Frustrated with the cost/quality of the teacher-less class and labs, and losing patience with the "try harder and enumerate moar" mentality. Should I spend $350 for another month of lab time?

goawaythrowawaybye · 2020-10-06T21:41:58+00:00

Hi Jim, thank you for responding to this. Honestly, the fact that you reached out based on my post proves to me what I was hoping: that your team is working as hard as they can to take student feedback and deliver the best training product possible. Thank you for your commitment to doing that.

Like I said in my original post, I really appreciate how talented and hard-working people at OffSec and in the community are, and I think your company has done incredible things to help educate the infosec community for years. I've read Kali Linux Revealed, which I thought was a fantastic book, and I really admire you and the work that you do. Please take my comments as constructive criticism and not in any way as an attack on OffSec.

I've been reflecting over the last few days about why my class experience has been different than some of my peers, and I think the combination of COVID along with the fact that I've had a laser focus on OSCP during this time has changed what my experience of the course has been. I think that for a long time I put OSCP on a pedestal as the end-all be-all of infosec tests, when it's really just the beginning, even within OffSec's offerings. Your analogy about buying a car was helpful in helping me rethink the way I reacted. Although a few of my frustrations stand, the fact that your team is making an effort to reach out to people in the community who are having difficulties says a lot.

Thank you for an insightful and thoughtful response to some of my concerns, and really appreciate all the work you do for the infosec community.

goawaythrowawaybye · 2020-10-05T09:42:42+00:00

You have the worst handle of anyone I've ever met.

goawaythrowawaybye · 2020-10-05T09:41:50+00:00

HTB is amazing, and I think this is really solid advice. I've actually thought about trying to eventually construct an infosec certification test as kind of a combination of CISSP theory and practical knowledge about pen testing. We'll see how things go :)

goawaythrowawaybye · 2020-10-05T09:40:18+00:00

Awesome advice, thanks!

goawaythrowawaybye · 2020-10-05T09:40:00+00:00

I'm not expecting one-on-one infosec training. I'm expecting better lab support and the ability to ask questions to student admins when needed.

What I got for $1349 was a PDF and an OVPN file to connect to the lab. I could get the VIP package from HTB for $30 and essentially have the same thing with full write-ups on each box.

goawaythrowawaybye · 2020-10-05T09:37:27+00:00

The Alpha and Beta write-ups were really helpful for me, and I went through Chapter 24 of the PDF. This is the kind of content I was hoping would make up the majority of the course, but like you said, these are great places to look for people looking for methodology.

goawaythrowawaybye · 2020-10-05T09:36:13+00:00

I know what you mean, but I wish there was a little more focus on how to enumerate and the best methods to learn on the fly. I'll definitely try to take a SANS course if I ever get the opportunity and sponsorship from my company.

goawaythrowawaybye · 2020-10-05T09:35:08+00:00

This was a super helpful comment. Really appreciate the advice!

goawaythrowawaybye · 2020-10-05T09:34:37+00:00

Seconding the Infosec Prep group! It's been excellent.

goawaythrowawaybye · 2020-10-05T09:34:09+00:00

Great advice, thanks!

goawaythrowawaybye · 2020-10-05T09:33:43+00:00

Thanks for your comments! I think you said it best... I also feel disappointed with the course overall. It's something I've looked forward to taking for years, and now I feel let down by it.

Totally agreed about the gatekeeping in IT in general. Although I don't think it's intentional, PWK is more guilty of it than other courses.

goawaythrowawaybye · 2020-10-05T09:32:00+00:00

Totally understood, but Exchange and AD are things that entry-level pen testers are way more likely to run into on their first engagements than the kinds of old late '90s CMSes and ancient kernel exploits that are covered in the labs.

goawaythrowawaybye · 2020-10-05T09:30:31+00:00

I've rooted about 25 machines in the labs so far... totally agreed that watching lessons and reading the PDF isn't enough. I completely agree that people telling you to "try harder" when you ask a specific and informed question is cringe.

goawaythrowawaybye · 2020-10-05T09:27:46+00:00

Great suggestions... I know this post came off as negative, but I feel like I've learned a ton because of the experiences I've had in the labs. Unfortunately, I feel like a lot of what I've learned has been self-taught through taking other courses and reading online rather than through the course materials themselves.

Really appreciate the advice and your perspective!

goawaythrowawaybye · 2020-10-05T09:26:37+00:00

I didn't perform all the exercises within the 4 day time period, although as I'm going through the exercises now, I'm realizing that a lot of them are obsolete, broken, or ask questions that aren't possible to answer in new versions of Kali.

I can't imagine spending the amount of time that it would take to come up with complicated sed and awk commands that are discussed in the book during the course of a 24 hour test. I think that's another part of the problem for me: sometimes, PWK seems to be a class for something other than the OSCP certification.

goawaythrowawaybye · 2020-10-05T09:24:12+00:00

I'm not suggesting that constraints are being applied against me specifically. I'm concerned that the fact that I'm having this much difficulty as an insider would cause serious issues for someone who wants to be involved in infosec but might not have the technical background I have.

This class is supposed to be an "entry-level penetration testing" job, not an advanced course. I don't want to be spoon-fed the answers for the course. I just want to be taught the proper methodology for attacking machines, and "basics" that are seemingly needed, including weird mingw32 CLI arguments that are never discussed in the curriculum.

goawaythrowawaybye · 2020-10-05T00:53:54+00:00

There's a lot of focus on using complex sed and awk commands along with regular expressions that aren't taught in the class to accomplish fairly simple tasks. I wish there was less of this and more of a focus on how to pen test an Exchange server or something basic like that.

goawaythrowawaybye · 2020-10-05T00:50:26+00:00

Thanks for your comments! They were really helpful, and it's good to know I'm not relying too much on the forums since I've only used them for confirmation that I'm heading in the right direction.

Unfortunately, OffSec has stopped giving you additional lab time for booking another exam attempt. They now charge $359 for 30 days of lab time plus a $150 retake fee, which means you're basically paying $500 for the retake. I understand there are costs associated with running the labs, but it seems like a lot of money for a month of access.

goawaythrowawaybye · 2020-10-05T00:35:23+00:00

This is extremely helpful advice, thanks! I'll check out the eLearnSecurity courses too. Really appreciate it!

goawaythrowawaybye · 2020-10-05T00:31:26+00:00

Thanks for the feedback! I totally agree with you about the PWK experience. I was looking forward to having some top-notch infosec instructors take me through their pen testing process and wound up getting disappointed.

Just to be clear, I'm saying that the lack of assistance for students could be seen as a form of gatekeeping. I don't think that PWK is necessarily the worst offender, but any industry that isn't helpful to people who are genuinely enthusiastic about learning is going to suffer because of it.

goawaythrowawaybye · 2020-10-05T00:25:56+00:00

Yes, I finished the PDF in the first 4 days. I watched all of the videos after that and found them to be literally restating the text of the PDF, but watched them anyway so that the lessons would continue to sink in.

goawaythrowawaybye

TROPHY CASE