3

Is there any part related to penetration that OSCP/OSCE fail to cover in their training programs?

How much will I be exposed to penetration techniques after completing OSCP/OSCE?

schroeder
  • 125,553
  • 55
  • 289
  • 326

2 Answers2

4

They are very highly regarded and for very good reason, however, you're still going to have to continue to learn and evolve as a penetration tester. You'll be exposed to vulnerability detection, penetration testing and exploit writing with Offensive Security exams, however, you are still more likely to see a company looking for CISSP, CEH and/or GIAC certifications in their job descriptions. How much you're exposed to penetration testing afterwards depends on you I guess.

I don't believe they cover wireless or in-depth web app stuff and I'm unsure how much of the targets is Linux-based because I've only ever heard of Windows targets (I suspect there is a good amount of Linux, it's just not talked about).

I believe there's still a lot of stuff related to Windows XP vulnerabilities though I don't know what the percentage. I know there's now Windows 7 and W2K8 stuff, however, it's only natural that there'll be XP testing because it's still very popular and it's got to be a real pain keeping the course content (after all the principles are normally the same regardless of the target).

The real benefit of doing those courses, afaik, is that you not only learn how to compromise a device and hide your tracks, but you also learn how write exploits, look at shellcode and perform reverse-engineering, which means you'll understand better what's going on.

SANS have some excellent courses on penetration testing also (disclaimer: I've done a few of them) but they're somewhat more expensive. There's plenty of other discussions on this forum regarding SANS training so I'll let you search for that yourself.

You should view OCSE/OCSP as only a start.....

mentallurg
  • 10,256
  • 5
  • 28
  • 44
Mark Hillick
  • 2,124
  • 11
  • 14
  • They have a separate wifi certification OSWP. There are many Windows and Linux targets in the class. There is only a little web testing, but they have announced a OSWE certification coming soon. – schroeder Jul 12 '12 at 23:26
  • Oh that's interesting, didn't know that. I wonder how it'll compare with the new SEC642 from Sans, cheaper I guess would be one. – Mark Hillick Jul 13 '12 at 07:55
  • 1
    I have some co-workers doing OSCP right now. Our firm decided to do this because of the great value of the training at the dollar cost compared to SANS training, etc. While the other certs are better for marketing, it's good training. Co-workers says its very difficult, but they are learning a lot. It's heavily lab and practical based; pen testing is about understanding how systems work and looking for flaws, you will be learning a lot of concepts. It's hands on, so you will learn a lot. – Eric G Jul 27 '12 at 03:42
1

not sure about it , but the feedback over the internet about these courses is positive check this link , and you can ask them there if you want more details

http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,1152.15/

HSN
  • 1,198
  • 13
  • 23