Re: OSCP



"wHaT to0L dO I yEwS" is an understandable question, considering that "some" CEH training covers tools that honestly aren't that good, or are outdated.
And if one program reports an OS detection of a router and another reports Apache/probably running on Linux, it's not legitimate empirically to report just one result. Gut feelings/experience can't be scientifically replicated.
And some of the software out there that is not free/open source is really not too good either.

--------------------------------------------------
From: "J. Oquendo" <sil@xxxxxxxxxxxxxxx>
Sent: Monday, November 17, 2008 4:02 PM
To: <pen-test@xxxxxxxxxxxxxxxxx>
Subject: Re: OSCP

On Mon, 17 Nov 2008, Craig Wilson wrote:

Hi,

OSCP is great for practical knowhow but I would rather employ a CISSP anyday; why and how you would protect systems are much more important than how you break in. Its all very well knowing how to make a shell run on a poorly configed machine but understanding defensive configs to ensure the machine isn't in a position to be compromised are more important IMHO.

Additionally I would ensure you have day to day experience and knowledge of why you would advocate certain things in corporate environments.

Craig


Two different certs, two different purposes. I believe each has
their own specific purpose so it's comparing apples and oranges.
You are however so completely offbase in your assumption that a
an OSCP or any other well qualified pentester is slowly looking
for a method to run a "shell script" on a "poorly configured"
machine. Apparently you have an isolated view of some of the
research that goes on with fuzzying, intuition, session hijacking,
etc., perhaps you could learn from the OSCP and other technical
courses similar to it.

For the CISSP types in an enterprise environment, there can only
be so many managers pushing around papers and revamping policies.
A thorough and knowledgeable pentester can and should be able to
create the same logical reports based on their technical findings
else they shouldn't be in the industry. There is a lot more than
meets the eye from my perspective on what a pentester is and what
the industry perceives them to be. If you're basing your opinion
on the level of questions that float on this list "wHaT to0L dO
I yEwS" than I can't blame you however, CISSP's aren't impressive
to me. Nor is any exam that relies strictly on memorizing what's
in a book.



=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP

"Each player must accept the cards life deals him
or her: but once they are in hand, he or she alone
must decide how to play the cards in order to win
the game." Voltaire

227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------



Relevant Pages

  • Re: OSCP
    ... the OSCP training is reasonably priced. ... That being said, both the OSCP and CISSP are great certs, but completely ... Learning Services accepts no legal liability for the contents of this ... Security Trends Report from Cenzic ...
    (Pen-Test)
  • Re: OSCP
    ... I am a OSCP it is the best hands on course i ever had, ... CEH guys, i am sorry but it is true, CEH has no hands on. ... Security Trends Report from Cenzic ...
    (Pen-Test)
  • Re: OSCP
    ... But I've got some questions about OSCP. ... Do I need to be in America to sit the exam? ... Security Trends Report from Cenzic ...
    (Pen-Test)
  • Re: OSCP
    ... OSCP is great for practical knowhow but I would rather employ a CISSP anyday; why and how you would protect systems are much more important than how you break in. ... PPI Learning Services accepts no legal liability for the contents of this email including any errors, interception or interference, as internet communications are not secure. ... Security Trends Report from Cenzic ...
    (Pen-Test)
  • RE: OSCP
    ... the OSCP training is reasonably priced. ... That being said, both the OSCP and CISSP are great certs, but completely ... Learning Services accepts no legal liability for the contents of this ... Security Trends Report from Cenzic ...
    (Pen-Test)