have you decided something ?
This isnāt a good idea.
OSCP develop the distributions incorporating tools and are therefore able to develop a curriculum that can gauge ones ability in using these in real environments. The reason OSCP is so recognized because OSCP are the authority because they are the distributors.
Not very useful having a certificate that says youāve achieved X on HTB or any other site, because they can make up any curriculum and marking scheme they likeā¦?
Go get an OSCP cert if you want a cert lol.
HTB is one of the single-best free services Iāve ever had the pleasure to use in my 25 years online. All the team are a great credit to themselves. I think a certification would be a great idea - but perhaps changing the cert name to something more āindustry soundingā.
many people cant afford OSCP $700-$1100; we spoke about a special box for htb cert.
@peek said:
many people cant afford OSCP $700-$1100; we spoke about a special box for htb cert.
I like the certification box idea.
@peek regarding OSCP, lets take into account that you donāt pay $700-$1100 for a certification. You pay it for the course (that is a pretty good one) and the course results in a certification. Even CEH Certification exam that is one of the highest in price costs around $250 while OSCP exam retakes cost around $90.
Imagine now being able to take the OSCP cert directly by paying $90 for the certification exam. Do you believe it would have the same gravity in the industry as it has now? I bet not.
I like the certification idea and actively looking at ways to make it a reality, although I do not want to offer a certification just for the certification. If a cert is to be made, it should either be very difficult to really bring forward the best talents or be accompanied by a very good course to train better professionals (or even both).
Until then, I am working on a Pro Profile page (VIP Feature) that will present the users skills in a more professional way, suitable to be added to a CV and verified from our website.
I welcome your thoughts on the above.
Do you believe it would have the same gravity in the industry as it has now?
does the industry know HTB is superior^3 to oscp
what ?
with that out of the way, I like the idea of āPro Profile pageā, keep up the good work.
I just meant that many people cant afford that; I hope industry knows htb if they are serious and updated. And good for Pro Profile.
@ch4p said:
@peek regarding OSCP, lets take into account that you donāt pay $700-$1100 for a certification. You pay it for the course (that is a pretty good one) and the course results in a certification. Even CEH Certification exam that is one of the highest in price costs around $250 while OSCP exam retakes cost around $90.
An OSCP retake costs $60 and the CEH is over $900 nowā¦ which is absolutely insane for what you get out of the CEH(nothing).
As for teaching red team skills, trust me when I say that everyone here who hasnāt been a part of an actual NSA accredited red team wants absolutely nothing to do with a redteam related certification. It would be 85% reading/creating documentation and then 15% actual pentesting.
@lowpriv said:
@ch4p said:
@peek regarding OSCP, lets take into account that you donāt pay $700-$1100 for a certification. You pay it for the course (that is a pretty good one) and the course results in a certification. Even CEH Certification exam that is one of the highest in price costs around $250 while OSCP exam retakes cost around $90.An OSCP retake costs $60 and the CEH is over $900 nowā¦ which is absolutely insane for what you get out of the CEH(nothing).
As for teaching red team skills, trust me when I say that everyone here who hasnāt been a part of an actual NSA accredited red team wants absolutely nothing to do with a redteam related certification. It would be 85% reading/creating documentation and then 15% actual pentesting.
interesting to know
@Arrexel said:
I suggested this a few months ago. It is a bit soon yet, but I could definitely see it if we could get some good material together and a private lab for certifications, after we grow some more. Who knows what the future might bring
I think the gamification element is better, maybe some events would be a better way to go for that. Winning an event or placing an event is as good as a cert in this industry, maybe itād be harder for a recruiter to understand/get but since this is always evolving it doesnāt really work with āgetting a certā as thatās a bit final - in my opinion. OSCP already offers the basics, I see HTB as a place to compete and learn.
Speaking of certs has anyone been ballsy enough to claim HTB lab time for CEUs for CISSP or the like?
Iām just gonna order stickers of my badge and put it on my resumeā¦
Haha, no for real though I can see this being a thing. The issue (as with the OSCP now) is validation of you being the one that passed the test or requirements or whatever it ends up being.
I got my OSCP back in Jan and it was right before they started pushing the pilot for the video proctoring of the test. It was becoming too apparent that people were cheating the test apparently and now they need to enforce some sort of validation.
I will say on the other hand, if you were to tell me you even had an account here when in an interview my ears would perk up immediately. It shows you really care just about the learning and the challenge. The OSCP is starting to almost become required and its check the box (a great one, donāt get me wrong on that) but HTB on the other hand is just a sign that you take the time to keep getting better, you want to learn and hone your skills. And that is really what matters.
So actually, ā ā ā ā yeahā¦ Throw your badge on your resume F* it.
@Rantrel said:
Iām just gonna order stickers of my badge and put it on my resumeā¦Haha, no for real though I can see this being a thing. The issue (as with the OSCP now) is validation of you being the one that passed the test or requirements or whatever it ends up being.
I got my OSCP back in Jan and it was right before they started pushing the pilot for the video proctoring of the test. It was becoming too apparent that people were cheating the test apparently and now they need to enforce some sort of validation.
I will say on the other hand, if you were to tell me you even had an account here when in an interview my ears would perk up immediately. It shows you really care just about the learning and the challenge. The OSCP is starting to almost become required and its check the box (a great one, donāt get me wrong on that) but HTB on the other hand is just a sign that you take the time to keep getting better, you want to learn and hone your skills. And that is really what matters.
So actually, ā ā ā ā yeahā¦ Throw your badge on your resume F* it.
+1
I donāt think a cert is necessary. Some people do cheat on htb for ranks (although idk why) but trying to add a certification sounds like it would add too much baggage with it tbh. HTB already has the street cred of being the best (free) platform for pentest training/pentest ctf so I donāt think thereās much point to it. (In my opinion)
I would absolutely love to have a specific set of challenges that HTB makes a Cert for. I will be even be okay if you have to pay to take it (I am thinking of a system like
RastaLabs). It would stand out on resumes and I would of course love to do it, especially just as a challenge to test myself.
@RedTeamIntern said:
I would absolutely love to have a specific set of challenges that HTB makes a Cert for. I will be even be okay if you have to pay to take it (I am thinking of a system like
RastaLabs). It would stand out on resumes and I would of course love to do it, especially just as a challenge to test myself.
+1 but I also agree in some other comments HTB is BY FAR with pentestit.ru the best you can find for free and with out going to a world wide competition like the defcon ones and others. So if we force people to cheat then the value will go down, even do also is true that we can make a anti cheat system of some sort.
@Rantrel - Iād proudly add this to my LinkedIn. I will do eventually, no doubt. I value this learning over any reading/CBT Iāve done. I will sign up for OSCP eventually, 24 hours on cam doesnāt bother me, if anything Iād add āvideo proctoredā on my CV/LinkedIn as I think it adds value to it as itās been heavily abused prior to this.
If HTB did do some certification, Iād probably do it but I want something more continual than something one off, this industry is evolving, it needs continual professional development and thatās why CEH and CISSP puts me off - itās a binary pass/not pass and itās heavily abused with braindumps for that reason.
This obviously didnāt age well
Not only did wet need more, we needed one that was deep and well put together, and HTB achieved this excellently , while still keeping all the fun parts