The Ultimate Infosec Certifications Guide

[j4ck]

OSED is well worth a look if Windows exploitation is your thing! Only 32bit x86 though 😤

48hr exam is tough but definitely enough time to get through it all 

[clarkee]

My approach was just to develop a clear methodology, have everything written down as step-by-step instructions.  Try not to get stuck down rabbit holes, or make assumptions based on the initial nmap scan - investigate everything calmly and clearly and you will find your way 🙂

Even the BOF is only a 5 step process for the simple example they give in the course material (the exam BOF is just as the course teaches it - they're not trying to trick you!)

[webshell]

On 11/7/2022 at 3:03 PM, Florian said:

wasn't there also a shit storm against EC Council because they behaved like assholes? hatespeech, rascis, misogyn etc? 

https://www.infosecurity-magazine.com/blogs/the-story-of-the-eccouncil-gender/

[latortuga71]

Ive done all the offsec certs, and i would say its definitely worth the investing when starting out. Especially if self taught.

[netsendHello]

I too recommend the offsec certs, why not, they teach a lot and guide you through it (while forcing you to learn for yourself). I found them all pretty interesting and I wouldn't have learnt assembly had it not been for OSED.

[Donquixote Doflamingo]

8 hours ago, netsendHello said:

I too recommend the offsec certs, why not, they teach a lot and guide you through it (while forcing you to learn for yourself). I found them all pretty interesting and I wouldn't have learnt assembly had it not been for OSED.

i was planning on getting the OSED after i graduate this year. Question for the Offsec certs do they require any pre requisite knowledge before starting any of them? 

 

 

[netsendHello]

41 minutes ago, Donquixote Doflamingo said:

i was planning on getting the OSED after i graduate this year. Question for the Offsec certs do they require any pre requisite knowledge before starting any of them? 

 

 

I think just knowing how to a buffer overflow is enough (what you would have learned from the old OSCP challenge) - but it certainly helps to know about ROP, ASLR, some RE or assembly knowledge would go a long way too. I personally found with OSED I was quite out of my depth, but it was really interesting along the way.

[synackbar]

I have completed quite a few of the "popular" certs during my career in tech and InfoSec. The most helpful for cybersec fundamentals IMHO were CCNA and GCIA. GCIA is an amazing course and the exam was extremely difficult in a good way. If you are going to be doing any NetSec, DFIR, Malware analysis etc, being able to fully understand packet captures and network traffic is incredibly useful..and dare I say...required. You haven't lived until you can convert ECN flags from a header by sight.

I know a lot of people make fun of or are highly critical of CISSP(i am one of them, even though I have it). While I think most of the criticism is legit (how high should a perimeter fence be again?), it is a good measure for having a holistic wide view and understanding of InfoSec. It's a mile wide and an inch deep. I got my CISSP only because my manager at the time made it a requirement for team leads. Overall it's not a bad cert for more governance minded folks, but I find that area of InfoSec dull, so I really didn't like studying for the exam.

[hyperreality]

The link in the OP is fantastic, I had no idea how many architecture and risk management certs there are. The GSE cert at the top claims to be "the most prestigious credential in the IT security industry" but I've never heard of it before.

I'm considering taking the OSCE3 soon, and wondered if people in this forum would be interested in a regular thread of progress and findings.

Edited November 18, 2022 by hyperreality