CISSP, PWK, OSCP, or getting started
Some good FAQs from mailbox
CISSP
CISSP exam prep? This really depends on how good your grasp on the material in the 7 domains is.
- If you know the domains but want help studying for the test:
- Eric Conrad’s 11th Hour Study Guide book
- If you need to study some of the domains:
- Shon Harris (dec) or even
- the ISC^2 material
- Practice tests and quizzes are very helpful, some in books and check https://www.freepracticetests.org/quiz/index.php from CCCure
PWK
Pen Testing with Kali and OSCP ?
-
The book / lab tutorials really will expose you to everything you need for the practice labs.
-
Self-guided study and practice of that material, and resources for those topics is essential.
- e.g. for Buffer Overflows and other exploitation I would recommend
- Hacking: The Art of Exploitation (2nd Ed)
-
Python programming is one of many things you will learn as part of PWK if you don’t know it.
- There are many writeups and reviews. This is my favourite, including the comments:
http://www.hackingtutorials.org/hacking-courses/offensive-security-certified-professional-oscp/
OSCP
I can’t really add anything about OSCP as I haven’t tried for it yet. I may be trying PWK and OSCP again in 2018 depending on where work takes me.
Getting started?
For getting started in infosec there’s a lot of material available. I did a long talk on it a couple times …
Try Leslie’s site for some good insights: https://tisiphone.net/
Brian Krebs did a big series of interviews on it that are a great read: https://krebsonsecurity.com/category/how-to-break-into-security/
Chris Sanders’ new podcast is actually entirely interviews with infosec folk about their backgrounds and how they got started so you may get alot out of that: http://chrissanders.org/podcast/