ELearnSecurity vs. OSCP

Recently…

I have seen a lot of conversation about the difference in both these providers of penetration testing courses or hacking courses. So below I’m going to give you my run down of the 2. Also I’m stating now that I aint the best at spelling and grammar so dont be a fuck-tard and start correcting my shit, just read and get on with it!

Now I just want to let you know I have my OSCP Certificate and my eJPT (Junior Penetration Tester) certificate and have bought but not completed the ELearnSecurity PTP cource. So from here on I speak about my opinions, of which are my own, and my experience with both of these.

So if you’re new to the Cyber Security world and you wanna become a fu*king hacker baby! then you would’ve definitely have googled “how to become a hacker”, “how do I start in penetration testing” or “does my cat secretly watch me while I sleep”. Okay maybe not that last one, but yeah the other two. I know I did when I first started, and right now you’ll get lots of different results and thats how you might of even ended up here. Eventually you’ll work out that you need to get OSCP and maybe some other certificates or qualifications but you tend to always read “OSCP is a must, to get a job in Cyber security”. Then you realize that OSCP is a bit f*cking mental and probably for the 1337 wannabe hackers, so you start looking around for courses in penetration testing and hacking and you’ll find this company called ELearnSecurity, which deliver complete beginner courses in penetration testing. So lets go in to that and talk differences about ELearnSecurity’s PTS (Penetration Testing Student) source and OSCP.

ELearnSecurity

So ELearnSecurity is first of all amazing, it really is. Head over to their website and check out the courses they provide. When I did this exactly 2 years ago today I found myself really interested in the PTS course (Penetration Testing Student) which was their course for people with NO EXPERIENCE AT ALL!!! So I bought it, and got started!

Looking at the syllabus I felt pretty confident I could jump in to this and invest a few hours a day learning their powerpoint style material and the videos at the end of each section drilling in everything you learnt in utter detail!

PTS Syllabus

The course takes you through a very structured way of learning, it teaches you all the basics you need to know like NMAP scans and different flags to use, what and how XSS scripts and SQL Injections work, how to exploit SMB attacks and many more. Each section generally teaches you a subject and then finishes it with a video or 2 about it, where the instructor shows you step by step what you just learned in the slides, this method of teaching is really good and really drove home certain points you need to remember. Then once you have learnt that section, lets say on NMAP it then gets you to start the “NMAP Lab” where you will then open the challenges for that lab and it will ask you something like “What ports are open on the 3 computers in the network” and then you put to test everything you learned from that NMAP section. Below is a list of labs from PTSv3! I think they’re on V5 now but as far as im aware not to much has changed just some more stuff added, when you buy the course you will get the latest and greatest version.

PTSv3 Labs

There sh*t is structured, nice and just damn right sexy. It will take you from an absolute n00bian and give you those foundations you will need to start enumerating shit and hacking things. It gives you enough experience that once completed you can start jumping on the active boxes in HTB or smash your way through the labs/VM’s in Vulnhub.

EXAM TIME. Once you have finished all the course material, the videos, and then completed all the labs (do them twice over). You will have to do your exam the eJPT exam, to test your new powers! Now the exam is good fun, here you will be presented with a domain network style pentest and have to hack your way through like 10 computers and 3 servers to answer questions that get given to you at the beginning. If I remember rightly there are about 20 questions ranging from things you will find in this domain network testy environment exam thingy and you have 3 days to complete this exam! Now honestly it took me around 8 hours to do the whole thing, and I was a NOOB! thats not to say its easy though!…

Once completed, and you submit your answers and you feel you have done and got everything you need you will hit that big fuc*ing submit button and wait, after a while the page will load up and it will tell you if you have passed or failed. Honestly its a beginner course and it will deffo teach you everything you need to know in order to pass and get your feet wet in the real world!

ELearnSecurity Recap:

  • Online course available 24/7.
  • Powerpoint type presentations.
  • Multiple Videos for each sections.
  • Individual labs for end of every section.
  • 3 Day Question based exam on domain network (more than enough time).

OSCP

Right where do I start with OSCP, there are a lot of reviews and blogs out there for this one so I will go over my findings of the course. OSCP is Offensive Security Certified Professional its considered the 31337 course and exam to prove to oneself that you’re a hacker/penetration tester. In order to become OSCP certified you will need to do their PWK course and pass the exam, details on that are here.

So I started my OSCP journey back in august 2018 and passed in February 2019, I’m not going to bore you with the details as the actual journey and write up can be found here. I will however tell you how its structured!

When you buy OSCP you will start it on the 2nd Sunday from the day you bought the course, I’m sure thats how it works. On day one you will get an email with all the course material and connection packages (VPN files) to get started.

Now when you have download all this you will have a folder called “oscp-pwk” or something along those lines and inside there are your ~350 page PDF manual and all the training videos. You open up the video training and it will look like the below.

OSCP Videos

You will be shown everything from netcat listeners to reverse shells, from exploiting SQL injections to privilege escalation and gaining root. Once you’ve gone through all the PDF and videos that they provide, which took me about a week, you will then VPN to the labs. once in you’re faced with a big domain network and left to do what you want, you’re free to go explore and hack your way through their network as long as you follow a couple rules and respect others that might be using or have used a box. I advise giving a box a reset before you jump on it! Below is a map of their network, you will start in the “Student Labs, Public Network” and hack your way through and pivot your way to other networks with the goal being admin department!

Now Offensive Security throughout their training will give you JUST enough information to get you started on boxes and then leave you to find the answers for yourself! For example they will show you what things to look for when hacking a web app on a server, but it will be up to you to find out how to hack the stuff on the website like the E-commerce shop on there or how to hack the actual web server the web app sits on.

With OSCP you will find yourselves in Google a lot searching up exploits for certain versions of things or finding out how to privilege escalate a Windows/Linux computer. You will also find yourself in Exploit-DB a lot which is basically, in short, a library of exploits for all sorts of things! and sometimes you will have to make changes to them exploits!

The Exam is basically 5 computers separate from each other, and all have their own unique ways of being pwned, you have to pwn it and get a shell and then root/admin it to get full points for it. Each of the 5 boxes are point based and you have to get 70 POINTS OUT OF 100 WITHIN 24 HOURS TO WIN! Below is a quick look at what boxes are worth, points wise.

  • 25 point box ( Buffer Over Flow )
  • 25 point box
  • 20 point box
  • 20 point box
  • 10 point box

Therefore its up to you how you tackle this and get your points! BUT thats not the end! once you’ve got all your points you will then need to WRITE A REPORT WITHIN 24HRS! and this is all back to back so from the moment you start your exam you have basically 48 hours to hack sh*t up and get a report back to Offensive Security, then takes a couple days to get your results! You best make sure you report is shit hot cause they can and will fail you for spelling or grammar mistakes!!! Sh*t they will fail you for sending them the report unencrypted, but dont worry you will be told how to do this when the time comes!

OSCP Recap:

  • ~350 page PDF Manual.
  • Offline Video led training.
  • 24/7 access to domain network lab.
  • Offensive Security show only enough to get you started.
  • A lot you learn as you go through labs and research.
  • 24hr Practical Exam.
  • 24hr Report Writing.

Conclusion

If your starting your journey in to Cyber Security and you wanna become a f*cking awesome hacker and you dont know where to start then head over to ELearnSecurity and do their PTS (Penetration Testing Student) course, then once completed jump on OSCP, skip their PTP (Penetration Testing Professional) course as you wont need it to pass OSCP! OSCP will teach you enough to pass their exam if you go in to it knowing the foundations of hacking.

If your already hacking things and know your way around enumeration a bit and can comfortably exploit things and get shellz then skip ELearn’s PTS and jump straight on to OSCP and start bashing away at that. OSCP will take you from foundation knowledge to advanced and get you hacking away even better than you was.

Remember that OSCP is also a beginner course, this is something a lot of people forget and they do provide some mega good training, but after that your left to do your own research and exploitation.

Any questions let me know… Hope you enjoyed!

and for those out there now doing your OSCP or eJPT exam then I say this to you!

3 thoughts on “ELearnSecurity vs. OSCP

Add yours

  1. I havent’t taken any of these courses but i will quote someone that has done both:

    “eLearnSecurity will actually make someone an actual professional hacker – OSCP will not, but only provide a research methodology. eLearnSecurity is a massive course that will give value for both Network and Web App Penetration testing. IMPO eLS is superior.”

    “OSCP, at best, is a CTF with heavy research…and teaches nothing more than that… for those that ONLY have that 1 cert — can not do much on pen testing engagements and are at a total lost on what to do in real life pen tests… and that is a fact and reality that I have seen personally… anyone with eCPPT can pass the OSCP – but not the other way around…”

    Like

      1. I haven’t taken any of these. But i have eJPT course for free (INE free pass) and will give it a go. The person i quoted above is a 50 years old Senior Pentester who had done both. He was emphasizing the importance of eLearnsecurity certs (like PTSv4, PTPv5). And he also wrote that he got huge ROI for PTP. Simply put Quality>Quantity. But i agree that OSCP has the street cred which helps you get a job.

        Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: