I have taken both. The first obvious difference is the price. Offsec courses are a LOT cheaper than SANS. That said, both courses compliment each other quite well.
As mentioned earlier Offsec is very practical and focuses primarily on attack. SANS on the other hand also focuses on offensive techniques but also touches on the business aspects of a pentest. So you cover things like establishing scope, rules of engagement applicable laws etc. One other notable difference is the support structure. With Offsec you are on your OWN. Yes, there is the IRC forum but the majority of the time you will be on your own. Contrast that against SANS. If for example you are doing GPEN via onDemand then you have access to an online tutor etc. For a better feel of the differences check out the reviews on ethicalhacker.net. Several threads over there address this issue. Regards, Michael aka @_dark_knight_ On Thu, Mar 21, 2013 at 8:17 AM, Brian Seel <[email protected]> wrote: > I am proud to say that I am working on setting up a blog (want to do it > with Dango instead of using a plug and play blog to hopefully work on my > Web knowledge which is in adequate). Thanks yo you guys for motivating me > to do that. > > I am taking sans 560 this week (found out my employer had an extra seat > and jumped on it). How does that compare to the Os course? > On Mar 21, 2013 8:16 AM, "Dan" <[email protected]> wrote: > >> One thing that I can't recommend enough is the training from Offensive >> Security. The reason I like this training/cert is that not only do you >> learn the tools and techniques of how to conduct a pen test, you also need >> to show it in a practical exam. >> >> This also includes the most important element of pen testing…the >> reporting. You could be the most elite kernel hacker but if you can't >> document findings to a variety of people (technical and non techicanl) >> you've wasted a lot of time. >> >> >> http://www.offensive-security.com/information-security-training/penetration-testing-with-backtrack/ >> >> >> >> >> On Feb 23, 2013, at 12:07 AM, Brian Seel <[email protected]> wrote: >> >> > Note: I am trying to keep this email vague so it is generic for >> posterity's sake. I am trying to not make the question specific to my >> situation so others can use your advice. >> > >> > ========= >> > >> > So long time listener (pre Ep 100) who has been doing computer security >> related things for the last four years or so since college. I would really >> like to break into the pentesting arena, but I really like my current day >> job for a variety of reasons (pay definitely not being one of them). >> > >> > Basically, I would really like to do commercial pentesting on a part >> time basis, where I take a week or two off from my day job every few months >> and try to gain experience in the commercial realm and get my feet wet with >> a different way of approaching computer security. Within the next year I >> would love to leave my day job and do pentesting full time, but I dont feel >> confident enough just yet. As a bit of background, right now I am doing >> some Metasploit dev for my employer, but I am not able to do an end to end >> pentest. >> > >> > My question is if you have any advice about the best way to try to get >> a part time pentesting job. I am not under any illusion that trying to do >> pentesting part time is not going to be an easy sell. I know that, but I >> think my unique skill set will make *someone* want to take a flier on me. >> But, considering that most of you are probably pentesters, or in fields >> closely related, what would make you want to take someone on in a part time >> basis. Or is there really no case where you would consider that? >> > _______________________________________________ >> > Pauldotcom mailing list >> > [email protected] >> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> > Main Web Site: http://pauldotcom.com >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- Michael Allen| Security Consultant CEH, OSCP, GPEN, GWAPT, GCIA
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
