-
Join the MyBroadband community
South Africa’s biggest forum. Discuss, discover, and connect with thousands of members.
-
Question of the Day: What's the most interesting small town you've visited in South Africa?
SensePost Training
- Thread starter noosphere
- Start date
I haven't done the SensePost training, but they are respected in the field and also present their training at Black Hat every year.
If you are looking for class room based training, then Sensepost is the way to go.
Don't waste your time with CEH, it doesn't mean much to employers.
If you are looking for online based training, then have a look at OSCP as well, it's one of the most respected certifications in the pentesting field: https://www.offensive-security.com/...ning/penetration-testing-training-kali-linux/
If you are looking for class room based training, then Sensepost is the way to go.
Don't waste your time with CEH, it doesn't mean much to employers.
If you are looking for online based training, then have a look at OSCP as well, it's one of the most respected certifications in the pentesting field: https://www.offensive-security.com/...ning/penetration-testing-training-kali-linux/
Last edited:
Hi
I've looked at OSCP and can honestly say I do not think I am ready for that just yet. I'm still very much fresh when it comes to network and web app exploitation. So I am (slowly) making my way through a python course and also looking at the Security Tube free video's on Metasploit.
I do not mind self-study... but having access to a lab environment would be 1st prize.
I also read some negative comments on CEH and that the exam itself doesn't truly test your ability
Thanks for your comments
I've looked at OSCP and can honestly say I do not think I am ready for that just yet. I'm still very much fresh when it comes to network and web app exploitation. So I am (slowly) making my way through a python course and also looking at the Security Tube free video's on Metasploit.
I do not mind self-study... but having access to a lab environment would be 1st prize.
I also read some negative comments on CEH and that the exam itself doesn't truly test your ability
Thanks for your comments
Great, no matter which course you decide to take, you will need to have basic networking knowledge, including concepts like subnetting etc, python/perl/bash scripting knowledge is required.
When you do the OSCP course, it includes a huge virtual lab with a lot of vulnerable machines, there are also staff that can help point you in the right direction if you are struggling to understand certain concepts.
There is also a free metasploit course that you can do, it comes with a vulnerable VM to practice on: https://www.offensive-security.com/metasploit-unleashed/
When you do the OSCP course, it includes a huge virtual lab with a lot of vulnerable machines, there are also staff that can help point you in the right direction if you are struggling to understand certain concepts.
There is also a free metasploit course that you can do, it comes with a vulnerable VM to practice on: https://www.offensive-security.com/metasploit-unleashed/
Last edited:
pinball wizard
Honorary Master
I've done sensepost training. It is very good.
Noah
Expert Member
- Joined
- Jan 21, 2008
- Messages
- 1,562
- Reaction score
- 24
I'm feeling it ;_;.
ActivateD
Expert Member
OSCP was fun. I enjoyed it from start to finish as for the SensePost training I have not done it but I have heard good things as well.
@all- (mainly)for those that have the OSCP cert, what position/title do you hold at work? whats your backgroundI am curious to know if most are pentesters, network security folk etc etc or just peeps interested and enjoy breaking/learning like me.
I started like most in desktop,networks and moved onto infrastructure. I now find myself in Information Security ( the least technical role I have ever had) ... so something like OSCP probably will not do wonders for my career.
I started like most in desktop,networks and moved onto infrastructure. I now find myself in Information Security ( the least technical role I have ever had) ... so something like OSCP probably will not do wonders for my career.
Last edited:
MrR
Expert Member
I think that is the most general evolution of one's career - moving from pure techie to InfoSec where you have much more input into the decisions around infrastructure, architecture, information/technology risk management and security governance. Having a certification like OSCP, CEH, CISSP and the likes will open opportunities for you (at the very least it can be used to demonstrate foundational/practical understanding of InfoSec concepts), but experience is also (and obviously) quite essential to your career growth.
As always, you've got to ask yourself - where do you want to end up in 10-20 years time and what path do you need to take to get there.
@MrR - I fully agree with your post. For 2016 I am writing CISSP and might attempt CISM in June, however I dont want to lose touch with the technical side of things and that is the main reason for wanting to do the SensePost training and or OSCP
Last edited:
MrR
Expert Member
Would recommend CISM if you want certification in/knowledge of the overall management of InfoSec. It will/can boost your career in infosec and IT/IS governance. No to discourage, but just a word of caution - make sure you have sufficient work experience before attempting CISM. The course content and questions database to help with prep is very different to the test paper. The study material doesn't prepare you for practical application and insights that experience offers.
If you write it in June, I'll see you there. Will be doing other certification
Would recommend CISM if you want certification in/knowledge of the overall management of InfoSec. It will/can boost your career in infosec and IT/IS governance. No to discourage, but just a word of caution - make sure you have sufficient work experience before attempting CISM. The course content and questions database to help with prep is very different to the test paper. The study material doesn't prepare you for practical application and insights that experience offers.
If you write it in June, I'll see you there. Will be doing other certification
Thanks for the word of caution...I heard the exact same from a close friend who wrote CISM in 2011! Also, I first have to make it over the CISSP hurdle. you doing CRISC ???
MrR
Expert Member
CRISC in June and 2017/2018 CGEIT and will decide between CISM or ISO related stuff later (2020?). The idea is that it would benefit a rounded (generalist-specialist) career in IT/IS management (in next 5-10 years) and ultimately an opportunity for a role as CIO (in 15 years).
Another course to look at for people with no knowledge of security is ISACAs cyber security fundamentals course. It really doesn't delve into technical level stuff, but is a good introduction to cyber security. Personally, I wouldn't look at any of the other CSX courses they provide.
Also had a quick chat with our security guys. They "strongly recommend" sensepost training as well as looking at Wolfpack, DiData and MWR (albeit specialised training) for class room training courses. I haven't personally attended these, but our infosec guys (both tech and non-techie) hold lots of knowledge.
Consider attending ITWebs security summit/conference next year.
ActivateD
Expert Member
I started out as a identity and access management consultant before I decided I wanted to be a penetration tester. I played around with some vulnerable VMs (https://www.vulnhub.com/) to really test myself and I found that I really enjoyed the challenge so I decided to do OSCP. I did OSCP without having no experience just a love for the industry and wanting to prove to myself that I can do it. The thing I like about OSCP is that it taught me to think laterally and rely less on vulnerability assessment tools such as Nessus. Right now I am a full time penetration tester and I am totally loving it.
My background has always been in security, more defensive security like firewalls, IDS/IPS that sort of thing. The other type of security stuff was just a hobby at the time, but I do that full time now.
I get to speak to a lot of people who pass the Offensive Security courses and it happens often that they will tell me how getting the OSCP certification allowed them to get a job as a pentester etc.
it's been a while since i've visited MYBB (work gets in the way sometimes) ... just wanted to thank everyone for the feedback... my Sensepost training hasnt been approved at work.. "too technical for what an Information Security Officer does" is what I was told... LOL.
looks like its back to late nights,coffee, and relationship neglect if ima get this done :-D.... and then get back into the tech realm
looks like its back to late nights,coffee, and relationship neglect if ima get this done :-D.... and then get back into the tech realm
For those who have done training with Sensepost, how did you get the dates and details for training? I'm not having any luck getting feedback from them with regards to training.
Are there any good training institutions offering CISSP courses?
Are there any good training institutions offering CISSP courses?