CEH vs OSCPPenetration Testing

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

Home Forums Penetration Testing CEH vs OSCP

This topic contains 18 replies, has 18 voices, and was last updated by  d4rd4n0 1 year, 6 months ago.

Viewing 19 posts - 1 through 19 (of 19 total)
  • Author
    Posts
  • #81708

    876CEHMan
    Participant

    Which one is more highly valued? I would love some feedback from people in the field. I’m currently studying for my CEH and I will be grabbing OSCP soon enough

    #81712

    thepinkreaper
    Participant

    Hi! I’m a Sr. IT Recruiter & MS Cybersecurity student. It really depends on how the employer/hiring manager views certifications. In a recent study, cybersecurity professionals agreed that the CISSP certification has the most value: https://www.youtube.com/watch?v=9YQXOXA57yU. All other certifications were a dice roll. I advise completing these certifications for educational purposes, especially if you are in the midst of a career change. Learn python, and consider a career training program like HackEd: http://www.hackeducate.com/. Invest in yourself first and foremost, and it will show in the interview.

    #81722

    acummock
    Participant

    Well if you’re goal is to become a pen tester, I would go for the OSCP. The CEH will grab the attention of government agencies and some HR folks, but for true security folks, OSCP holds more credibility. From what I have seen, the CEH exam is tackles pen testing from a 10,000ft view, covering all topics of pen testing an inch deep and a mile wide. In my opinion, the CEH gets you familiar with all the tools of the trade, but doesn’t get too deep in application. The OSCP and other certifications from Offensive Security are very hands-on and you’ll have to prove your knowledge in application. So to me and from what I have seen from other security guys is academic (CEH) vs. application (OSCP). That being said, like it was said above, it depends on the view of the employer/hiring manager.

    #81851

    Chin_Diesel
    Moderator

    The CEH is more commonly known, and has “Hacker” in the title, non-technical people tend to know about it, but its a damn multiple choice test help by a company that has had their site hacked numerous times recently, and also audits the people who do really well, insinuating that they must have cheated, and therefore wont award you the certification unless you pay extra money to go through a legal rigmarole. The OSCP is well known amongst actual pen testers, and is held in a higher regard, as the only way to earn that certification is by actually performing all the phases of a penetration test, to include the report at the end.

    Realistically, it comes down to what your end goal is, and which would benefit you more in the short term. Personally, I gave up working towards the CEH and went for the OSCP instead.

    #82393

    konfi
    Participant

    thank you all for educating me, wonderful contributions.

    #82488

    Johan Grotherus
    Participant

    I have held the CEH certification but tossed it as it truly does not prove whether you are actually capable to perform a penetration test or not. OSCP is a practical exam and is said to be quite hard, so if you pass that, then you have proven both to yourself and others that you have pentesting skills.

    #82943

    MD Khurshid Alam
    Participant

    great guys good valued information for some one going towards that direction.THANKS

    #82958

    Cicada Mikoto
    Participant

    CEH is the High School Diploma of pentesting and the OSCP is like a Master’s Degree.

    #83114

    MD Khurshid Alam
    Participant

    how much the course fee in ($) effect will come if you comparing these two course

    #84688

    ActiveMeasures
    Participant

    For OSCP youll be spending about $1200 for 90 days lab use and Exam. Most people endup using more and take the exam multiple times.

    CEH you really don’t NEED to take a class if you have the relevant experience.

    #85257

    hbones
    Participant

    As mentioned, OSCP is the one that proves the skills as Pentester. Currently not a lot of people on HR are familiar with it, but if you go for pen-testing jobs, definitely PMs that are tech savvy they know the value for OSCP. At the same time depending of your market you will need others. Currently I have CEH and is a eye catcher, CISSP is a must, but those two with OSCP you are lock in, for many jobs with the Government.

    #87494

    breuermar
    Participant

    The one certification is for talking about stuff, the other is for DOING stuff.

    #87668

    |Dav|w
    Participant

    IMO, OSCP is more valueable as the way it conducted the exam and you learn to build your way thinking as hacker / pentester, as you need to write report on how the exploit bee performed and what is the step to seal the loophole. Whereas CEH is just more like introducing you to hacking concept and the tool usage for each step of hacking activity. Sadly, OSCP dont have enough marketing and is not that well known. CEH is under ECCOUNCIL, they spend much on marketting and getting buy in even for US DOD.

    #87850

    DrakOS
    Participant

    but after have taken those certification you really know how to do things or it’s still for a didactic level ??

    #90692

    jcaceres
    Participant

    There is also EC Council ECSA (Security Analyst) and LPT (Licensed Penetration Tester). For ECSA you will have to pass Challenges by hacking into Lab environment y a “capture the flag” kind of thing. Then present a report. After you pass the Challenges and the report is approved, then you receive a written exam voucher.

    #91034

    mcpjulio
    Participant

    CEH its better, and its most requested in a new job opportunity

    #91069

    mcharest
    Participant

    The big issue here is where you are going to work and what you want to do. CEH would be good if you want to learn terms and also learn about hacking in general. Learning this stuff does not make you a pen-tester. I have my CEH and I had no real idea what I was doing. I have since taken the OSCP and it is a crazy course. It teaches you practical skills and the exam is no joke. You can’t use a brain dump or just go into it knowing you will pass. Hacking is a mindset and therefore you need to be able to adjust on the fly. If you can do this and you did your work in the labs then you will be fine.

    Short answer is: CEH for government work (DoD status) and OSCP to really learn what you are doing on a red team.

    #91082

    Ivan V. S.
    Participant

    If it’s for strictly learning and improving pentesting skills then OSCP is way better than CEH.

    I have CEH, and it’s a high-level approach to pentesting tools & basic methodology. You learn the basic concepts, but I think it’s a joke cert. I only got it because my company paid for it, and it’s good eye-candy for HR people.

    OSCP is very hands-on, and you get graded based on your practical application of the skills instead of just a simple multiple choice exam.

    TLDR: CEH is very high-level/conceptual (not worth it IMO), and HR loves it because of EC-Council’s great marketing. OSCP is very hands-on and practical, you will truly gain many skills if you can attain it.

    #117334

    d4rd4n0
    Participant

    Thanks for this topic. I was going into CEH and this thread convince me to go OSCP instead.

    Is there any good training/book/lab I could take to practice before buying a 800$ for the exam ?

    Also there is a step further after OSCP which is OSCE (Offensive Security Certified Expert). is this also worth it ?

    Thanks

    • This reply was modified 1 year, 6 months ago by  d4rd4n0.
Viewing 19 posts - 1 through 19 (of 19 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel