Monday, 3 September 2012

CEH vs OSCP vs GPEN

Hey guys,

It's been an interesting few months for me, I moved to Manila, attended BlackHat 2012 in Vegas and I've completed my CEH, OSCP and GPEN certs. Time just seems to have flown by.

Anyhow, today I wanted to compare and contrast the CEH, OSCP and GPEN certifications. Hopefully it might provide some guidance to those folks interested in qualifications but don't know what to go for, what content is covered by each and whether its ultimately worth doing or not.


So first up Certified Ethical Hacker (version 7) by EC-Councilhttp://www.eccouncil.org/courses/certified_ethical_hacker.aspx

I completed this back in May and from what I remember it was heavily theory based (and at times not even the most relevant theory). The cert quite often focused on the basics, for example, what is DNS, what is a virus/worm/rootkit, the in's and outs of WPA/WEP, symmetric vs asymmetric encryption and key lengths and block sizes. Now while this is all excellent information I couldn't help wonder how useful this would actually be for most people on a day to day basis. So good information that's worth knowing, but maybe not all that relevant. And the one big thing missing from the CEH is some decent hands-on activities. They do give you a disc with some crappy windows tools and some simple exercises but it would be better just to have some exercises using the more powerful (and more relevant) tools in BackTrack.

For someone starting out in security this is a great introduction, they cover the basics as well as the most commonly used attack vectors. For me personally though, I found the material too dated, too high level and without good quality practical exercises at times I found myself bored and unmotivated.

Cost: $500 for exam only ($1000+ for course materials)
Rating: 6/10



Next up is the Offensive Security Certified Professional course offered by Offensive Security (the makers of BackTrack). http://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/

Wow, what a course. I started this back in October 2011 and after months of reviewing the material and working through the lab, i finally passed the exam in May 2012. This course is not for the faint hearted! There are two components, the study materials (videos/pdf textbook) and the lab. The course materials are very practical, every concept and activity is accompanied and demonstrated by a real example. And you are given exercises to complete for each section. The course covers what you actually need to be a certified ethical hacker (unlike the CEH!). It follows the usual attack methodology, recon/scanning/exploitation/persistance/pivoting and for each step you're guided through the theory, which tools to use and how to use the information you gain.

The lab is where the OSCP really shines. You are thrown into a virtual lab environment with 50 machines situated on different networks all with various vulnerabilities and hidden surprises. Your challenge is to hack your way through to the admin machines deep in the network. Putting theory into practice was such a great learning experience and I learnt that knowing theory and putting theory into practice are two very different things. A lot of what you need for the lab is not covered in the course material and you are forced to do background reading and research. It's this which separates the OSCP from other certifications. The OSCP motto - "Try Harder".

The exam is the icing on the cake. Instead of the usual multiple choice exam bullshit, you are challenged to hack a series of machines within 24 hours. Its pretty crazy but a hell of a lot of fun. Oh and you are required to submit a real life pentest report of all your activities in the lab!

Cost: ~$1500 (I extended my lab time a few times)
Rating: 10/10 



And last but not least, SANS 560 - Network Penetration Testing and Ethical Hacking (GPEN)http://www.sans.org/course/network-penetration-testing-ethical-hacking

I completed the multiple choice exam for this last week and after the OSCP I felt a little let down by this course. The material was decent, I completed the OnDemand version which was a series of powerpoint slides with narration by Ed Skoudis. Ed was really entertaining and did a great job of keeping the material interesting and relevant. My issue with this course was the depth. Whilst the content they covered was spot on, I felt they could have gone into more detail, in fact I wanted them to go into more detail. Its a shame that the material is written to fit in with the 6 day course because they ultimately have to compromise on the quality of the course. Ed, if you reading this, why not offer an online version that is twice as long and covers everything?

My favorite aspect of the course was the emphasis on providing business value. Logistically what is the best way to perform a penetration test? There's a lot to consider and Ed does a great job of breaking the tasks down and showing you how to effectively structure a full penetration test. He gives plenty of useful tips as well, for example, for large networks only scanning a subset of representative machines or obtaining firewall rules to reduce the time/cost of the test. And he gives a great overview of how to write an awesome final report.

Perhaps the biggest issue with this course is the price. For the course and exam it costs just under $5000 which for a set of online videos (only valid for 3 months) and a pile of books is a little overpriced to say the least.

Cost: ~$5000
Rating: 8/10


Summary

Certs are cool, its great to learn new things and brush up on the old. (And its cool to have some new letters after my name) Employers like certs, it shows that you know stuff and they will be more likely to choose you over someone with no certs. I learnt a lot doing all three certs, the OSCP was my favorite by far but it really is a baptism of fire and you need to be dedicated to it. The others were useful but more as a CV filler.

It was interesting at BlackHat and Defcon how a lot of people frowned on certs and tbh I do agree with them. For example both the CEH and GPEN used relatively easy 150 question multiple choice exams and the GPEN was open book. Realistically they aren't that hard to pass. So should you employ someone with these certs? Yes of course! Should you expect them to be super 1337? No. But how else can you judge if someone knows their shit? Experience alone?

I think what people don't like is these certs and others (I'm looking at you CISSP) are a convenient way for non-security and even non-IT folks to get into IT security when they have no real experience. More people working in security is great but in-experienced people deploying security in Fortune500 companies is probably not a good idea.

OSCP's (and OSCE's) are the exception to the rule, if you ever meet one of this rare breed, give them a pat on the back, they earned it.

This is pwndizzle, over and out.

76 comments:

  1. great review. I was initially going for CEH, but now I have to think things over because my worries seem to be true. It's to much talk.

    ReplyDelete
    Replies
    1. IEEE Final Year Project centers make amazing deep learning final year projects ideas for final year students Final Year Projects for CSE to training and develop their deep learning experience and talents.

      IEEE Final Year projects Project Centers in India are consistently sought after. Final Year Students Projects take a shot at them to improve their aptitudes, while specialists like the enjoyment in interfering with innovation.

      corporate training in chennai corporate training in chennai

      corporate training companies in india corporate training companies in india

      corporate training companies in chennai corporate training companies in chennai

      I have read your blog its very attractive and impressive. I like it your blog. Digital Marketing Company in Chennai

      Delete
  2. Agreed with "unknown" above. I was studying material for CEH but in regards to your comments here and based off Instructors from my InfoSec B.A recommending the same thing, I will definitely shift my purpose over to OSCP! Thanks!

    ReplyDelete
  3. Hi,

    I was planing on starting OSCP.... Can you please tell me how much is the exact OSCP exam fee is?

    ReplyDelete
  4. The OSCP exam is included when you buy the course. More information on fees can be found on the official page: http://www.offensive-security.com/information-security-training/penetration-testing-with-backtrack/

    Thanks for all the comments!

    ReplyDelete
  5. I kinda have to agree with your comments on CEH. It's one of the most over-hyped certifications in my country. They're just cashing in on the brand at the moment. The syllabus is horribly outdated. I wasted a my time and money on CEH. Now its on to OSCP!

    ReplyDelete
  6. Thanks for the writeup. I was originally thinking of going for the CEH, but the OSCP looks to be a better fit. I have my Sec+, CASP, and just passed the CISSP. Thanks for your help.

    ReplyDelete
  7. Great article... To summarize:
    CEH - Theory
    OSCP - Practical

    ReplyDelete
  8. Granted this article was written in 2012, has there been updates to how CeH is now being taught?

    It's too bad the GPEN class wasn't as hands on as you expected. From experience, SANS does try very hard to balance theory with the practical. The GCIH and GCFA (and possibly others) have end-course challenges that's verbatim Offensive Security.

    But you hit the nail on the head w/ SANS, they are still VERY expensive and many employers shy away from them unless they piss money. In SANS' defense, they are really are highly regarded and the material is constantly being updated to reflect the security landscape. Also, the folks who teach it are of very high caliber. The cost, to an extent, does reflect that commitment.

    Where OSCP shines is the hands-on lab/exam. However, the applicability of the hands-on seems to have limited use (at least in the US anyways) because much of it is either illegal or very little settings of where it could be applied. So, it's more of a "fun thing." But knowing how to break-in teaches one to defend against it as well. And that's value!

    ReplyDelete
  9. Great Review buddy,thanx .Now I can think about what i wanna do next !

    ReplyDelete
  10. This comment has been removed by the author.

    ReplyDelete
  11. Hey guys. Hmm, I'm currently doing my A-Level's, and I'm gonna sit for the exam this May 2015. I have a lot of interest in Computing. And I know some stuff about it, but they aren't going to do much in me achieving my goal. I want to become a CEH( Certified Ethical Hacker), so I picked up interest and started doing research. Only then I came across a lot of things. I understood one thing, achieving my goal isn't going to come in easy. My goal is to know everything about a hacking top to bottom. And I can't find one good reason, that is stopping me from achieving this goal. So, this site I came across had a lot of certification, and once I saw everyone of them, it was nothing was but mere curiosity of completing all those certifications. They are OSCP, OSWP, OSWE, OSEE, OSCE for those who know about this please reply me, I want complete everyone of these no matter how much hard work and dedication it takes. I just want to know how I should start with achieving my goal. You can contact me through gmail. (unophragith@gmail.com)

    ReplyDelete
  12. This comment has been removed by the author.

    ReplyDelete
  13. Thanks for sharing your experience and congratulations on your certifications! Sorry I didn't say that before! :-)

    ReplyDelete
  14. Thanks for your comments guys. I definitely think that not all certs fit all jobs. There are a lot of different jobs out there, from security analyst, to architect, to pentester, to SOC manager and more. Each will require different expertise. While the practical skills learned from the CEH/GPEN/OSCP will help all job roles, some will definitely benefit more than others :)

    ReplyDelete
  15. This comment has been removed by the author.

    ReplyDelete
  16. ‌I thank you for this review. It was really helpful. I will appear in CEH next month . I request you to give me certain advices and guidance for the same.

    ReplyDelete
  17. Very good comparison indeed. Thanks.

    ReplyDelete
  18. thanks for the review PwnDizzle! and congrats on the OSCP and all your other certs!

    and an update to the people asking about CEH more recently:
    Im doing CEH right now and it hasn't improved much from PwnDizzle's description. right off the bat it started pretty weak. I'm finished with all the video series and dont feel like the "master hacker" Ec-Council makes it out to be. A lot of it is theoretical so most of it wont really work in the real world unless the target is super vulnerable.

    Granted, The CEH is a good start for newbies, but If i could do it over I would look somewhere else for the basics.

    I'm just about to start the OSCP next. :)

    ReplyDelete
  19. Anyone know if the OSCP is available in the UK? Google isnt providing me much

    ReplyDelete
  20. Anyone plzz tell me that OSCP is available in Mumbai....Plzz provide me the info google dosent provide me info

    ReplyDelete
  21. Now this was a very helpful read. Thank you!

    ReplyDelete
  22. Thank you my friend. I was also going for CEH in which I am totally not interested :). But we should realize the worth of certs output rather than labeling/tagging via MCQs.
    Once again thanks and wish you success in your future endeavors.

    ReplyDelete
  23. I stumbled on to this blogpost precisely because I was disappointed with an overhyped certification and was looking for something hands-on. Thank you. OSCP seems like the way to go.

    ReplyDelete
  24. I just completed eCPPT (eLearnSecurity). Its similar to OSCP in that the exam is practical and you have to provide a penetration report for their review.

    There are several networks that you need to pivot through (not giving away as its in the Exam outline).

    You get 7 days testing and 7 days reporting to complete it. I think this was a great jumper into the OSCP which is next on the list.

    ReplyDelete
  25. I am about do do the GPEN this week in Austin. It is expensive but as has been expressed here, that should not be the determining factor for value. The fact it is business driver (Like our paychecks) makes it the most applicable for me especially when justifying to my employer.

    Excellent write-up BTW. I plan on doing a follow-up after GPEN and doing the OSCP cert but its just for my personal satisfaction. As someone said in another comment "Where can you apply it..." Its loke buying a formula 1 race car and not being able to drive it on the main roads as its not street legal.

    I will go for the bragging rights though....LOL

    Cheers
    Steve

    ReplyDelete
  26. Hey PD,

    Amazing review, however I saw some of the members commenting against CEH.

    To be honest, I will say that yes CEH is more of a theory but the content is very powerful and efficient.

    I highly recommend to go for CEH and then OSCP, as this will provide you with very strong theory and practical knowledge.

    ReplyDelete
    Replies
    1. I was thinking the same too, I would first go for CEH, and then OSCP in order to ace it :) Thanks for the advice Ashish

      Delete
  27. Very Nice Blog. Thanks for sharing such a wonderful message to users. Hacking or hackers are important for organizations. Nowadays, a lot of job opportunities have come up where it involves hacking. There are some of the best available options for Ethical Hacker Certifications. This certification is very useful to your career.

    ReplyDelete
  28. Very clear explanation. Please share more like that..


    RPA Training in Hyderabad

    ReplyDelete
  29. While you are planning to get Certified Ethical Hacker v10 Eccouncil Cerification. You also plan ahead getting study material for exam preparation like pdf files and pratice test software. I would suggest you get 100% real CEH certification exam 312-50 questions and practice test software from CertificationGenie they are best exam material provider. The holiday deals are awesome and might end up saving a lot of money.

    ReplyDelete
  30. I am Here to Get Learn Good Stuff About sap hana,Thanks For Sharing sap hana.sap hana training in bangalore

    ReplyDelete
  31. Its help me to improve my knowledge and skills also.im really satisfied in this sap hr session.sap hr training in bangalore

    ReplyDelete
  32. Wow it is really wonderful and awesome thus it is veWow, it is really wonderful and awesome thus it is very much useful for me to understand many concepts and helped me a lot.sap bw training in bangalore

    ReplyDelete
  33. This is the exact information I am been searching for, Thanks for sharing the required infos with the clear update and required points. To appreciate this I like to share some useful information.sap ehs training in bangalore

    ReplyDelete
  34. It is very good and useful for students and developer.Learned a lot of new things from your post Good creation,thanks for give a good information at sap crm.sap crm training in bangalore

    ReplyDelete
  35. Thank you for valuable information.I am privilaged to read this post.sap dynpro training in bangalore

    ReplyDelete
  36. I have to voice my passion for your kindness giving support to those people that should have guidance on this important matter.sap fico training in bangalore

    ReplyDelete
  37. I really enjoy reading this article.Hope that you would do great in upcoming time.A perfect post.Thanks for sharing.sap bi training in bangalore

    ReplyDelete
  38. I must appreciate you for providing such a valuable content for us. This is one amazing piece of article.Helped a lot in increasing my knowledge.sap basis training in bangalore

    ReplyDelete
  39. Thanks For sharing a nice post about sap abap Training Course.It is very helpful and sap abap useful for us.sap abap training in bangalore

    ReplyDelete
  40. Excellent information with unique content and it is very useful to know about the sap ewm.sap ewm training in bangalore

    ReplyDelete
  41. It has been great for me to read such great information about sap wm.sap wm training in bangalore

    ReplyDelete
  42. I think there is a need to look for some more information and resources about Informatica to study more about its crucial aspects.sap srm training in bangalore

    ReplyDelete
  43. It is really explainable very well and i got more information from your site.Very much useful for me to understand many concepts and helped me a lot.sap sd training in bangalore

    ReplyDelete
  44. Congratulations! This is the great things. Thanks to giving the time to share such a nice information.sap scm training in bangalore

    ReplyDelete
  45. The Information which you provided is very much useful for Agile Training Learners. Thank You for Sharing Valuable Information.sap qm training in bangalore

    ReplyDelete
  46. Excellent post for the people who really need information for this technology.sap ps training in bangalore

    ReplyDelete
  47. Very useful and information content has been shared out here, Thanks for sharing it.sap pp training in bangalore

    ReplyDelete
  48. Awesome post with lots of data and I have bookmarked this page for my reference. Share more ideas frequently.sap pm training in bangalore

    ReplyDelete
  49. Excellent post with valuable content. It is very helpful for me and a good post.sap mm training in bangalore

    ReplyDelete
  50. Thank you for the most informative article from you to benefit people like me.sap mdm training in bangalore

    ReplyDelete
  51. The content was very interesting, I like this post. Your explanation way is very attractive and very clear.sap idm training in bangalore

    ReplyDelete
  52. We have the best and the most convenient answer to enhance your productivity by solving every issue you face with the software.sap s4 hana training in bangalore

    ReplyDelete
  53. Took me time to read all the comments, but I really enjoyed the article.sap hana admin training in bangalore

    ReplyDelete
  54. Excellent post, it will be definitely helpful for many people. Keep posting more like this.sap gts training in bangalore

    ReplyDelete
  55. Your post is so clear and informative. I feel good to be here reading your superb work.sap apo training in bangalore

    ReplyDelete
  56. I have recently visited your blog profile. I am totally impressed by your blogging skills and knowledge.sap bods training in bangalore

    ReplyDelete
  57. Thanks for sharing it with us. I am very glad that I spent my valuable time in reading this post.sap ui5 training in bangalore

    ReplyDelete
  58. I know that it takes a lot of effort and hard work to write such an informative content like this.sap grc training in bangalore

    ReplyDelete
  59. Very interesting blog Thank you for sharing such a nice and interesting blog and really very helpful article.sap security training in bangalore

    ReplyDelete
  60. Its really helpful for the users of this site. I am also searching about these type of sites now a days. So your site really helps me for searching the new and great stuff.sap solution training in bangalore

    ReplyDelete
  61. Very useful and information content has been shared out here, Thanks for sharing it.sap simple logistics training in bangalore

    ReplyDelete
  62. I gathered a lot of information through this article.Every example is easy to undestandable and explaining the logic easily.sap tm training in bangalore

    ReplyDelete
  63. These provided information was really so nice,thanks for giving that post and the more skills to develop after refer that post.sap testing training in bangalore

    ReplyDelete
  64. Your articles really impressed for me,because of all information so nice.sap bpc training in bangalore

    ReplyDelete
  65. inking is very useful thing.you have really helped lots of people who visit blog and provide them use full information.sap fiori training in bangalore

    ReplyDelete
  66. Being new to the blogging world I feel like there is still so much to learn. Your tips helped to clarify a few things for me as well as giving.sap simplefinance training in bangalore

    ReplyDelete
  67. Really it was an awesome article,very interesting to read.You have provided an nice article,Thanks for sharing.sap successfactor training in bangalore

    ReplyDelete
  68. Good to know about the email list business. I was looking for such a service for a long time o grow my local business but the rates that other companies were offering were not satisfactory. Thanks for sharing the recommendations in this post.SAP Training in Bangalore



    ReplyDelete