My view on infosec certs

go back / p4p1

---

Created on Sat. 03 Jul 2021

---

---

Lately I've passed a few certifications like I specified in my last blog post and I thought maybe I should do a quick review on them. Keep in mind this is my opinion and your mileage may vary, I do sometime not take things to seriously so keep that in mind.

So my certification process started last year when I passed the eJPT to set the frame and to give you some context I'm going to set the timeline for you. Throwback -> eJPT -> Dante -> eCPPT -> OSCP So that is the order in which I did my certs thought this year and I'll probably review them in the order of which I passed them.

Throwback

For the first certification I ever did it was hard. Like straight up I was not ready for it. I did 6 months of learning pentesting with online classes and CTF's and I just thought to myself, I don't know windows that well, maybe I should just do that one. And I was right I did not know windows but I also didn't know pivoting and AD in general so yeah it was very hard for me and I also thought that I should do that cert as training for the eJPT in the end it was the most overkill training that I could have done. Honestly I did this cert a while ago so now I don't really remember much about it other than I fucking struggled with excel and RDP for some reason those two things were the hardest for me.

eJPT

After the cold shower that was Throwback I did the eJPT now honestly I tried doing the classes and all of the material. In the end I just passed the exam and got it first try in 4hours. So for me this certification was to easy. And was pretty boring to me I honestly was a bit disappointed that I spend 300 quid to then nail the exam in 4 hours but I also was proud of myself for getting it done.

Dante

The first cert I did with a friend. We decided to do this one as a team and it was really fun. It was also my first time on Hack The Box a website I avoided in the past because I never really felt like I wanted to do challenges on it. So yeah this cert it felt really good to do it with someone it was a lot harder than what I imagined and doing it with a friend was great moral support and we managed to do it in record time of 3 machines hacked on average per day and it also was for me a good opportunity to practice my note taking skills during a pentest something I desperately needed. I'm good at write-ups because of this blog but creating mind maps and organizing my data was a bit hard for me and with this cert I feel like I got a lot better at it. And also the Dante is considered the best OSCP practice you can get outside of the offsec labs so I'm happy I did it. I think this is one of the certifications I would recommend the most.

eCPPT

Probably my most favourite spot. I think this cert was really the sweet spot for me. It was as hard as Dante skill wise but it combined basically everything I've learned thought the years. I think for someone experience in IT I would recommends this cert as a starting cert instead of the eJPT or OSCP. The material are just the best classes I've ever done and even though I passed the exam I still go back on the INE website and read a few chapters here and there. What was shocking to me is that the only class I personally needed from this cert was the buffer overflow course and right after doing that class I just did the cert because my friend told me it was basically a Dante with a harder buffer overflow so I just winged it and failed my first attempt because I sent the wrong report. I am such a genius :)

OSCP

Alright so this one is my least favourite one on the list. The courses aren't good the labs are boring there's nothing challenging to me in the opening google and searching the version of a tool. That's not hacking it's just a more fancy vuln scan and I find it a shame that most company ask me for that cert so that's why I'm doing it honestly right now I'm slacking of the exam because I had to change country and finish some work so in the end this cert, I'm really taking it in the worst time possible in my life and I'm really not motivated to do it because of the crappy material and overprice. The more I look at the pricing I just think that's a cash grab and not a real cert. Update: Honestly now that I passed the exam, I have to say the exam was fun. It is more representative of a project rush than a acurate penetration test. It felt more like school than the actual job :) I do recommend the exam but the courses where just total carbage sadly.

---

Hey, thanks for reading :) this is a bit different from what I usually do but I hope you enjoyed it and if you don't agree with me it's all good. If this is your first read I would recommend the other blog posts (I kind of did this one because a lot of students and friends ask me about certifications).