These are my personal opinions based on my background and training experience.
This course is online.
The course materials include videos, a PDF course guide, and access to a forum with other students.
The class size is unknown.
The lab environment is open to other students.
At the time of this review, the course prices were listed as follows (Check the web site for actual prices!)
PACKAGESPWK course + 30 days lab access + OSCP exam certification fee $999
PWK course + 60 days lab access + OSCP exam certification fee $1199
PWK course + 90 days lab access + OSCP exam certification fee $1349
OSCP Certification Exam Retake Fee $150
PWK Lab access – extension of 30 days $359
PWK Lab access – extension of 60 days $599
PWK Lab access – extension of 90 days $799
Upgrade PWK course materials to the latest version $199
Upgrade from PWB v.3.0 to latest version of PWK $400
Upgrade from PWB v.2.0 to latest version of PWK $500
This course is considered to be an entry level (with some knowledge expected from the start) course into penetration testing.
I believe I really got started in learning offensive security techniques back in 2001, and had book knowledge from then up until August 2006, and onward, when I started getting a little hands-on, but not solid hands-on. More book learning and off-and-on hands-on until November 2016. That is when I decided I needed to stop dreaming and learning and start doing. So I signed up for PWK and dove in head first without really knowing what I was doing.
I will add more, and may do the upgrade and review that, but I want to share a story that is a MAJOR turning point in my life.
I signed up for 90 days, paid out of pocket for the class, and the day the course materials were available, I downloaded them and started working through them. I would read the manual, do the exercises, and things were going very slowly at that point. I went to lunch with a friend of mine who was telling me a real world story of getting access to a web server, and then he mentioned I would get experience in the PWK labs. From November to December, I only gained access to two boxes in the lab. One was using the technique my friend had told me about, and the other was with the most well known exploit of all time (and using Armitage.) Other than that, I had nothing. I ran scans, I read the manual, and did the exercise. I checked the forums a few times, and I kept trying to find anything with which to get a foothold and start moving.
My friend kept telling me to stop reading the lab manual and just start attacking the machines, but I was in a mental block and had no clue what to do. I can't explain the mental block that I had, but it was real and it felt like it was physical. So my friend tells me to read the Alpha write up on the forums. But I didn't want spoilers. And I had been learning this stuff for years and years at this point. I should know exactly what to do. I shouldn't be having these issues.
I was searching the forums for anything to point me in the right direction. Something to jump start me. It was New Year's eve and I had been in the lab for almost a month and a half with only two boxes to show for it. It was the holidays, we had family in town, and I was spending a huge amount of time in the labs, and I was bound and determined to end the year on a good note.
I saw a post on the forums, and I don't remember much other than g0tmi1k stuck out, and it said something about starting at any place and FTP was as good as any. The gist was scan for all FTP access, and look at each one. Since I had scanned and scanned and scanned and scanned and then scanned some more, I pulled up logs. I saw the FTP stuff. And something stuck out to me. I don't recall what that was, but something made me take a look at a box.
The next thing I remember is that I had compromised two boxes by myself, and one was a dual homed machine. I was excited. There was still time left in the day, but I decided I had ended the year on the best note possible and I went off to celebrate.
From there things were hit or miss. I did read the Alpha walkthrough, and I learned a lot from that. I modified my tactics and kept plowing ahead. I would get to work the next day having gotten limited sleep the night before and write things like "Word of the Day: shellamazemus" on the white board. Then I would write, Shellamazemus means that you popped a shell so fast that it was amazing to all of us! This went on for weeks, and I could barely contain my excitement. It was probably all I could talk about. I am sure my co-workers both laughed with me, at me, and celebrated with me. It was a good time in my life. It was the best of times. I was finally able to turn knowledge that I had gained over the years into practice.
It is funny, now, years later and so much more training under my belt, I think back to those times and think of just how little I knew. But I am so grateful that I felt a hollowness inside me when I finally compromised every machine in the lab, and went on to pass the exam. I felt like the world had moved on without me. People would tell me to go to vulnhub and other places and keep learning, and it wasn't long after that I joined HackTheBox and started watching IppSec's videos. That was a major turning point in my life, and it has taken me to where I am today, and I wouldn't change a thing. I will forever be grateful to Offensive Security and everyone that posted to the forums and helped make the journey the best it could be. One of my favorite authors to date, Brandon Sanderson, wrote, in The Stormlight Archive series, "Journey before destination." He also wrote that the most important step a man can make is always the next one. I value the journey over the destination, for I may never reach the destination I have set for myself, but I will always strive to take the next step toward that destination.
More to follow!
The misc stuff will go here...
I signed up, got my start date, and the minute I had access, I started. Then the worst thing that has even happened in an online certification exam happened. Everything went wrong. I spent hours on end trying to troubleshoot on my end, running, diagnostic reports to send to Offensive Security asking for help. Begging for any response. When I finally got enough common sense back in me, I went to the forums and someone had posted that there was a network outage on the Offensive Security side of things. I waited, and waited and finally things started coming back up, but by then a huge portion of my 24 hours was gone. I never even got to try and get back to the point I was when it all went down. I asked, and was given, a free retake.
Take two. Horrible time management. Horrible! I, my time management and decision making skills (or lack thereof), was the only reason I failed that exam. But I failed. And so I was wanting to re-test as soon as possible.
Third time's the charm. I made better decisions, managed my time a lot better, and pulled off a passing score. I got my notice a few days before I left for vacation, and I was walking on clouds my entire vacation. It was an awesome feeling.
I will update this