Post

I Love Certifications

Introooooo

I am writing this blog for two purposes :]

  1. To give my opinion on the “Which Cert Should I do to get into Pentesting???” question.
  2. To summarize thoughts on random certifications I do and provide a reference to myself and others when I forget how my experience was down the line.

It is important to note that passing a certification does not guarantee a job.
I take these exams for fun, as passing them provides a clear benchmark of what I’ve learned.

Which Cert Should I do to get into Pentesting???

tl;dr - If you’re looking to get into pentesting, I recommend CPTS. Shameless plug - My referral link
"AI-Generated Meme Showing Random People Looking at Certifcations"

This part discusses a brief review of eJPTv2, CPTS, and OSCP.

eLearnSecurity Junior Penetration Tester (eJPTv2) - Jan. 2023

Introduction

eJPTv2 was my first offensive certification, and an excellent introduction to penetration testing. At the time, it cost $249, which included access to all the videos and materials.

Content and Format

The material was foundational, covering networking, operating systems, basic exploitation, and Metasploit. It primarily consisted of videos, with occasional labs to apply the knowledge. The exam required practical exploitation within a virtual environment but relied on MCQ and fill-in-the-blank questions for answers.

Experience and Takeaways

I enjoyed the structured approach and found it great for an introduction to pentesting as the content was fairly basic, and the semi-practical exam format felt less immersive. Since eLearnSecurity merged with INE, I’m unsure how the new version compares. I’d recommend eJPTv2 to absolute beginners in pentesting. It’s a solid starting point, though more hands-on certifications may provide a better practical experience.

Hack The Box Certified Penetration Testing Specialist (CPTS) - Oct. 2023

Introduction

HTB CPTS was my second offensive certification. It requires 100% completion of the Penetration Tester Job Role path on academy.hackthebox.com.

Content and Format:

The material is entirely text-based, but most sections of each module include a standalone box for practicing the learned concepts. While some modules felt more annoying than others, all the necessary content to pass the exam is included within the coursework. The exam itself is a 10-day, non-proctored challenge, designed to provide ample time to complete without disrupting your work or personal life. However, I dedicated 10 hours a day to the exam and still failed my first attempt. The certification content dives deeper than most “entry-level” certifications.

Experience and Takeaways

The exam’s extended format and depth of content set it apart from other entry-level certifications. Despite its challenges, I appreciated the comprehensive approach and found the hands-on labs particularly useful. I highly recommend HTB CPTS to those looking for a challenging entry into pentesting. The emphasis on practical skills and detailed modules makes it a valuable experience.

OffSec Certified Professional (OSCP) - Nov. 2023

Introduction

I took OSCP within a month after HTB CPTS. This was mostly to hit the HR Checkbox, and I also ended up buying the Learn One subscription for the second chance.

Content and Format

I primarily skimmed through the content. All of the content from OffSec was pretty much covered by HTB previously, but there was some additional information which I covered. The content here is also present in text form, with some video options. Some of the content has to be expanded upon in your own time to thoroughly understand it. Lastly, at the end of the modules there’s multiple labs that are meant to prepare you for the real exam. I think these labs do a great job in terms of preparing you for the OSCP exam. The exam is proctored, which is something. Could be a little annoying if you have any spatial restrictions or technical issues.

Experience and Takeaways

This exam was a piece of cake after CPTS. I passed in a few hours and started writing the report. In my opinion, this exam was easier than CPTS, though experiences may vary. I could have had an easy exam environment. Going into this without experience of eJPTv2 and CPTS probably would have required a lot more studying and stress.

Haha, so which one

So, there’s hundreds of different certifications you COULD take as an ‘intro to pentesting’. Primarily discussing the most popular, reputable, and practical ones here. The main ones are OSCP, PNPT (Practical Network Penetration Tester) and CPTS.

As I have not taken PNPT, industry professional Andrew Lentz describes PNPT as

TL;DR about me. I come from a healthcare -> Voice Over -> Outside Sales background; zero prior IT/Cyber Security experience.

The course took you from OSINT gathering -> username enumeration -> light web app attacks/vulns -> Internal Foothold -> AD enumeration and common lateral movement/privilege escalations -> full domain compromise. Everything you need to pass the PNPT certification exam is in the training.

The format of the exam is, I believe, as close to a real world External/Internal Penetration test as possible. Without giving much away, you start from an external perspective and then have to compromise your way into a “decent” sized AD environment. You get 5 days to complete the test, and an additional 2 days to complete the report. At the end, once the report was submitted, reviewed, and approved you then had a 30-minute debrief with someone from the TCM Security team. Experience and Takeaways

With this being my only hacking cert (currently), It was a great experience. After failing my first attempt…expecting a “git gut” attitude from TCM and their community, I was met with nothing but positivity. At the end of the day, this isn’t a CTF-type challenge. So, after going back to the course, updating my notes, redoing some of the provided labs, I was able to pass the exam in 2-1/2 days.

The knowledge and skills learned from this course and exam set a great foundation for me as a Pentester. What is always great about TCM and the PNPT is they have a huge community of people (via their discord). This was definitely a positive because at the time I didn’t know anyone in the cyber field, and now have friends across all aspects of the beast that is Cyber Security. I couldn’t recommend this certification enough! While it Is “entry” level, TCM did release a “Junior” version of this exam that is even more appropriate for those brand new to Cyber Security. 10/10, would take this exam again. -Andrew

From a cost perspective, PNPT and CPTS are both significantly less expensive than OSCP if it is coming out of your pocket. OSCP is more reputable when it comes industry recognition and checking a box from HR. I personally do not see all the hype around OSCP after my easy experience with the exam. In terms of difficulty, CPTS is more difficult than OSCP given the longer exam length and in-depth content. PNPT also gets a realistic bonus as you must present a technical debrief in front of a live panel, which is not seen in any of the other certifications. The infrastructure and community is also a big factor in these certifications. HackTheBox has a welcoming community through their discord and support via online services (depending on subscription tier). OffSec’s community help is primarily through discord support tickets, which is different. Lastly, there have been complaints about infrastructure issues regarding exam and lab environments. I faced little infrastructure issues with either of these exams.

I think regardless of who is paying, CPTS is the best bang for your buck. The content is super detailed and the exam is very challenging. If you haven’t taken any certification exams before, taking eJPTv2 or Security+ may be a good introduction to cybersecurity and material. If money is not a factor in this equation, do both. CPTS will give you the content, while OSCP gives you the reputation.

Also, check out PinkDraconian and eatthebuffet for additional coverage.
PinkDraconian’s Youtube Video (CPTS vs OSCP)
eatthebuffet’s Blog Post

Other Certifications

I suppose I’ve taken some other certifications. Here they are with a short review on each.

CompTIA Security Plus (SY0-701) - Oct. 2022

Introduction

I completed the CompTIA Security+ exam because everyone recommends this going into cybersecurity. I was not completely new to cybersecurity when I decided to pursue this exam. I took this my junior year of college.

Content and Format:

You can pass this exam using Professor Messer’s Videos and one other source of material (that hopefully comes with practice questions). The content isn’t really given to you for CompTIA exams. CompTIA posts exam objectives and an acronym list that can be very useful for passing the exam. You should be able to recall almost all of the acronyms. This exam is proctored and consists of mostly multiple choice questions (MCQ) with a few performance based questions (PBQs).

Experience and Takeaways

I think this is a great introduction to information technology / cybersecurity lingo. This exam essentially taking acronyms, being able to define them and use them in a practical scenarios. Security+ can be passed with a relatively low amount of studying due to the multiple choice questions; however, it is very practical in terms of conversing in a real work environment. I would recommend this exam to almost anyone new to IT.

GIAC Foundational Cybersecurity Technologies (GFACT) - Oct. 2022

Introduction

I took this exam because I won the course from a CTF competition.

Content and Format:

This exam has good foundational knowledge related to cybersecurity. It covers multiple introductions to Linux, Windows, security, operating systems, forensics, exploitations, hardware, and programming. It pretty much touches on all aspects of IT and security. The exam format is (I think) completely multiple choice.

Experience and Takeaways

This is a very pricey exam if it is not payed for by an employer. I would not recommend paying out of pocket for this exam and some generalized self-study would cover the content quite well. Nevertheless, the content is very sufficient. It details all of the concepts and provides great examples. The instructor (pre-recorded videos) also explained all of the topics very well. I think money would be better spent on more advanced GIAC certs, but this exam taught me they have very well-structured material.

Cisco Certified Networking Associate (CCNA) - Mar. 2023

Introduction

I took this exam because I wanted to verify my networking skills from my college networking classes. This took an exceptional amount of grindy studying in order to understand complex networking topics.

Content and Format:

I highly recommend watching Jeremy’s IT Lab to learn the content on this exam. Additionally, you must practice with packet tracer and learn specifics of networking protocols. The exam consists of a lot of multiple choice questions as well as multiple practical networking examples where you must configure/fix a network.

Experience and Takeaways

I thought I was failing this exam the entire time until the exam was over. I did really well on the practical questions and apparently decent enough on the multiple choice questions. This exam is definitely a great coverage of most networking concepts that provide a foundation of networking that is likely sufficient for all different areas of IT (except like networking or cloud). I recommend this exam as it requires a decent understanding of networking concepts and requires practical demonstrations opposed to Network+.

CompTIA Pentest Plus (PT0-003) - May 2024

Introduction

YOLO’d this one. I took the beta version of this exam because it was 50$. This was fun because I said to myself “surely if I can hack a box I can pass Pentest+”.

Content and Format:

Similar to Security+, the content is a lot of acronyms and correctly using them in their respective scenarios. I didn’t study any of the content for learning.

Experience and Takeaways

This was a fun exam to take, but I wouldn’t exactly recommend it. You can learn the acronyms, definitions, and examples of everything on your own. I don’t think this holds much weight or value for practically being able to pentest.

Hack The Box Certified Bug Bounty Hunter (CBBH) - Jun. 2024

Introduction

I went through the Hack The Box’s academy web modules in order to learn more about web app pentesting. Consequently, I decided to do the exam to prove my skills.

Content and Format:

Content is exactly the same as the HTB CPTS review. Text-based modules with multiple labs to practically apply the knowledge. The content focuses on a wide range of web vulnerabilities. The exam format is a 7-day exam where you must achieve a certain amount of flags in order to pass. Luckily, I passed this exam on the first try and I thought it was very difficult (similar difficulty to CPTS). I spent all of my nighttime hours attempting to break into the different web apps. Yet again, all of the content needed for the exam is provided in the material.

Experience and Takeaways

For a web pentesting certification at this price, amazing. I would recommend for anyone who loves pentesting and wants to learn more about web vulnerabilities.

OffSec Wireless Professional (OSWP) - Aug. 2024

Introduction

I took this exam because I knew nothing about wireless hacking. I also had a free attempt due to me purchasing the Learn One subscription through OffSec. I took about 2 weeks of scattered studying before attempting the exam.

Content and Format:

There is sufficient information regarding wireless technologies, attacks and mitigations. The content is text based I did not like how OffSec essentially required you to buy hardware in order to practice this exam. I would heavily recommend checking out Wi-Fi Challenge Labs for a virtualized setup. The exam is 4 hours and requires 2/3 networks hacked to pass.

Experience and Takeaways

I wouldn’t go out of my way to take this content and exam to learn about Wi-Fi hacking. If you have the Learn One subscription, more knowledge is always great. I did learn valuable techniques. It might also be worth checking out the creator of the Wi-Fi Challenge Labs and their recent training.

This post is licensed under CC BY 4.0 by the author.