Yeti

Ice? Size: 1500x1500 HD: i.imgur.com/lb7AR1v.jpg #Minecraft

@KyanHexagon @joehelle @OttySec @ine @TCMSecurity Also there are lots of friendly student admins to assist you. I got help from them before and it seems to be just what you're hoping for. I was straight up told "you should try X".

@SphaeraTerra @joehelle @OttySec @ine @TCMSecurity I wouldn't care so much except OSCP is THE gatekeeping cert right now when it comes to HR. Some of their practices don't sit right with me so that's why I discuss them. I don't dislike offsec personally, but as a customer I'd like better. As an industry professional I want better

The benefits of artificially raising the difficulty of the OSCP: increasing revenue by squeezing money out of people trying to get into the industry and marketing the cert to employers by pointing to the difficulty as a positive and saying "cert holders really know their stuff"

@KyanHexagon @joehelle @OttySec @ine @TCMSecurity If you took the older course (before 2020 update), I'd say it's crap. Have you taken the upgrade? I really feel the new one being 800 ish pages...theres a lot that beginners can chew through without being lost. + 1/3 of the lab machines imo very beginner friendly.

@KyanHexagon @joehelle @OttySec @ine @TCMSecurity Well the paradigm I think, is that if someone who is very beginner ish level - then the exercises will benefit them and should be done. Agreed someone should be able to pass w/o external training. I know most who took the course with me did.

@SphaeraTerra @joehelle @OttySec @ine @TCMSecurity The labs are valuable but how is someone without outside experience supposed to take advantage of those labs if the provided materials are bad/insufficient? Shouldn't someone who is spending >$1000 for a cert and training be able to pass that cert with the purchased training?

@KyanHexagon @joehelle @OttySec @ine @TCMSecurity If you don't like the cert anyways, thats cool too. There are far more senior red teamers than I without any offsec certs, they just have their skills from experience. I appreciate TCM etc effort to make education cheaper. I actually took his course for $10 before OSCP.

@SphaeraTerra @joehelle @OttySec @ine @TCMSecurity The things discussed all artificially increase the difficulty needlessly and that was the point of the thread. This difficulty extracts value from students. If you're fine with that, cool. I'm not and I think they can and should do better for their paying customers.

@KyanHexagon @joehelle @OttySec @ine @TCMSecurity I think a lot of the difficulty can be sidelined though. I went for 60 days of lab, aimed for 75% completion. Was very hard going but I managed to finish all the lab. I found the exam wasn't the big scary obstacle I thought it was.

@joehelle @KyanHexagon @OttySec @ine Haven't done those...I'll add them to my list for my spare time. I have to say a lot of PWK was just researching for me, 8 months ago I couldn't crack easy boxes, now I'm able to test against EDR + red team. So I'm maybe more appreciative of the "try harder" mentality I got since

@SphaeraTerra @KyanHexagon @OttySec @ine Thank you. I built it after I had issues on the eCPPT buffer overflow so other students would see something a bit more exam-related. Relevant and Internal are my others.

@joehelle @KyanHexagon @OttySec @vhackinglabs They're great too but no exam, also missing a lot of the curiosities of some of the harder PWK boxes.

@SphaeraTerra @KyanHexagon @OttySec cough @vhackinglabs cough

@joehelle @KyanHexagon @OttySec @ine Your buffer overflow on TryHackMe is great, I haven't done any others. It seems perfect for PWK but I think it's similar in quality. Maybe I could name 5 lab boxes that are "bad" in the labs, but mostly because they're too quick.

@SphaeraTerra @KyanHexagon @OttySec @ine Not to mention I think you'll find the labs I've created for the TryHackMe platform are far better than anything you'd see in the PWK environment.

@joehelle @KyanHexagon @OttySec @ine I'm sure whoever that is they're as senior as the lab creators :)

@SphaeraTerra @KyanHexagon @OttySec @ine Or argue with the senior pentester who does this daily. To each their own I guess.

@KyanHexagon @OttySec I dove into the machines because I was familiar with the basic concepts taught in the exercises. A lot of the materials teach entry level concepts, if you know these concepts there's no point practicing them relentlessly.

@SphaeraTerra @OttySec I'm not happy with the materials that include vague questions which you can't get help with. It seems designed to run out your lab time before you can get a chance to get to those good labs. You said yourself you eventually gave up on the exercises.

@KyanHexagon @joehelle @OttySec @ine @TCMSecurity Because you're whining a lot about things that aren't really problematic like "difficulty". I've agreed with valid criticism but a lot of this is quite silly.

@SphaeraTerra @joehelle @OttySec @ine This companies and @TCMSecurity are already doing what you say you hope they do. That's the whole point of this thread. If you want Offsec to be better why spend so much time defending their shitty practices? This is valid criticism

@joehelle @KyanHexagon @OttySec @ine Cool for you. There was no Win XP labs when I took it. If you want to argue whats real world vs not, go argue with the senior pentesters who created the lab machines.

@SphaeraTerra @KyanHexagon @OttySec @ine What part of a five year old ColdFusion lab is taken from a current, real world pentest? Give me a break. PWK had Windows XP labs in it when I took it. I learned more about network pentesting from eLearn/INE than I ever did in PWK.

@KyanHexagon @OttySec I mention them because apparently you're not happy with the labs....which are more than enough to pass.

@SphaeraTerra @OttySec So if outside resources aren't needed why bring them up as a defense for offsec's lacking? What if I said for every 10 professional pentesters who are silently happy about the exam there are a hundred who think it can/should be better? It's easy to say things with no backing.

@joehelle @KyanHexagon @OttySec @ine INE labs are exercises vs taken from real pentests? I hope INE one day do challenge OffSec to force them to up their game. I plan to take some of their blue certs later on, they're definitely the best in those.

@SphaeraTerra @KyanHexagon @OttySec Cough @ine cough

@KyanHexagon @joehelle @OttySec I believe theres plenty to improve but If you study the lab techniques you're fine. There exists no other company offering the quality of labs based on real world engagements atm. No one, for roughly $1000. They could 7k if they wanted, be like SANS. (which would be crap)

@SphaeraTerra @joehelle @OttySec Not sure why you're so against holding a leading certification provider to a higher standard. They are making a lot of money from people and not being transparent. I understand the difficulty also benefits current cert holders but I want better for the people coming after me.

@KyanHexagon @OttySec For every professional pentester complaining about the exam, there are 10 more quite happy with it, including myself :) I mentioned additional resources because you simply learn more, not needed for exam mostly. I'd still advise the lab is very similar to the exam (2020 lab).

@SphaeraTerra @OttySec I'm fine believing professional penetration testers who say the exam does not match real-world experience. Also I don't think I should have to use outside materials to pass a certification exam I spent >$1000 on that comes with materials and labs. That's just a bad product

@joehelle @OttySec @KyanHexagon Yes they can just click a button and migrate from shared to private labs, it's that easy. All their other new courses feature private labs and I hope they update pen200 for this as well.

@SphaeraTerra @OttySec @KyanHexagon It's 2021. AWS is cheap. There's no excuse for shared labs. The deprecated, shitty looking dashboard is already there - just add some start/stop buttons for individual machines and let students do it themselves like everything else they peddle.

@KyanHexagon I'll agree with you on the exercises, I skipped them eventually and just spent my time doing labs. Didn't feel they were as much help. Surely the examiners give sets of boxes that are somewhat similar in difficult is my point, even if different topics are tested.

@SphaeraTerra My point about the cost of extending lab time is that the exercises are vague and they don't provide help artificially extending the time it takes. As to your second question unless each tester is receiving the same boxes during their exam there will be differences in difficulty