OSCP cleared, next steps

Bug bounties are fine. Alternatively you could try reversing some more niche domain specific software where security tends to be a bit more lax. It’s good fun getting some real world experience developing and chaining together exploits.

Type your comment> @0x16 said:

Hi heromain,

Congratulations to you too! I would like to get into the pentester space, I’ve done blue teaming in my role unintentionally because our company wouldn’t hire security individuals. I’d more inclined to go this route over network security engineer type roles.

Should I just go straight into OSWE or do any other courses such as elearnsecurity?

I did my OSWE a month ago and I’d say If you’re fine with coding and reviewing code for small to medium sized applications then give OSWE a crack, otherwise I’d probably leave it a little while longer.

I would say go for the OSWE…it has greater market value and it’s not outdated

Hi, time for the next step. Go for Certified Ethical Hacker (CEH). Considering your learning curve you should nuke it in less than 6 months.

Excuse my irony.

I haven’t passed OSCP yet, but I have a brief overview on the certs.

If you want to study more about infrastructure and stuff like that just go for OSCE and keep grinding on HackTheBox ladder and pwn everything - reverse, misc, web, pro labs.

If you want to get yourself into bug bounty, go for OSWE, get a subscription on pentesterlab and start mastering web.

For me personally, I’d feel a lot more entitled if I were Omniscent or Guru on HTB rather than being an OSCP. I also feel and hope employers will start to take HTB Rankings seriously in the near future.

I’ve heard any cert besides OSCP isn’t worth the investment because employers don’t actually care, and OSCP is the big HR filter. So do whatever to learn in the areas you want to learn in, whatever that may be.

Type your comment> @halisha said:

Hi, time for the next step. Go for Certified Ethical Hacker (CEH). Considering your learning curve you should nuke it in less than 6 months.

Excuse my irony.

I haven’t passed OSCP yet, but I have a brief overview on the certs.

If you want to study more about infrastructure and stuff like that just go for OSCE and keep grinding on HackTheBox ladder and pwn everything - reverse, misc, web, pro labs.

If you want to get yourself into bug bounty, go for OSWE, get a subscription on pentesterlab and start mastering web.

For me personally, I’d feel a lot more entitled if I were Omniscent or Guru on HTB rather than being an OSCP. I also feel and hope employers will start to take HTB Rankings seriously in the near future.

CEH is not the next step after OSCP…CEH is many, many steps before OSCP. CEH is mostly a total waste of time, but it’s definitely a total waste of time if you have OSCP – unless some government job just needs you to have it for whatever stupid reason.

Type your comment> @heromain said:

Type your comment> @halisha said:

Hi, time for the next step. Go for Certified Ethical Hacker (CEH). Considering your learning curve you should nuke it in less than 6 months.

Excuse my irony.

I haven’t passed OSCP yet, but I have a brief overview on the certs.

If you want to study more about infrastructure and stuff like that just go for OSCE and keep grinding on HackTheBox ladder and pwn everything - reverse, misc, web, pro labs.

If you want to get yourself into bug bounty, go for OSWE, get a subscription on pentesterlab and start mastering web.

For me personally, I’d feel a lot more entitled if I were Omniscent or Guru on HTB rather than being an OSCP. I also feel and hope employers will start to take HTB Rankings seriously in the near future.

CEH is not the next step after OSCP…CEH is many, many steps before OSCP. CEH is mostly a total waste of time, but it’s definitely a total waste of time if you have OSCP – unless some government job just needs you to have it for whatever stupid reason.

###Excuse my irony.

Type your comment

edit: dafuq, you cant delete posts? sigh

Type your comment> @halisha said:

Type your comment> @heromain said:

Type your comment> @halisha said:

Hi, time for the next step. Go for Certified Ethical Hacker (CEH). Considering your learning curve you should nuke it in less than 6 months.

Excuse my irony.

I haven’t passed OSCP yet, but I have a brief overview on the certs.

If you want to study more about infrastructure and stuff like that just go for OSCE and keep grinding on HackTheBox ladder and pwn everything - reverse, misc, web, pro labs.

If you want to get yourself into bug bounty, go for OSWE, get a subscription on pentesterlab and start mastering web.

For me personally, I’d feel a lot more entitled if I were Omniscent or Guru on HTB rather than being an OSCP. I also feel and hope employers will start to take HTB Rankings seriously in the near future.

CEH is not the next step after OSCP…CEH is many, many steps before OSCP. CEH is mostly a total waste of time, but it’s definitely a total waste of time if you have OSCP – unless some government job just needs you to have it for whatever stupid reason.

###Excuse my irony.

My bad; that one went over my head :slight_smile:

Type your comment> @halisha said:

Hi, time for the next step. Go for Certified Ethical Hacker (CEH). Considering your learning curve you should nuke it in less than 6 months.

Excuse my irony.

I haven’t passed OSCP yet, but I have a brief overview on the certs.

If you want to study more about infrastructure and stuff like that just go for OSCE and keep grinding on HackTheBox ladder and pwn everything - reverse, misc, web, pro labs.

If you want to get yourself into bug bounty, go for OSWE, get a subscription on pentesterlab and start mastering web.

For me personally, I’d feel a lot more entitled if I were Omniscent or Guru on HTB rather than being an OSCP. I also feel and hope employers will start to take HTB Rankings seriously in the near future.

I agree with everything you said regarding HTB, I’m seriously considering not focusing on another certification and just focus on getting the experience. I’m more relax that way and it’s flexible with my new job.

I have to say I don’t agree with CeH. There isn’t a lot of respect for that certification nor do I believe it’s the next step for OSCP, as a few have already mentioned. I don’t have time for multiple choice exams at the moment, I get more out of the practical exams :).

Thanks

@0x16

I was ironic about CEH :).

Well, as George Hotz says, you don’t need any certification or approval from any authority to become a hacker. Learn learn learn.

But it may raise your monthly salary :wink:

go Elearning PTP and PTX,if you want more challenges

@0x16 By the way Just to let you know OSWE. Is more into the developer side of things.

Source code review is heavily done in the exam.
If you are a web developer and have web developing experience aka comfortable reviewing source code.

It will be highly recommended to smooth it all out.
I guess you can also do WAPT from Elearn as well?

To be honest, its best if you understand the whole infrastructure before exploiting it.
OSCP taught only basics in Web exploitation as its a network based pentest course instead.

If you are patience or you have web dev background then I assume you will pawn more bug bounties than a regular pentester that doesn’t have knowledge on most web technology frameworks.

Don’t be kids that just learned SQLI and call themselves a pentester lol.
The real hackers and pentesters are actually programmers and system administrations itself.

Turns you are the blue team. Great! You guys usually learn both red teaming and blue teaming techniques together.

How about you go join the blue team in web application? Maybe you will get 3 bug bounties the next day.

Type your comment> @0x16 said:

Hi all,

This isn’t going to be a write up of my experiences with OSCP. However happy to answer any questions that don’t break OS rules.

As the title states, I’ve recently cleared my OSCP. Considering next steps.

Little about me, I’ve been a network engineer for the past 6 years. I’m the sort of person that gets bored easily and always wants a challenge. So July 2019 I started on HTB (had no intention to do my OSCP), ippsec videos, all the good OSCP prep sites. Fast forward to November 2019 I’m OSCP certified.

I’m considering next steps. I start a new job in a week, they need a senior network engineer to finalise a big contract they have for the first 6 months. I’ve made it clear that my intention is to break into the security field, always been a passion of mine. They are keen to support me in doing this considering the supply/demand for people/roles is woeful at the moment.

However I don’t like sitting idle, I can do network engineering in my sleep. I need something to preoccupy my mind out of hours.

Looking at OSWE or OSCE, both look interesting, a friend of mine suggested eWPT. Should I start with eWPT and then consider OSWE? What did you do?

Alternatively, should I start looking into bug bounties? With the intention to get experience under my belt? Where do I begin?

Regards,
0x16
congrats go for elearn security course as they are up to date

Type your comment> @newbiewas said:

Type your comment> @0x16 said:

Hi all,

This isn’t going to be a write up of my experiences with OSCP. However happy to answer any questions that don’t break OS rules.

As the title states, I’ve recently cleared my OSCP. Considering next steps.

Little about me, I’ve been a network engineer for the past 6 years. I’m the sort of person that gets bored easily and always wants a challenge. So July 2019 I started on HTB (had no intention to do my OSCP), ippsec videos, all the good OSCP prep sites. Fast forward to November 2019 I’m OSCP certified.

I’m considering next steps. I start a new job in a week, they need a senior network engineer to finalise a big contract they have for the first 6 months. I’ve made it clear that my intention is to break into the security field, always been a passion of mine. They are keen to support me in doing this considering the supply/demand for people/roles is woeful at the moment.

However I don’t like sitting idle, I can do network engineering in my sleep. I need something to preoccupy my mind out of hours.

Looking at OSWE or OSCE, both look interesting, a friend of mine suggested eWPT. Should I start with eWPT and then consider OSWE? What did you do?

Alternatively, should I start looking into bug bounties? With the intention to get experience under my belt? Where do I begin?

Regards,
0x16
congrats go for elearn security course as they are up to date

Yo. Have you take any courses from them?

Type your comment> @Money said:

Yo. Have you take any courses from them?

yea just try there PTS and have course content of PTP :slight_smile:

Type your comment> @newbiewas said:

Type your comment> @Money said:

Yo. Have you take any courses from them?

yea just try there PTS and have course content of PTP :slight_smile:

Will PTS and PTP actually prepare me for OSCP? I don’t think that’s always the case though.

I did PTS roughly 1.5 years ago and OSCP a half year ago.
PTS gives you a bit of understanding, especially if you are not familiar with using Linux.
But in terms of difficullty you can not compare both. its just diffrent leagues.
If you want some more Infos you can PM me.

Type your comment> @Baikuya said:

I did PTS roughly 1.5 years ago and OSCP a half year ago.
PTS gives you a bit of understanding, especially if you are not familiar with using Linux.
But in terms of difficullty you can not compare both. its just diffrent leagues.
If you want some more Infos you can PM me.

Hello what about PTP and PTPX?