which is better: elearn security or SANS?
#1
So I'm planning on saving up to buy either elearn security courses or SANS penetration testing courses while I earn the prerequisites to hacking for a year.

Which is better if I want to be a more advanced hacker? eLearn Security Penetration Testing or SANS Penetration Testing?

Thanks.
Reply
#2
From what I've heard many other people: SANS is a very high valued certificate in the industry. But there's a downside; SANS certificates are very expensive. I believe it can cost over 1k$. Which is why most people recommend you to go for other certs first like OSCP and others.

Once you have gotten into infosec work, you can try get your employer to pay for your SANS training. If it's a good employer Smile

Can't say much about eLearn though... dont know much about it.
Reply
#3
SANS 100% but like Insider said, SANS is expensive (many courses are around $7000) but they are considered the best courses available.

eLearnSecurity though while more approachable (and they often run sales) just isn't worth the cost. The courses just are not very good in my experience. Like the Advanced Reverse Engineering of Software (ARES) course, is like all Windows XP content, and covers content you can quite literally find tutorials on all over the internet. Actually if you plugged all the modules into Google, you'd find more recent and relevant content.

eXploit Development Student is a little better, its more recent, but again there are free resources that cover the same and more content.

Now I know those are not the pentesting courses, I don't have experience with those but my experience with those two tells me that eLearnSecurity wouldn't be worth buying.

-----

Insider mentioned OSCP. Again if you took the syllabus and googled for content you can find plenty, but what OSCP offers is a fairly large lab environment for hands on practice and experience. That is actually worth something. The training material itself is sufficient, it teaches what it sets out to teach, though you could criticize some of the topic choices, its good enough. While OSCP is still expensive its no where near the cost of SANS, if you're not having a company pay for SANS training, don't do SANS its not worth it out of pocket.
Reply
#4
(04-26-2020, 12:56 AM)dropzone Wrote: SANS 100% but like Insider said, SANS is expensive (many courses are around $7000) but they are considered the best courses available.

eLearnSecurity though while more approachable (and they often run sales) just isn't worth the cost. The courses just are not very good in my experience. Like the Advanced Reverse Engineering of Software (ARES) course, is like all Windows XP content, and covers content you can quite literally find tutorials on all over the internet. Actually if you plugged all the modules into Google, you'd find more recent and relevant content.

eXploit Development Student is a little better, its more recent, but again there are free resources that cover the same and more content.

Now I know those are not the pentesting courses, I don't have experience with those but my experience with those two tells me that eLearnSecurity wouldn't be worth buying.

-----

Insider mentioned OSCP. Again if you took the syllabus and googled for content you can find plenty, but what OSCP offers is a fairly large lab environment for hands on practice and experience. That is actually worth something. The training material itself is sufficient, it teaches what it sets out to teach, though you could criticize some of the topic choices, its good enough. While OSCP is still expensive its no where near the cost of SANS, if you're not having a company pay for SANS training, don't do SANS its not worth it out of pocket.

What if I could make enough money to do SANS in nine months or a year?

I really want to do their GWAPT course and I might get a part time job in sales to save up for it. That way, by the time I get the networking (from CISCO and CCDC lab training), Linux, Windows, and programming knowledge, I have enough money saved to jump into GWAPT.

I really want to do SANS training. I know its the best training on the market and that's why I am obsessed with the idea of four month long access to SANS labs.

Am I dreaming too high?

Should I maybe save up for hacking dojo instead? Should I get pentesterlab?

I really wish I could do SANS.

Another person on here recommended a combo of elearn security, pentester academy, hackers handbook series, and maybe hacking exposed series.

I just really want in depth hacking training and I know SANS gets me that.

I wish there was an affordable way to get SANS training.

I think in a year I could save up the $8000 to get it if I get a part time job in computer sales. And I could have the prerequisite knowledge if I continually focus on one or two things at a time and stick to them: (programming on code academy and computer networking for now).

I am gonna try to get a computer sales job right after I take the second A+ exam and pass on the first try on May 20th. I am also starting CISCO training that day.

I aim to use the SANS training in bug bounty hunting after I do the GWAPT. I think if I apply the SANS training to bug bounty hunting then I will be able to make a lot of money doing bug bounty hunting if I am talented, which I think I will be since I am told how good I am by my peers and the cybersecurity club advisor and my IT teachers. I have an A in the web dev class I am taking. So I think I will be golden once I get the prerequisite knowledge down.
Reply
#5
Quote:What if I could make enough money to do SANS in nine months or a year?

Its still not worth the money.

Quote:I just really want in depth hacking training and I know SANS gets me that.

Don't mistake being good quality training with being in-depth training. The quality of the training is entirely separate from what is actually covered. You're still learning the same things, you're not getting more or better information, just a bit better structure and presentation. Actually, if you've been recommended "Web Application hackers Handbook" (WAHH) pretty much everything in GWAPT would be covered in that and a fair bit more.

Actually WAHH is a standard book professionally speaking. Where I used to work, every new hire got a copy of it during on boarding, I know of another company that would provide a copy to every applicant. Its one of the most comprehensive resources on the subject, but its age is showing a bit. The authors behind it opted not to do an update but rather released a more interactive training option that they keep up to date: https://portswigger.net/web-security

But, almost anyone will tell you, most of the learning comes from experience, so labs, ctfs, etc are essential.


Quote:I think if I apply the SANS training to bug bounty hunting then I will be able to make a lot of money doing bug bounty hunting

No, you won't. GWAPT is going to get you the fundamental skills. Bug Bounties though, at least the ones that pay pretty well are highly competitive. This means a couple things, first, the "low-hanging fruit" tends to get picked over very very quickly, many times this will actually be picked over before you're even eligible to participate in the bounty by those part of the private bounty before it goes public.

Not just that, but for the remaining issues, you're competing with hundreds if not thousands of others to be the first to find something. If all you know are the basics from GWAPT, that's going to largely be the same stuff everyone and their dog is already looking for.

For most people, bounties are not a good income source, at least not until you've earned your way into private bounties. Even then you're not really making bank, but you're doing a bit better at least.
Reply
#6
(04-30-2020, 06:28 PM)dropzone Wrote:
Quote:What if I could make enough money to do SANS in nine months or a year?

Its still not worth the money.

Quote:I just really want in depth hacking training and I know SANS gets me that.

Don't mistake being good quality training with being in-depth training. The quality of the training is entirely separate from what is actually covered. You're still learning the same things, you're not getting more or better information, just a bit better structure and presentation. Actually, if you've been recommended "Web Application hackers Handbook" (WAHH) pretty much everything in GWAPT would be covered in that and a fair bit more.

Actually WAHH is a standard book professionally speaking. Where I used to work, every new hire got a copy of it during on boarding, I know of another company that would provide a copy to every applicant. Its one of the most comprehensive resources on the subject, but its age is showing a bit. The authors behind it opted not to do an update but rather released a more interactive training option that they keep up to date: https://portswigger.net/web-security

But, almost anyone will tell you, most of the learning comes from experience, so labs, ctfs, etc are essential.


Quote:I think if I apply the SANS training to bug bounty hunting then I will be able to make a lot of money doing bug bounty hunting

No, you won't. GWAPT is going to get you the fundamental skills. Bug Bounties though, at least the ones that pay pretty well are highly competitive. This means a couple things, first, the "low-hanging fruit" tends to get picked over very very quickly, many times this will actually be picked over before you're even eligible to participate in the bounty by those part of the private bounty before it goes public.

Not just that, but for the remaining issues, you're competing with hundreds if not thousands of others to be the first to find something. If all you know are the basics from GWAPT, that's going to largely be the same stuff everyone and their dog is already looking for.

For most people, bounties are not a good income source, at least not until you've earned your way into private bounties. Even then you're not really making bank, but you're doing a bit better at least.

So would you say that a subscription to portswigger and pentesterlab is a better way to spend my time?

What are some good places like portswigger or pentesterlab that would be worth signing up for in order to become advanced?

Would you say that after I get through enough networking, Linux, Windows, and programming, then I should sign up for portswigger and pentesterlab alomg with web application hackers handbook and then when I get good enough do hacking exposed for web?

Actually, would it be better to do the whole hackers handbook series and hacking exposed series but do the most recent editions of every book in those series and just do CTFs and bug hunting on the side as well as hacker wargames sites?

I feel like based on what your saying that that would be a better goal.

I want to know:

Web hacking
Wireless hacking
Network hacking
Reverse engineering
Cryptography 
Exploit development 
Social engineering
OSINT
maybe mobile application hacking if that’s doable on top of all of this.

I keep getting told by my school that SANS training is “the best on the market” but I really think what you are saying makes a lot more sense.

So then what other subscriptions are there like portswigger and pentesterlab that I could do to work on skills? Maybe those courses are worth more.

Thanks.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Sharing SANS: 401-408-410-414-502-504, link up until 07-20-20 Hakai_91 1 128 07-07-2020, 07:36 PM
Last Post: Vice
  Starting in cyber security (PATH/GUIDE) Lummania 0 3,437 05-14-2018, 10:21 PM
Last Post: Lummania
  How did you get into security? kms 18 9,995 05-09-2018, 09:44 PM
Last Post: 0xide
  my friend gave me a hella cool offensive security challenge QMark 11 6,356 03-14-2018, 07:09 PM
Last Post: QMark