Having taken the eJPT, I’ve been deciding which route to go down. Do I go for the eCPPT (Certified Professional Penetration Tester) by eLearnSecurity or the OSCP (Offensive Security Certified Professional) by Offensive Security?
For my situation, I decided to tackle the OSCP. Given that I bought lab time back in 2015 (while taking 18 credit hours in college), the 90 day lab time will only cost 600 USD vs the 1200 USD the eCPPT Elite plan costs. From a career perspective, the OSCP is also much more well known by HR departments, and since I can really only pick one (for now), I’ll go for the more marketable certification. OSCP here I come…..only…..
I’ve been incredibly intimidated by the reviews I’ve read of the OSCP. The course seems grueling, especially with the recent changes to the scoring. I’ve decided to give myself some homework to pass before I sign up and plunge into the content. If you have any suggestions to add to the list, feel free to let me know!
- Complete and document all exercises on pentesterlab.com. I’ll use these notes to compile a small book for different techniques will examples of the exploits and indicators to compromise. I’ll combine these notes with my notes from the eJPT. Hopefully, this will give me a good head start in documentation and will add a couple tricks into my toolkit before starting the OSCP exercises and subsequent labs.
- Complete and document three more vulnhub capture the flags.
- Configure a fully updated version of Kali with the MATE desktop. This will decrease the overhead of running Gnome on my laptop (Solus) and virtualizing another Linux distribution running Gnome.
- Find/modify/write any helpful reconnaissance scripts. I want to be able to VPN into their lab environment the moment I get the credentials and start scans to run overnight.
I’d like to get this list done in a month or two. Between work and an impending vacation, I think it’s doable. Really, the documentation will take the most amount of time. Then I’ll try my hand on the OSCP labs and exercises!
A main factor I’ve noticed in all the reviews is the sheer amount of time most people spent on the OSCP labs, easily 200+ hours over the course of 3 months. I’ve decided to give myself a realistic goal, one that I can easily hit and surpass without burning out. At the very least, I want to put in 20-25 hours per week, which will equal out to 240+ hours. Will this be enough to pass the exam? Maybe, maybe not. I would like to think that this will be enough time for me to comfortably go through and document the labs and at least 75% of the lab boxes. I do plan on tracking my time as I go through the labs and exam itself, so I guess we’ll see!
In the meantime, I won’t be posting much more about the OSCP or certifications until I pass the OSCP and give a review similar in structure to my eJPT review. I’ll be uploading write ups for my checklist above, so I expect quite a bit more content in the next two months followed by three months of silence while I go through the OSCP.
As always, feel free to let me know if you have any suggestions or comments!