@d1ss0 said:
Many thanks for the review! I’m considering to take AWAE myself and any thoughts from people who have done it are useful in assessing whether it is worth the effort.So far I have OSCE, OSCP, CISSP and ISO27001 LI. It sounds like AWAE is structured pretty much the same as CTP (the course that leads to OSCE). You probably won’t be as impressed about the up-to-dateness of the materials on CTP, but I felt it gave me a great starting point to get into exploit development. Like AWAE it won’t be hugely useful if you mostly do black-box engagements and don’t have much time allocated for exploit development, but it at least teaches you hands-on the basics of the exploit development part.
CISSP is great for getting basic understanding and big picture of pretty much every domain in information security from regulation to physical access controls. There’s a saying that the knowledge of a CISSP is “mile wide, but only inch deep”, which has truth in it. It can give perspective on business risk management to a pentester and help communicate the risks better, but in practice it’s most beneficial for non-pentesting security auditors, ISMS consultants and security managers. I did the exam few years ago and it has most likely changed from what it used to be, but I dare to say it will be much less of an effort than the offsec certs you have done. Of course requires different type of capability to learn (less hands-on and more about understanding what you have read and what is exactly being asked).
Thanks for the info on CISSP. It seems like CISSP is the way to go, but since I’m more focused on red-teaming, I fear it might take a lot of my time on something that might not be directly useful for my work. I think it will definitely be useful for the future, though.
And as for CTP, that’s why I’m postponing it for now. I have been practicing advanced exploit development lately, including advanced heap and kernel exploitation, which are taught in OSEE.
From What I see in the CTP syllabus, it seems very outdated, and it might be better to way for a new update for the course, similar to the OSCP one.
Now both OSWE and OSCP are 2019+, I assume this should be the one to be updated next.