|
| 1 | +--- |
| 2 | +layout: post |
| 3 | +date: 2024-10-01 |
| 4 | +title: "Test" |
| 5 | +categories: [] |
| 6 | +tags: [] |
| 7 | +--- |
| 8 | +## Introooooo |
| 9 | +Writing this blog for two separate purposes :> |
| 10 | +1. To answer (my opinion) on the "Which Cert Should I do to get into Pentesting???" question. |
| 11 | +2. To summarize thoughts on random certifications I do and provide a reference to myself and others when I forget how my experience was down the line. |
| 12 | + |
| 13 | +It is important to note that passing a certification does not necessarily get you a job. |
| 14 | +There's some really magical tech people with 100 certifications and others with 0. |
| 15 | +I take these exams for fun, as passing them provides a clear benchmark of what I’ve learned. |
| 16 | + |
| 17 | +## Which Cert Should I do to get into Pentesting??? |
| 18 | +tl;dr - If you're looking to get into pentesting, I recommend CPTS. Shameless plug - [My referral link](https://referral.hackthebox.com/mzwwH42) |
| 19 | + |
| 20 | + |
| 21 | +Going to be discussing a short review of eJPTv2, CPTS and OSCP. |
| 22 | +### eLearnSecurity Junior Penetration Tester (eJPTv2) - Jan. 2023 |
| 23 | +##### Introduction |
| 24 | +eJPTv2 was my first offensive certification and an excellent introduction to penetration testing. At the time, it cost $249, which included access to all the videos and materials. |
| 25 | +##### Content and Format |
| 26 | +The material was foundational, covering networking, operating systems, basic exploitation, and Metasploit. It primarily consisted of videos, with occasional labs to apply the knowledge. The exam required practical exploitation within a virtual environment but relied on MCQ and fill-in-the-blank questions for answers. |
| 27 | +##### Experience and Takeaways |
| 28 | +I enjoyed the structured approach and found it great for an introduction to pentesting as the content was fairly basic, and the semi-practical exam format felt less immersive. Since eLearnSecurity merged with INE, I’m unsure how the new version compares. I’d recommend eJPTv2 to absolute beginners in pentesting. It’s a solid starting point, though more hands-on certifications may provide a better practical experience. |
| 29 | +### Hack The Box Certified Penetration Testing Specialist (CPTS) - Oct. 2023 |
| 30 | +##### Introduction |
| 31 | +HTB CPTS was my second offensive certification. It requires 100% completion of the Penetration Tester Job Role path on `academy.hackthebox.com`. |
| 32 | +##### Content and Format: |
| 33 | +The material is entirely text-based, but most sections of each module include a standalone box for practicing the learned concepts. While some modules felt more annoying than others, all the necessary content to pass the exam is included within the coursework. The exam itself is a 10-day, non-proctored challenge, designed to provide ample time to complete without disrupting your work or personal life. However, I dedicated 10 hours a day to the exam and still failed my first attempt. The certification content dives deeper than most "entry-level" certifications. |
| 34 | +##### Experience and Takeaways |
| 35 | +The exam's extended format and depth of content set it apart from other entry-level certifications. Despite its challenges, I appreciated the comprehensive approach and found the hands-on labs particularly useful. I highly recommend HTB CPTS to those looking for a challenging entry into pentesting. The emphasis on practical skills and detailed modules makes it a valuable experience. |
| 36 | +### OffSec Certified Professional (OSCP) - Nov. 2023 |
| 37 | +##### Introduction |
| 38 | +I took OSCP within a month after HTB CPTS. This was mostly to hit the HR Checkbox, and I also ended up buying the Learn One subscription for the second chance. |
| 39 | +##### Content and Format |
| 40 | +I mostly skimmed the content. All of the content from OffSec was pretty much covered by HTB previously, but there was some additional information which I covered. The content here is also present in text form, with some video options. Some of the content has to be expanded upon in your own time to thoroughly understand it. Lastly, at the end of the modules there's multiple labs that are meant to prepare you for the real exam. I think these labs do a great job in terms of preparing you for the OSCP exam. The exam is proctored, which is something. Could be a little annoying if you have any spatial restrictions or technical issues. |
| 41 | +##### Experience and Takeaways |
| 42 | +This exam was a piece of cake after CPTS. I passed in a few hours and started writing the report. This is definitely easier than CPTS in my opinion, but results may vary. I could have had an easy exam environment. Going into this without experience of eJPTv2 and CPTS probably would have required a lot more studying and stress. |
| 43 | +### Haha, so which one |
| 44 | +So, there's hundreds of different certifications you COULD take as an 'intro to pentesting'. Primarily discussing the most popular, reputable, and practical ones here. The main ones are OSCP, PNPT and CPTS. |
| 45 | + |
| 46 | +As I have not taken PNPT, industry professional [Andrew Lentz](https://www.linkedin.com/in/andrew-lentz-53b20826a/) descibres PNPT as |
| 47 | +``` |
| 48 | +Andrew's take on PNPT |
| 49 | +``` |
| 50 | + |
| 51 | +From a cost perspective, PNPT and CPTS are both wayyyyy cheaper than OSCP if it is coming out of your pocket. OSCP is more reputable when it comes industry recognition and checking a box from HR. I personally do not see all the hype around OSCP after my easy experience with the exam. Difficulty wise, CPTS is more difficult than OSCP given the longer exam length and in-depth content. PNPT also gets a realistic bonus as you must present a technical debrief in front of a live panel, which is not seen in of the other certifications. The infrastructure and community is also a big factor in these certifications. HackTheBox as a welcoming community through their discord and support via online services (depending on subscription tier). OffSec's community help is primarily through discord support tickets, which is different. Lastly, there have been complaints about infrastructure issues regarding exam and lab environments. I faced little infrastructure issues with either of these exams. |
| 52 | + |
| 53 | +I think regardless of who is paying, CPTS is the best bang for your buck. The content is super detailed and the exam is very challenging. If you haven't taken any certficaition exams before, taking eJPTv2 or Security+ may be a good introduction to cybersecurity and material. If money is not a factor in this equation, do both. CPTS will give you the content, while OSCP gives you the reputation. |
| 54 | + |
| 55 | +Also, check out PinkDraconian and eatthebuffet for additional coverage. |
| 56 | +[PinkDraconian's Youtube Video (CPTS vs OSCP)](https://www.youtube.com/watch?v=-5s2R0Mldgw) |
| 57 | +[eatthebuffet's Blog Post](https://eatthebuffet.github.io/posts/CPTS-or-OSCP/) |
| 58 | + |
| 59 | + |
0 commit comments