This isn’t going to be a write up of my experiences with OSCP. However happy to answer any questions that don’t break OS rules.
As the title states, I’ve recently cleared my OSCP. Considering next steps.
Little about me, I’ve been a network engineer for the past 6 years. I’m the sort of person that gets bored easily and always wants a challenge. So July 2019 I started on HTB (had no intention to do my OSCP), ippsec videos, all the good OSCP prep sites. Fast forward to November 2019 I’m OSCP certified.
I’m considering next steps. I start a new job in a week, they need a senior network engineer to finalise a big contract they have for the first 6 months. I’ve made it clear that my intention is to break into the security field, always been a passion of mine. They are keen to support me in doing this considering the supply/demand for people/roles is woeful at the moment.
However I don’t like sitting idle, I can do network engineering in my sleep. I need something to preoccupy my mind out of hours.
Looking at OSWE or OSCE, both look interesting, a friend of mine suggested eWPT. Should I start with eWPT and then consider OSWE? What did you do?
Alternatively, should I start looking into bug bounties? With the intention to get experience under my belt? Where do I begin?
Congratulations to you too! I would like to get into the pentester space, I’ve done blue teaming in my role unintentionally because our company wouldn’t hire security individuals. I’d more inclined to go this route over network security engineer type roles.
Should I just go straight into OSWE or do any other courses such as elearnsecurity?
@0x16 & @heromain :
Congratulations! I finally got my OSCP a month ago as well
I felt tired with the constant learning on labs & here, so I took a month off.
I don’t feel that I need OSCE or OSWE now - neither me nor my employee will accept it now.
You may check https://www.hackerone.com. It looks fine.
Bug bounties are fine. Alternatively you could try reversing some more niche domain specific software where security tends to be a bit more lax. It’s good fun getting some real world experience developing and chaining together exploits.
Congratulations to you too! I would like to get into the pentester space, I’ve done blue teaming in my role unintentionally because our company wouldn’t hire security individuals. I’d more inclined to go this route over network security engineer type roles.
Should I just go straight into OSWE or do any other courses such as elearnsecurity?
I did my OSWE a month ago and I’d say If you’re fine with coding and reviewing code for small to medium sized applications then give OSWE a crack, otherwise I’d probably leave it a little while longer.
Hi, time for the next step. Go for Certified Ethical Hacker (CEH). Considering your learning curve you should nuke it in less than 6 months.
Excuse my irony.
I haven’t passed OSCP yet, but I have a brief overview on the certs.
If you want to study more about infrastructure and stuff like that just go for OSCE and keep grinding on HackTheBox ladder and pwn everything - reverse, misc, web, pro labs.
If you want to get yourself into bug bounty, go for OSWE, get a subscription on pentesterlab and start mastering web.
For me personally, I’d feel a lot more entitled if I were Omniscent or Guru on HTB rather than being an OSCP. I also feel and hope employers will start to take HTB Rankings seriously in the near future.
I’ve heard any cert besides OSCP isn’t worth the investment because employers don’t actually care, and OSCP is the big HR filter. So do whatever to learn in the areas you want to learn in, whatever that may be.
Hi, time for the next step. Go for Certified Ethical Hacker (CEH). Considering your learning curve you should nuke it in less than 6 months.
Excuse my irony.
I haven’t passed OSCP yet, but I have a brief overview on the certs.
If you want to study more about infrastructure and stuff like that just go for OSCE and keep grinding on HackTheBox ladder and pwn everything - reverse, misc, web, pro labs.
If you want to get yourself into bug bounty, go for OSWE, get a subscription on pentesterlab and start mastering web.
For me personally, I’d feel a lot more entitled if I were Omniscent or Guru on HTB rather than being an OSCP. I also feel and hope employers will start to take HTB Rankings seriously in the near future.
CEH is not the next step after OSCP…CEH is many, many steps before OSCP. CEH is mostly a total waste of time, but it’s definitely a total waste of time if you have OSCP – unless some government job just needs you to have it for whatever stupid reason.
Hi, time for the next step. Go for Certified Ethical Hacker (CEH). Considering your learning curve you should nuke it in less than 6 months.
Excuse my irony.
I haven’t passed OSCP yet, but I have a brief overview on the certs.
If you want to study more about infrastructure and stuff like that just go for OSCE and keep grinding on HackTheBox ladder and pwn everything - reverse, misc, web, pro labs.
If you want to get yourself into bug bounty, go for OSWE, get a subscription on pentesterlab and start mastering web.
For me personally, I’d feel a lot more entitled if I were Omniscent or Guru on HTB rather than being an OSCP. I also feel and hope employers will start to take HTB Rankings seriously in the near future.
CEH is not the next step after OSCP…CEH is many, many steps before OSCP. CEH is mostly a total waste of time, but it’s definitely a total waste of time if you have OSCP – unless some government job just needs you to have it for whatever stupid reason.
Hi, time for the next step. Go for Certified Ethical Hacker (CEH). Considering your learning curve you should nuke it in less than 6 months.
Excuse my irony.
I haven’t passed OSCP yet, but I have a brief overview on the certs.
If you want to study more about infrastructure and stuff like that just go for OSCE and keep grinding on HackTheBox ladder and pwn everything - reverse, misc, web, pro labs.
If you want to get yourself into bug bounty, go for OSWE, get a subscription on pentesterlab and start mastering web.
For me personally, I’d feel a lot more entitled if I were Omniscent or Guru on HTB rather than being an OSCP. I also feel and hope employers will start to take HTB Rankings seriously in the near future.
CEH is not the next step after OSCP…CEH is many, many steps before OSCP. CEH is mostly a total waste of time, but it’s definitely a total waste of time if you have OSCP – unless some government job just needs you to have it for whatever stupid reason.
Hi, time for the next step. Go for Certified Ethical Hacker (CEH). Considering your learning curve you should nuke it in less than 6 months.
Excuse my irony.
I haven’t passed OSCP yet, but I have a brief overview on the certs.
If you want to study more about infrastructure and stuff like that just go for OSCE and keep grinding on HackTheBox ladder and pwn everything - reverse, misc, web, pro labs.
If you want to get yourself into bug bounty, go for OSWE, get a subscription on pentesterlab and start mastering web.
For me personally, I’d feel a lot more entitled if I were Omniscent or Guru on HTB rather than being an OSCP. I also feel and hope employers will start to take HTB Rankings seriously in the near future.
I agree with everything you said regarding HTB, I’m seriously considering not focusing on another certification and just focus on getting the experience. I’m more relax that way and it’s flexible with my new job.
I have to say I don’t agree with CeH. There isn’t a lot of respect for that certification nor do I believe it’s the next step for OSCP, as a few have already mentioned. I don’t have time for multiple choice exams at the moment, I get more out of the practical exams :).
@0x16 By the way Just to let you know OSWE. Is more into the developer side of things.
Source code review is heavily done in the exam.
If you are a web developer and have web developing experience aka comfortable reviewing source code.
It will be highly recommended to smooth it all out.
I guess you can also do WAPT from Elearn as well?
To be honest, its best if you understand the whole infrastructure before exploiting it.
OSCP taught only basics in Web exploitation as its a network based pentest course instead.
If you are patience or you have web dev background then I assume you will pawn more bug bounties than a regular pentester that doesn’t have knowledge on most web technology frameworks.
Don’t be kids that just learned SQLI and call themselves a pentester lol.
The real hackers and pentesters are actually programmers and system administrations itself.
Turns you are the blue team. Great! You guys usually learn both red teaming and blue teaming techniques together.
How about you go join the blue team in web application? Maybe you will get 3 bug bounties the next day.
This isn’t going to be a write up of my experiences with OSCP. However happy to answer any questions that don’t break OS rules.
As the title states, I’ve recently cleared my OSCP. Considering next steps.
Little about me, I’ve been a network engineer for the past 6 years. I’m the sort of person that gets bored easily and always wants a challenge. So July 2019 I started on HTB (had no intention to do my OSCP), ippsec videos, all the good OSCP prep sites. Fast forward to November 2019 I’m OSCP certified.
I’m considering next steps. I start a new job in a week, they need a senior network engineer to finalise a big contract they have for the first 6 months. I’ve made it clear that my intention is to break into the security field, always been a passion of mine. They are keen to support me in doing this considering the supply/demand for people/roles is woeful at the moment.
However I don’t like sitting idle, I can do network engineering in my sleep. I need something to preoccupy my mind out of hours.
Looking at OSWE or OSCE, both look interesting, a friend of mine suggested eWPT. Should I start with eWPT and then consider OSWE? What did you do?
Alternatively, should I start looking into bug bounties? With the intention to get experience under my belt? Where do I begin?
Regards,
0x16
congrats go for elearn security course as they are up to date