

That said, I did not find the PTP course too much "tools" oriented because it gives you a clear understanding of what is happening under the hood.

Casually, I wrote a small article about an "alternate" way of lateral moving using only powershell and cmd  https://decoderblogblog.wordpress.com/2017/01/26/dirty-tricks-with-powershell/

 

 

 

 

  • Like 1
  • Thanks 1

Share this post


Link to post
Share on other sites
cfernandez

BTW a friend and I are going to do the OSCP, I need to do it for my work, did it 4-5 years a go but doing it again since is paid.. does anyone want to join our group to do labs together etc?

let me know in private.

 

 

Share this post


Link to post
Share on other sites
riccardoancarani94
15 minutes ago, element said:

I  am convinced that tools will always facilitate your tasks, but keep in mind that some times you cannot use them, or part of them.. therefore it is not an option being able to accomplish the tasks in a different way, at "a  lower level"

That said, I did not find the PTP course too much "tools" oriented because it gives you a clear understanding of what is happening under the hood.

Casually, I wrote a small article about an "alternate" way of lateral moving using only powershell and cmd  https://decoderblogblog.wordpress.com/2017/01/26/dirty-tricks-with-powershell/

 

 

 

 

Wo, awesome blog post!

11 minutes ago, cfernandez said:

I need to do it for my work

 

 

May ask why? Do your company requires it?
 

Share this post


Link to post
Share on other sites
cfernandez
1 minute ago, riccardoancarani94 said:

Wo, awesome blog post!

May ask why? Do your company requires it?
 

not the company but mostly our clients. I work for Bugcrowd,  Cloud Infrastructure and Security Engineer. clients are corporate america players so they are familiar with OSCP and not much with eCPPT unfortunatelly :(  even in my opinion eCPPT is as good or better in many ways.

Share this post


Link to post
Share on other sites
element
9 hours ago, riccardoancarani94 said:

Wo, awesome blog post!

 

Thank you, hope it was useful ;-) 

Share this post


Link to post
Share on other sites
G0T-R00T
On 1/13/2017 at 11:31 PM, desmo said:

 

I am OSCP certified and the amount of knowledge you gain from this course is great. Offensive security does not provide you hand holding and force you to learn on your own. If you complete OSCP and manage to root all of the given hosts in the lab by yourself, you will develop a really good methodology which you can leverage in your day to day pen testing work. Offsec force you to do exploitation manually that's all of the automated tools are banned from their exam however, feel free to use Metasploit, Nessus etc. against your lab hosts and develop your understanding. You can achieve anything if you "Try Harder"

Let me know should you have any further questions on this ;)

Share this post


Link to post
Share on other sites
riccardoancarani94

@G0T-R00T That's exactly what I've heard recently, the real value of the OSCP course is the lab.
If you root every host in the lab, you are a badass.

Initially I thought that some OSCP machines were totally crazy (just heard, not started the course yet) but working as a penetration tester  showed me that are really close to real word scenarios.

  • Like 1

Share this post


Link to post
Share on other sites
Guest
You are commenting as a guest. If you have an account, please sign in.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×