Look no further than the folks at Offensive Security , makers of the popular Backtrack linux-based distribution.
Before I go in too much detail about the whole training and certification itself, let me give you some background for BackTrack.
Backtrack is now in its second iteration, with a third one on the way. It consists of a slackware based live distribution of linux. What makes it special is the amount of effort put into it to make it the perfect tool for security professionals.
If you are planning on doing a lot of pen-testing, backtrack is definitely one of the best tools out there.
However, it is not necessarily easy to use.
To that end, the folks behind it (Remote Exploit ) have started another company (Offensive Security ) that is geared towards bringing education and training on its use in a very elaborate environment.
So far, they are offering only one course / certification called "Offensice Security Certified Professional or OSCP". They are also planning on two new training (without certifications) which are an extension of the original OSCP, but with a focus on Wi-Fi (Backtrack Wifu) and more in depth use of Backtrack (Backtrack to the max, which should be released at the same time as Backtrack 3).
Now for the course itself. This is one of the best certification training I have seen around. For one thing, it is on the "cheap" side. For about $400, you will get a month of training in a complete lab environment. The training will go over all common aspects of security and exploitation, and will definitely teach you how to think outside the box. This price will also include the certification itself.
Usually, the whole package goes like this:
Upon signing up, you are given a PDF workbook (complete with lab exercises), a set of instructional video (to learn the different techniques) and access to the specialy designed lab (to practice what you learn in the video / workbook). Each lesson will come with its own exercises, except for a few that would be damaging to the lab environment (such as ARP spoofing and other MAC related tricks).
After the month is up, you can either decide that you didn't have enough time to run through the course. and opt to purchase additional time ($150 for 30 days), or you can proceed forward and sign up for the certification process.
In order to get certified, you will be given a different lab, with a much different set of machines running multiple different OSes and configurations. To complete the challenge, you will have to obtain administrative rights (root / administrator) on all the machines, and provide proof that you have indeed "hacked" the box.
Note that there is a huge emphasis throughout the course and exam on the documentation process. You are required to keep notes on everything you do, and believe me, those are useful!
If you are successful in the last challenge, you will receive your printed certification within a couple weeks.
I am now OSCP certified (redundant, I know), and all I can say is that I learnt a LOT during the whole course training and certification. I would almost admit to having had a lot of fun, but keep in mind that I am a geek and love this stuff. I can't wait for the other training to be ready to go (Wi-Fu will be ready on Sept 3rd) and I will try my darndest to get those.
One caveat you might want to know is that you are not the only student on the lab environment. You are sharing the whole thing with other students and in a way competing against them. For instance, if a machine has to be compromised a certain way, it is possible that another student will have it compromised before you, and have left the vulnerable service unavailable. Luckily, in this type of situation, the lab admin are usually available to help, either via IRC or IM.
Also note, if you take the class, you WILL get frustrated with the machine called BOB. That is normal ;)
Lastly, the whole training / certification is an online process, which you can go through from anywhere you have an internet connection. Connectivity to the lab is done through VPN.
Well I hope this has inspired you, and I look forward to chatting with you on the Students IRC support channel (my nickname is aZaFred).
|
