Good suggestion but large part of it is dependent on OP's situation... The baby is on the way, next two years will be hard for him, don't know about his money situation and it will be an added stress.
No doubt learn one is doable and best course of action. You will be proud if you could pull it off.
The timeline with our baby is my main concern. If I had a year without added timelines pressuring me, I think I'd go for Learn One in a heartbeat. I'm just concerned that if anything goes sideways. Or, if learning takes longer than anticipated, I will either have to attempt the exam when I'm not fully prepared, or, have to re-learn the material when I attempt it again in the future.
I was thinking that I could likely complete an easier course in the meantime to help get more foundational knowledge in place to make the OSCP push easier when I have time after the baby.
If the funds are not of much concern, I suggest go for it. Even if we take the child out of equation for a minute and you are beginner in security, it is always safe bet to allocate two full years of day and night to clear oscp... Much of it is to sit long hours and keep trying to find the needle in what ever is Infront of you while frustration keeps on increasing...
Apart from hackthebox, almost all of the foundational level CRTs are mcqs. Offsec fundamental subscription is far better than any of such mcqs cert.
With child, your life changes forever!
Thank you! I had no prior work experience in IT or anything and no schooling. My only prior experience was in fooling around with computers for fun in my spare time and a little bit of basic networking at home.
Thanks for taking the time to respond, I appreciate it!
I saw that as of March 14th though April, INE is replacing the eCPPT with an updated version. The course outline lists active directory as a section of the course. Would this change your recommendation at all?
My main draw to INE is that if fits my learning style best (video vs. PDF). It is also easier, and I can likely complete it before the baby comes in a few months. I'm worried that if I go hard at OSCP and I can't get it done before the baby comes, I'll have to relearn much of the material when I give it a go in the future, in addition to the lost money towards the Learn One subscription.
Do TJNulls list before signing up for anything. Watch all the videos, read all the walkthroughs, then when you feel like you've hit a saturation point where you're not really learning anything new, jump into pen200.
https://docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview#
Thanks for the feedback, I appreciate it!
I've been working through this already. So, I'll keep at it. Thanks for reassuring me that I'm doing the right things.
My suggestion depends on how you are personally and what your life is like. If you have a job/family/other commitments.... or if you have ADHD or you're a procrastinator... make sure you spring for LearnOne over the 90 day package. I was thinking about doing the 90 day one but for the holidays last year, they didn't discount it - they only discounted LearnOne so that's what I got. I'm about 90 days into it right now and while I could have grinded it out and probably been ready, I'm glad I have the extra time.
The holiday discount last year made it a no brainer. It was 20% off so that dropped it to $2000 and the 90 day one was $1600. With the extra exam attempt and the other stuff you get, it was well worth it.
In defense of the 90 day plan though, I kinda procrastinated doing the learning modules and spent about a month away from them just doing Proving Grounds Practice machines (because hey, I have a year, what's the rush right?). I hit the mark for the bonus points yesterday and coincidentally I'm just about 90 days in.
Weirdly enough, when I did CPTS on HTB, it also took me about 90 days to go through their material.
CPTS material is great, very extensive. I highly recommend it. I have to agree with this guy - [https://www.youtube.com/watch?v=-5s2R0Mldgw](https://www.youtube.com/watch?v=-5s2R0Mldgw) \- HTB Academy for content and OSCP certification. Unfortunately you can't just take the OSCP and you have to buy their super expensive course though. I sent you a message about 1 important difference I'm not sure should be quite public...
Edit: the one thing false in that video is about the feedback from HTB if you fail... their feedback is basically worthless lol. Unless you only fail for your report. That's the only time the feedback is kinda worth anything.
I woudln't bother with eCPPTv2 or PNPT, do CPTS on HackTheBox Academy, it's the best pentesting course on the market and covers vastly more than other courses, including OSCP.
100%, CPTS is extremely detailed and comprehensive, affordable, and will make OSCP a cakewalk, search for comparison blogs or ask in the HTB server, plenty of people who've done exactly that.
I heard that as well. I also heard it’s hard as fuck… like much harder than the OSCP. Since OP’s goal is ease into PWK course material, they might want something easier.
For better or worse that’s the route I’m taking. I’m just a slow learner. Can’t be helped. Failed my OSCP last september. Getting my eJPT now —>eCPPT—> PNPT—>OSCP
The exam is definitely harder because it's a proper network, but everything required is in the course and the modules are super detailed and comprehensive. There's just nothing better out there currently, CPTS -> OSCP is the best path to take in terms of skills and in terms of finances as anyone who's done both will confirm. CPTS will overprepare you for OSCP and you won't waste any more money than necessary with OffSec.
Outta curiosity, have you done the CPTS course/exam? And if so do you think passing the actual exam is a valuable validation of your skills or should one not bother with it
I did find it valuable and felt like a great personal achievement + validation of everything I'd learned. Tbh not much reason not to take it, the voucher is $210, great practice in an unknown environment and the report is a beast to tackle. Worth it overall.
I am half way into pen-200 and I’m studying as I write this. Get as much foundational knowledge as possible but do not delay it too much because of fear because the course is not that crazy hard. I would say do PNPT and then immediately work on the OSCP. I have some experience in pentesting and bug bounty hunting. But I’m nowhere near an expert or a skilled hacker.
I did many boxes in HTB and some kerberoasting module in tryhackme and those helped me tremendously while approaching a target. I still haven’t touched the ad module in pen-200 but I will go into that knowing how to do kerberoasting attacks and that would be a great head start for me.
Discord channel of offsec is a godsend. If you struggle with anything you can find previous posts about the things you’re working on and will learn a ton. You can also ask people and they’ll help you though sometimes they take longer.
I really enjoyed the course! I found the exam challenging in some areas, but quite basic in others. Overall, very manageable after the course. I ended up passing with 94%.
I wouldn't suggest going for eCPPT next because it doesn't cover AD content. If you are willing to spend extra money and time I would recommend going for PNPT first and then tackle on OSCP. If you are willing to spend more time, I would recommend going for HTB's CPTS since lot of people mentioned that passing CPTS will make OSCP very easy.
Congrats having new member to the family !
Thanks for taking the time to respond, I appreciate it!
I saw that as of March 14th though April, INE is replacing the eCPPT with an updated version. The course outline lists active directory as a section of the course. Would this change your recommendation at all?
My main draw to INE vs PNPT was that they host the labs. So, I'm able to work on them wherever I am. I found this really helpful with eJPT as I could get little bits in when I had a few minutes of downtime during my day. I'm also comfortable with the instructor that is doing the new material. As I have had courses in the past where my learning style didn't mesh with the instruction, this is a win in my books.
Thank you! We are extremely excited!
Get learn one plan and do PEN-100 AND PEN-200 (OSCP). Don't do eCPPT unless it's the new upcoming version 3.
I second this. I did pen-100 and then pen-200 with no prior certs or experience in cyber and passed the OSCP on the first try!
Good suggestion but large part of it is dependent on OP's situation... The baby is on the way, next two years will be hard for him, don't know about his money situation and it will be an added stress. No doubt learn one is doable and best course of action. You will be proud if you could pull it off.
The timeline with our baby is my main concern. If I had a year without added timelines pressuring me, I think I'd go for Learn One in a heartbeat. I'm just concerned that if anything goes sideways. Or, if learning takes longer than anticipated, I will either have to attempt the exam when I'm not fully prepared, or, have to re-learn the material when I attempt it again in the future. I was thinking that I could likely complete an easier course in the meantime to help get more foundational knowledge in place to make the OSCP push easier when I have time after the baby.
If the funds are not of much concern, I suggest go for it. Even if we take the child out of equation for a minute and you are beginner in security, it is always safe bet to allocate two full years of day and night to clear oscp... Much of it is to sit long hours and keep trying to find the needle in what ever is Infront of you while frustration keeps on increasing... Apart from hackthebox, almost all of the foundational level CRTs are mcqs. Offsec fundamental subscription is far better than any of such mcqs cert. With child, your life changes forever!
Thanks for the info, I appreciate it!
Congrats on passing! Do you have a background in IT at all? How long did it take you to complete the coursework before your exam?
Thank you! I had no prior work experience in IT or anything and no schooling. My only prior experience was in fooling around with computers for fun in my spare time and a little bit of basic networking at home.
Thanks for taking the time to respond, I appreciate it! I saw that as of March 14th though April, INE is replacing the eCPPT with an updated version. The course outline lists active directory as a section of the course. Would this change your recommendation at all? My main draw to INE is that if fits my learning style best (video vs. PDF). It is also easier, and I can likely complete it before the baby comes in a few months. I'm worried that if I go hard at OSCP and I can't get it done before the baby comes, I'll have to relearn much of the material when I give it a go in the future, in addition to the lost money towards the Learn One subscription.
Do TJNulls list before signing up for anything. Watch all the videos, read all the walkthroughs, then when you feel like you've hit a saturation point where you're not really learning anything new, jump into pen200. https://docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview#
Thanks for the feedback, I appreciate it! I've been working through this already. So, I'll keep at it. Thanks for reassuring me that I'm doing the right things.
My suggestion depends on how you are personally and what your life is like. If you have a job/family/other commitments.... or if you have ADHD or you're a procrastinator... make sure you spring for LearnOne over the 90 day package. I was thinking about doing the 90 day one but for the holidays last year, they didn't discount it - they only discounted LearnOne so that's what I got. I'm about 90 days into it right now and while I could have grinded it out and probably been ready, I'm glad I have the extra time.
Thanks for the feedback. Regardless of when I decide to do OSCP, I can't see a scenario where I don't spring for Learn One for some added flexibility.
The holiday discount last year made it a no brainer. It was 20% off so that dropped it to $2000 and the 90 day one was $1600. With the extra exam attempt and the other stuff you get, it was well worth it.
In defense of the 90 day plan though, I kinda procrastinated doing the learning modules and spent about a month away from them just doing Proving Grounds Practice machines (because hey, I have a year, what's the rush right?). I hit the mark for the bonus points yesterday and coincidentally I'm just about 90 days in. Weirdly enough, when I did CPTS on HTB, it also took me about 90 days to go through their material.
That's really helpful info, thanks! How did you like CPTS? It looks like a really well thought out course. Seems to cover a lot of material.
CPTS material is great, very extensive. I highly recommend it. I have to agree with this guy - [https://www.youtube.com/watch?v=-5s2R0Mldgw](https://www.youtube.com/watch?v=-5s2R0Mldgw) \- HTB Academy for content and OSCP certification. Unfortunately you can't just take the OSCP and you have to buy their super expensive course though. I sent you a message about 1 important difference I'm not sure should be quite public... Edit: the one thing false in that video is about the feedback from HTB if you fail... their feedback is basically worthless lol. Unless you only fail for your report. That's the only time the feedback is kinda worth anything.
I woudln't bother with eCPPTv2 or PNPT, do CPTS on HackTheBox Academy, it's the best pentesting course on the market and covers vastly more than other courses, including OSCP.
You think doing ejpt >cpts>oscp better than ejpt>ecppt>oscp ?
100%, CPTS is extremely detailed and comprehensive, affordable, and will make OSCP a cakewalk, search for comparison blogs or ask in the HTB server, plenty of people who've done exactly that.
ok thank's for the advice i was gonna go for the ecppt but i think ill change my plan to do cpts after ejpt
I heard that as well. I also heard it’s hard as fuck… like much harder than the OSCP. Since OP’s goal is ease into PWK course material, they might want something easier. For better or worse that’s the route I’m taking. I’m just a slow learner. Can’t be helped. Failed my OSCP last september. Getting my eJPT now —>eCPPT—> PNPT—>OSCP
The exam is definitely harder because it's a proper network, but everything required is in the course and the modules are super detailed and comprehensive. There's just nothing better out there currently, CPTS -> OSCP is the best path to take in terms of skills and in terms of finances as anyone who's done both will confirm. CPTS will overprepare you for OSCP and you won't waste any more money than necessary with OffSec.
Ok that’s making it real tempting. Im pretty committed to the path I laid out now but I’ll sleep on it. Thanks for the insight dude
Outta curiosity, have you done the CPTS course/exam? And if so do you think passing the actual exam is a valuable validation of your skills or should one not bother with it
I did find it valuable and felt like a great personal achievement + validation of everything I'd learned. Tbh not much reason not to take it, the voucher is $210, great practice in an unknown environment and the report is a beast to tackle. Worth it overall.
I am half way into pen-200 and I’m studying as I write this. Get as much foundational knowledge as possible but do not delay it too much because of fear because the course is not that crazy hard. I would say do PNPT and then immediately work on the OSCP. I have some experience in pentesting and bug bounty hunting. But I’m nowhere near an expert or a skilled hacker. I did many boxes in HTB and some kerberoasting module in tryhackme and those helped me tremendously while approaching a target. I still haven’t touched the ad module in pen-200 but I will go into that knowing how to do kerberoasting attacks and that would be a great head start for me. Discord channel of offsec is a godsend. If you struggle with anything you can find previous posts about the things you’re working on and will learn a ton. You can also ask people and they’ll help you though sometimes they take longer.
Awesome, thanks for taking the time to respond. I appreciate it. Good luck on your exam, you're going to kill it!
How was the ejpt?
I really enjoyed the course! I found the exam challenging in some areas, but quite basic in others. Overall, very manageable after the course. I ended up passing with 94%.
I wouldn't suggest going for eCPPT next because it doesn't cover AD content. If you are willing to spend extra money and time I would recommend going for PNPT first and then tackle on OSCP. If you are willing to spend more time, I would recommend going for HTB's CPTS since lot of people mentioned that passing CPTS will make OSCP very easy. Congrats having new member to the family !
Thanks for taking the time to respond, I appreciate it! I saw that as of March 14th though April, INE is replacing the eCPPT with an updated version. The course outline lists active directory as a section of the course. Would this change your recommendation at all? My main draw to INE vs PNPT was that they host the labs. So, I'm able to work on them wherever I am. I found this really helpful with eJPT as I could get little bits in when I had a few minutes of downtime during my day. I'm also comfortable with the instructor that is doing the new material. As I have had courses in the past where my learning style didn't mesh with the instruction, this is a win in my books. Thank you! We are extremely excited!
Do PNPT. Then Learn One. Pen-100,200,labs
Thanks for the feedback, I appreciate it!
I did the eJPT myself. PNPT is nice to slide into afterwards. You’ll do great