OSCP + GPEN Need advice !

[Xuanbin1988]

Hi all, I am fairly new in the IT security field and currently hoping to dive into pentest career by taking OSCP or SANS courses. However I realize that pen test career in singapore is quite limited (Only Big four and the two SI I believe). I want to know the career prospect before I go for OSCP as I realize non of the job recruitment ads require them ( All cissp cisa ccna ccnp -_- ). Please advice

 

[glockification]

Hi all, I am fairly new in the IT security field and currently hoping to dive into pentest career by taking OSCP or SANS courses. However I realize that pen test career in singapore is quite limited (Only Big four and the two SI I believe). I want to know the career prospect before I go for OSCP as I realize non of the job recruitment ads require them ( All cissp cisa ccna ccnp -_- ). Please advice

Definitely more than 6 company that does pen test.

Oscp is not widely recognized in Singapore. But those who has it, probably knows more than just running VA/pen test tools.

 

[seesiang]

If my information is correct it is:
- oscp is 100% hands on and with negative marking scheme
- sans is open book exam with grading given every 15 questions.

Please correct me if I am wrong.

 

[放开那auntie]

hmm...both are difficult and not for newbies

If you want, can try the sans security essential course first

 

[BossQ]

There are lots of companies providing IT security services other than the 6 companies mentioned.

Go for SANS courses regardless. Don't waste time and money on local ones.

GPEN is more on network pentest while GWAPT covers more on apps pentest. Worth considering the latter.

Hand-ons wise, none of these courses trains you to be an expert professional but rather gives you the mindset and kickstart skills.

Skills level is up to individual to master it.

 

[MoeMoeSama]

Hi all, I am fairly new in the IT security field and currently hoping to dive into pentest career by taking OSCP or SANS courses. However I realize that pen test career in singapore is quite limited (Only Big four and the two SI I believe). I want to know the career prospect before I go for OSCP as I realize non of the job recruitment ads require them ( All cissp cisa ccna ccnp -_- ). Please advice

OSCP is not recognise in Singapore. SANS GPEN / GSEC is.

If you tell people you have OSCP /OSCE people would just go huh what that? And if you dont have the foundation. The guys in Offsec would advise you not to take up PWK.

Actually : I dunno anything... i just say say nia hahahaha

 

[Xiaosa1]

Taking GPEN doesnt really help with pentesting if you dont have the relevant network or application skillsets.

 

[Xiaosa1]

Plus there are alot of places which offer pentesting services or have internal Pentesting depts

BT, Verizon, HP, IBM. Global banks have internal pen testing teams

 

[seesiang]

This is stated in nicf for security officer. Job Detail

Courses or trainings could only help to open your door for interviews, it also depend on experiences, luck and people networks.

I am lucky to meet "gui ren" and they helped me open the door for pen test.

I am in a local security SI and it is a good growing place.

If you doubt the market value, try pop by the next govware or security conference (there are free entrance fee). During the security conference, try to network yourself and find out on the security market.

Upcoming conference will be SAN conference in March. If you are able to go, it will be a good exposure to answer most of your questions. You may also get lucky and know a couple of success stories

 

[Xuanbin1988]

Hi guys, thank you so much for all the various input, really appreciate it. I do have a rough idea now but SANS course is too costly to go without sponsorship. I guess I have to slowly work my way through and read up as much =/.

 

[seesiang]

If learning and exposure to penetration testing are your current priorities, i have send you a link whereby an opportunity await.

 

[Xiaosa1]

Just completed Gpen certification. Here are general topics nmap, TCp , udp, nessus, scapy, metasploit, meterpreter, wireless, zap proxies, nikto, cross site forgery, xss, command and sql injection. Password cracking , hydra, John the ripper, Cain, lanman and nt hash. Etc password and shadow, rainbow tables , pass the hash, command shell and terminal access. Pen test rules of engagement and report format, ethical hacking guidelines. Google recon , strings metadata tcpdump exitool, maltego, recon ng, sc, psexec,wmic

 

[fishbuff]

Just completed Gpen certification. Here are general topics nmap, TCp , udp, nessus, scapy, metasploit, meterpreter, wireless, zap proxies, nikto, cross site forgery, xss, command and sql injection. Password cracking , hydra, John the ripper, Cain, lanman and nt hash. Etc password and shadow, rainbow tables , pass the hash, command shell and terminal access. Pen test rules of engagement and report format, ethical hacking guidelines. Google recon , strings metadata tcpdump exitool, maltego, recon ng, sc, psexec,wmic

good tips.

 

[Lastexile]

Just did my OSCP. it's damn fun but damn demanding.

pretty much covered what Xiaosa1 has said but also include exploit development and modification.

In addition the lab machines are really fun to go through them (and frustrating).

 

[Trendnet18]

Just did my OSCP. it's damn fun but damn demanding.

pretty much covered what Xiaosa1 has said but also include exploit development and modification.

In addition the lab machines are really fun to go through them (and frustrating).

So will the oscp prep both for oscp and gpen? How long did it take you to prep for it? I have taken couple of networking certs including ccna and CEH.

Regards
Abhradeep

 

[Lastexile]

So will the oscp prep both for oscp and gpen? How long did it take you to prep for it? I have taken couple of networking certs including ccna and CEH.

Regards
Abhradeep

I won't say OSCP will fully prepare you for GPEN, because GPEN by itself is a MCQ exam, whereby OSCP requires you to be able to r00t the machines and submit a pen test report 24 hours after the exam.

For me, I signed up for 90 days lab access but I completed the exam on the 65th days. Do note that I have an extensive amount of system administration skills on linux and I have been trained in the content of OSCP (stack smashing, metasploit etc) few years back while doing my diploma. I have CCNA, Security+, RHCSA and I can tell you CCNA and Security+ are just good for the background information (terms and jargons), CEH is similar to Security+ in that aspect. At the end of the day, OSCP does not need you to regurgitate security terms but whether you can gain full access to the systems, so I don't think you should use my prep time as a benchmark, unless you already have lots of practical experience in this field.

 

[binary_0011]

Lastexile , are you still in this grp? want to ask your something.

 

[senpai4]

Go for ejpt > ecapt > oscp

 

[Lastexile]

Lastexile , are you still in this grp? want to ask your something.

wassup?

 

[Trader11]

wassup?

Do you have oscp 2nd edition?