When you’ve been hearing everywhere that OSCP is ‘so hard’, even by experienced people that do crazy things, and then John “oscp is just the tip of the iceberg... 😐
IMO it becomes less hard. I haven't taken OSCP or OSEP, but I hacked at least one box of every level on hackthebox before the writeups (easy: enough boxes, medium: enough boxes, hard: Zetta, Insane: PlayerTwo) and what I've noticed are two things: 1) It's still crazy hard, but since you're already used to that, it's fine. 2) Sometimes it's not much more difficult, but it just involves an entirely different skill. If you've never done that skill, it feels insanely difficult. For example, with PlayerTwo the final challenge is doing a heap overflow. All you get is the binary, so you also need to know x86-64. If you've never read C and never did x86-64, then the task feels insurmountable. I was simply rusty on C and ok on x86-64. So I knew I could do it and that it'd take me a long time as understanding C (and reading malloc.c) was the predominant skill. Understanding SQLi is completely different to understanding how to do a heap overflow. You could argue it's harder, but a part of it is simply because you've never done it before. For example, the hardest thing I've ever done was to learn x86-64 assembly and C in a course, since those 2 things were seen as prerequisites and I never have seen either of them (I knew Java, lol).
I mean we all knew it that it''s pentester beginner level right? But that what's amazing we'll never get a shortage of challenges :D (I'm on my 2nd Try OSCP) I can't wait to get through all these challenges
@@sharghaas7774 yeah well, I only recently realized that oscp is considered beginner level. I've been studying so hard, dreaming of proudly getting oscp certification, just to find that it is nothing anyway. Probably not even a problem for me, as hard as I try, I always feel like I'm just beginning. I wonder when, and if, I will find myself comfortable in this field. Sometimes I fear like I have made the wrong choice, as I will never be good enough. It is a bit depressing.
@@ShinigamiAnger you're not alone , lol , that's all I can tell you , I'm definitely way behind you , and just maybe .... Older , so you can only imagine how that looks like to me , not to compare it to music production but i remember when I used to launch all that software and see all those knobs and frequencies and dig into audio engineering tutorials and classes how it all looked to me , now ? I do that to get my mind of things , litrally how i know the back of my hand , so to me , i just keep reminding myself how much i would've missed if i quit , and how much I'd regret it , same for Muay Thai to me as well , first leg kick from a pro guy and start Wondering why am I even doing that to myself , hahaha that was harder not to quit , but i didn't , everything has a learning curve , just hang on in there , you'll know when it's too much or not your field , just make sure you're not mixing that with the frustration of the slow progress at the beginning , everything seems to get bigger as you dig in , it only means you're actually learning a lot. Good luck Hope i didn't bore you with the long comment haha it's just that your comment hit home. Had to say something
Obsidian looks very similar to Joplin which is what I've been using. I think Obsidian has a better looking interface. Congrats on getting the OSCE, and thanks for coming to speak at my college a week before your exam.
I used to use Joplin and started looking at Obsidian as a result of this post. I kind of feel like Obsidian is a bit better so far that I've had a chance to try it.
As someone who's currently studying the basics (networks, programming and such) to get in to this line of work, this channel is great. Not only do you get awesome videos like this, you also get videos with pentesting on online resources. The school I'm in prepares for the students to be able to take the CEH cert, which isn't great - but at least it allows you to see pentesting on the horizon and can be a stepping stone into getting real actual certs. Looking forward to the day where I have studied, practiced and studied some more to have OSEP and other certs.
John you have been an inspiration for people getting started! You've been educational and entertaining. Loving the new intro and outro, really been stepping up the game! Keep up the amazing content!
Thank you John. I applied recently to OSEP course and I wanted to listen from who already experienced this path. First off, congratulations for how fast you passed this huge challenge. Then I would like to say that I love the passion that transpires from your words and your eyes when you talk about pentesting and hacking. It just makes me want to get up from my bed again and keep studying after a long day passed over the course. And also you well said: the coolest thing that comes out from these experiences are that everything is tangible, security is done effectively, and not spoken in a seminary (thing that I hate). This is in my opinion the biggest value of being a pentester. Thanks again for your valuable contents, my best wishes from Italy 🇮🇹
First off, congratulations! Secondly, thanks for this. I was on my way back to OffSec for certs, and this is exactly what I was looking for in terms of what this new cert involved. I'm sold.
Thanks for the insight! I've felt like the OSCP is great for getting your feet wet with pentesting tools and techniques, but isn't a substitute for real-world experience. It's nice to know there's a more advanced course that accounts for the type of security and configurations found in enterprise environments.
I'm glad I cam across this video. Have not taken any of the offsec certifications but currently taking the ine certifications. I learned alot by just watching your video. Gotta start taking notes using obsidian.
Spoiler alert: John Hammond is just being John Hammond, don't expect anything less. This dude is basically a genius Edit: Oh huge congrats again on the results!
Great video! I love how representative this course is for a wide range of different cyber-security roles (started to apply what I've learnt during OSEP in my day-to-day job straightaway). Thanks for the great content and pieces of advice! Will definitely put them in practice soon for my own exam.
I seriously can't tell how much i have learned from this guy. He is extremely talented and more importantly a good person we all got to know. Thank you john and congratulations for the result
Big Congratulations to you John ! You walk the talk.. There are not too many people who are knowledgeable, Hands-on, accredited and also Share the knowledge ! InspiringCyberLeader !
That outro volume blew my ears off haha. Amazing video John, I love your passion for security it's encouraging and inspirational. Great job on the review and passing the OSEP. I'm taking the OSCP in May and have been studying too (notes, notes, and more notes). Your suggestions tools/techniques are helping a lot.
Really great video. I learn something every single time I watched your video. You doing a lot for the community. I really appreciate and admire your work. Thank you
@John Hammond. I had some questions regarding the Offensive Security Certs. First are you open to answering a couple questions? If so where do I direct them? Thank you as always sir.
John You the best mentor for penetration tester but with the request could you make a series of training "Python for Hacker" because your explanation is awesome.
Great review, thanks. If you ever do a follow-up or something with more questions here is one: it is commonly said that the right strategy for OSCP is to go in once you already have some good knowledge in order not to waste the timelab on learning theory (knowing how to exploit basic BoF for instance, or the basics or privesc in linux and windows). As OSEP is also based on lab time that costs money, what are the technical fields to already be comfortable with, in order to not spend 1month just getting to grips with theory rather than live practice ?
This was great! - can you do a video with you doing a quick CTF and how you were taking notes, how you documented what you did etc... I'm curious to see the flow... thank you!
First of all congrats!!! what a great review! Now OSEP vs ecptxv2? I'm starting the ecptxv2 course, from what I can see many things overlap. OSEP seems to have more Linux.
Congrats on passing! Hopefully they send you a commemorative "first blood" certificate 🤣 Would you say that learning an alternate C2 like Empire or Covenant was necessary?
Ahh, the old “I hardly used any of my lab time” spiel. Ive known several people who while prepping for these exams spent countless hours in the labs/range, complained about how tough it was, said it was next level but magically once they passed the exam their story changed to “it wasnt that hard,” “i only spent about 3 weeks studying,” “the course is entry level stuff.” Classic hindsight memory distortions or ego stroking. Not sure which but it’s annoying af. Otherwise good video.
@Fouad Issa I'd be more prone to Pentest+ or CEH if simply for the 8570 compliance. Just a little let down there isn't an "in-house" option within offensive security's pipeline.
A quick question as a beginner while taking certification exams(specially during the exam) what are you allowed and not allowed to do. Is there any video about it?🤔🤔
When you’ve been hearing everywhere that OSCP is ‘so hard’, even by experienced people that do crazy things, and then John “oscp is just the tip of the iceberg... 😐
IMO it becomes less hard. I haven't taken OSCP or OSEP, but I hacked at least one box of every level on hackthebox before the writeups (easy: enough boxes, medium: enough boxes, hard: Zetta, Insane: PlayerTwo) and what I've noticed are two things:
1) It's still crazy hard, but since you're already used to that, it's fine.
2) Sometimes it's not much more difficult, but it just involves an entirely different skill. If you've never done that skill, it feels insanely difficult. For example, with PlayerTwo the final challenge is doing a heap overflow. All you get is the binary, so you also need to know x86-64. If you've never read C and never did x86-64, then the task feels insurmountable. I was simply rusty on C and ok on x86-64. So I knew I could do it and that it'd take me a long time as understanding C (and reading malloc.c) was the predominant skill. Understanding SQLi is completely different to understanding how to do a heap overflow. You could argue it's harder, but a part of it is simply because you've never done it before.
For example, the hardest thing I've ever done was to learn x86-64 assembly and C in a course, since those 2 things were seen as prerequisites and I never have seen either of them (I knew Java, lol).
I mean we all knew it that it''s pentester beginner level right? But that what's amazing we'll never get a shortage of challenges :D (I'm on my 2nd Try OSCP)
I can't wait to get through all these challenges
@@sharghaas7774 yeah well, I only recently realized that oscp is considered beginner level. I've been studying so hard, dreaming of proudly getting oscp certification, just to find that it is nothing anyway.
Probably not even a problem for me, as hard as I try, I always feel like I'm just beginning. I wonder when, and if, I will find myself comfortable in this field. Sometimes I fear like I have made the wrong choice, as I will never be good enough. It is a bit depressing.
@@ShinigamiAnger you're not alone , lol , that's all I can tell you , I'm definitely way behind you , and just maybe .... Older , so you can only imagine how that looks like to me , not to compare it to music production but i remember when I used to launch all that software and see all those knobs and frequencies and dig into audio engineering tutorials and classes how it all looked to me , now ?
I do that to get my mind of things , litrally how i know the back of my hand , so to me , i just keep reminding myself how much i would've missed if i quit , and how much I'd regret it , same for Muay Thai to me as well , first leg kick from a pro guy and start Wondering why am I even doing that to myself , hahaha that was harder not to quit , but i didn't , everything has a learning curve , just hang on in there , you'll know when it's too much or not your field , just make sure you're not mixing that with the frustration of the slow progress at the beginning , everything seems to get bigger as you dig in , it only means you're actually learning a lot. Good luck
Hope i didn't bore you with the long comment haha it's just that your comment hit home. Had to say something
@@analactica not bored at all, very appreciated, sincerely. I wish you all the best.
Just wanted to leave a big Thank You here John. Amazing guy with amazing content!
Thank you for this video. I watched it all. Today marks day one on my journey to the OSEP, I love this hands on learning and getting better everyday
Obsidian looks very similar to Joplin which is what I've been using. I think Obsidian has a better looking interface. Congrats on getting the OSCE, and thanks for coming to speak at my college a week before your exam.
I used to use Joplin and started looking at Obsidian as a result of this post. I kind of feel like Obsidian is a bit better so far that I've had a chance to try it.
As someone who's currently studying the basics (networks, programming and such) to get in to this line of work, this channel is great. Not only do you get awesome videos like this, you also get videos with pentesting on online resources. The school I'm in prepares for the students to be able to take the CEH cert, which isn't great - but at least it allows you to see pentesting on the horizon and can be a stepping stone into getting real actual certs. Looking forward to the day where I have studied, practiced and studied some more to have OSEP and other certs.
How's it going so far?
John you have been an inspiration for people getting started! You've been educational and entertaining. Loving the new intro and outro, really been stepping up the game! Keep up the amazing content!
Thank you John. I applied recently to OSEP course and I wanted to listen from who already experienced this path. First off, congratulations for how fast you passed this huge challenge. Then I would like to say that I love the passion that transpires from your words and your eyes when you talk about pentesting and hacking. It just makes me want to get up from my bed again and keep studying after a long day passed over the course. And also you well said: the coolest thing that comes out from these experiences are that everything is tangible, security is done effectively, and not spoken in a seminary (thing that I hate). This is in my opinion the biggest value of being a pentester.
Thanks again for your valuable contents, my best wishes from Italy 🇮🇹
Sir, you're just not a content creator, you're a great teacher, a true inspiration. Thank you! I have a little bit more courage for taking OSCP.
First off, congratulations! Secondly, thanks for this. I was on my way back to OffSec for certs, and this is exactly what I was looking for in terms of what this new cert involved. I'm sold.
Thanks for the insight! I've felt like the OSCP is great for getting your feet wet with pentesting tools and techniques, but isn't a substitute for real-world experience. It's nice to know there's a more advanced course that accounts for the type of security and configurations found in enterprise environments.
Awesome. Congratulations. I plan on taking the OSCP after I finish my degree in summer
John bro, the world is a better place with you doing all of this free help to the ones in need. Keep inspiring man, much appreciate everything!
I'm glad I cam across this video. Have not taken any of the offsec certifications but currently taking the ine certifications. I learned alot by just watching your video. Gotta start taking notes using obsidian.
Been waiting for this... taking the OSWE in March, trying to get it out of the way so I can get to this!
I just got my OSWE. Tackling this in a couple of months.
@@dochood1966 Passed! I've been working on the PEN-300 now for about a month.
Spoiler alert: John Hammond is just being John Hammond, don't expect anything less. This dude is basically a genius
Edit: Oh huge congrats again on the results!
Great video! I love how representative this course is for a wide range of different cyber-security roles (started to apply what I've learnt during OSEP in my day-to-day job straightaway). Thanks for the great content and pieces of advice! Will definitely put them in practice soon for my own exam.
I seriously can't tell how much i have learned from this guy. He is extremely talented and more importantly a good person we all got to know. Thank you john and congratulations for the result
Big Congratulations to you John ! You walk the talk.. There are not too many people who are knowledgeable, Hands-on, accredited and also Share the knowledge ! InspiringCyberLeader !
Awesome work John. Great info. Aiming for OSCP before summer starts
Basically John said "gg2ez who's next"
This was very enlightening, I plan to take this course because it seems like a great deal of knowledge can be gained.
That outro volume blew my ears off haha. Amazing video John, I love your passion for security it's encouraging and inspirational. Great job on the review and passing the OSEP. I'm taking the OSCP in May and have been studying too (notes, notes, and more notes). Your suggestions tools/techniques are helping a lot.
Thanks alot for the review. I already registered the course 2 days ago. Can't wait to start
John Legend right here. Man, congrats!
I liked the "What's up" intro
Congratulations John for this amazing new cert 👍. You are the man 👍👍👍
You rock John! Thanks for being a best friend! =) Congratulations 1000!!
Really great video. I learn something every single time I watched your video. You doing a lot for the community. I really appreciate and admire your work. Thank you
Congratulations dude and congratulations in advance if you actually are the first person to clear the exam. Good start for this year.
i remember last year when they announced it, i said i would sign up with a friend. I only just signed up this week. Im so excited to get in.
Thank you for taking the time to tell us about OSEP !
Thanks for the great review as always! and of course Grats.
Production quality is lookin sharp
congrats!
id love a separate video just about Obsidian and Latex and your note taking process
That’s a great video! Thank you John! You’re a live reminder that everything is possible. Thank you.
Really awesome video, such genuine advice, such detailed content, we need more like you John! Thank You.
Thank you for sharing! You are definitely a certification killer! Congratulations John!
You are incredible John ❤️
welp I found you because I was eyeing this course. now I'm subscribed, great video.
Congratulations and thank you for inspiring so many!
Gosh I'm excited hearing about this course already!
You're Amazing Sir Hammond, (Subscribed), Most definitely my role-model/online mentor. Thanks for your time, knowledge and inspiration!!!!
Thank you for sharing! Congratulations John! I'm curious when you do OSED :) I love exploit development. I'm waiting to see your video about OSED.
Big win. You inspire me John
Congrats ! Very interesting and instructive like all your content. Thank you so much !
Congrats John!
Congratulations! You are an inspiration!
Congratulations 🎉
Legend is back
Sold! I'll try to load some C# into my smooth brain and then register for the course!
Just one word after watching this:
Fire 💥💥💥
Congrats John!
John congratulations 🔥
Thanks for the Obsidian commercial.
Another motivated video:) Tanks!
Insane I was just doing forest (HTB) and using bloodhound and your tip came sooooooo handy!!!
great video John. Hope you're doing well
Well done John 👍
Thanks @John and congratulations
Congratulations, I am Happy for you.
@15:20 Maybe the hacker you were tracking was mid-way through their OSEP, and was trying out some of the stuff they had learnt.
Congrats man.
Amazing video ❤️... Can you make a video on a journey of oscp or how to prepare for oscp ... That would be amazing for us newbies
Congratulations :D
Congratulations
@John Hammond i would love to learn more how exciting ThankQ for sharing your work
How you're so good at this🙏
I also want to take the OSEP course!! Rn on OSCP journey ...long way to go tho lol! Many things to learn...
Great video. Thanks John..
@John Hammond. I had some questions regarding the Offensive Security Certs. First are you open to answering a couple questions? If so where do I direct them? Thank you as always sir.
John You the best mentor for penetration tester but with the request could you make a series of training "Python for Hacker" because your explanation is awesome.
Congratulations very inspiring
Great review, thanks. If you ever do a follow-up or something with more questions here is one: it is commonly said that the right strategy for OSCP is to go in once you already have some good knowledge in order not to waste the timelab on learning theory (knowing how to exploit basic BoF for instance, or the basics or privesc in linux and windows).
As OSEP is also based on lab time that costs money, what are the technical fields to already be comfortable with, in order to not spend 1month just getting to grips with theory rather than live practice ?
Nice studio bro!..willing to get this course
This was great! - can you do a video with you doing a quick CTF and how you were taking notes, how you documented what you did etc... I'm curious to see the flow... thank you!
NVM I actually found a video you did - lol thanks! :-)
First of all congrats!!! what a great review! Now OSEP vs ecptxv2? I'm starting the ecptxv2 course, from what I can see many things overlap. OSEP seems to have more Linux.
This guy rt here makes me feel good
I was here when it was live for the first time. 👀
Now time to review OSED :)
Awesome video
That was awesome
Thanks John.
😁 Thanks for review
congrats from France ;)
i watch it !!
Very epic
Pretty nice
Thanks man!
Nice bro 😀😀
Thanks you so much ❤❤❤❤
we want osep course 🤗🤗 Do it for us
Oha, reporting in markdown. Nice
Goodluck for your Summer try
super
Congrats on passing! Hopefully they send you a commemorative "first blood" certificate 🤣 Would you say that learning an alternate C2 like Empire or Covenant was necessary?
John start streaming on twitch .Want to see you struggling solving boxes lol :) - Im literally a John hammond fanboy haha
Ahh, the old “I hardly used any of my lab time” spiel. Ive known several people who while prepping for these exams spent countless hours in the labs/range, complained about how tough it was, said it was next level but magically once they passed the exam their story changed to “it wasnt that hard,” “i only spent about 3 weeks studying,” “the course is entry level stuff.” Classic hindsight memory distortions or ego stroking. Not sure which but it’s annoying af. Otherwise good video.
Hey John, thanks for the video that's some great info! How does this compare in terms of difficulty to the eCPPTv2?
it's definitely more difficult. It seems to be above ecptxv2
Damn!!!I'm from South Africa, so the rand/dollar makes this course damn expensive for me unfortunately 👎🏼
Very late but congratulations 🥳🥳😁
And here I was hoping they had made something between zero and OSCP...
@Fouad Issa I'd be more prone to Pentest+ or CEH if simply for the 8570 compliance. Just a little let down there isn't an "in-house" option within offensive security's pipeline.
GG ez for john
A quick question as a beginner while taking certification exams(specially during the exam) what are you allowed and not allowed to do. Is there any video about it?🤔🤔