Oh I will be! Keep up the good work homie!

1. If I purchase the 5400 $ yearly subscription, is this exam / course included? 2. Do I need prior coding experience!

Thank you!! 😁 Hope I could help a bit with it!

Thank you so much :) Spread the word!!

Also I'm watching this 1 year later.

Absolutely, go for it :) This is an excellent certification for a cheap price. Overall, very well taught!

Thanks for the feedback 😇 Yeah, the 10k will come in today 🔥🔥

Thanks for the feedback 😇

Thank you very much :)

In my opinion no background is required at all. I don't have any development background other than writing little Python scripts and hacking tools. What helped me was setting up a couple of web apps of Github by myself. I used that to understand how different people code and how they structure their source. During the course, you will also be forced to read up a ton on a the programming languages in use. Don't worry too much about knowing everything. I literally googled something programming language related every 15 min during the exam.

You will most likely not use much of your OSWE knowledge during bug bounties, because the OSWE mainly focuses on source code analysis, whereas in bug bounty you usually don't have the source! Go and apply for a job! Good luck 😇

It helps to be able to write tiny helper classes in e.g. JAVA which you are then calling out of Python. But no, you don't have to be an avid Java or .Net coder.

nc is enough for you to test your exploit. The pdf guide will also walk you through that process. The exam is not bringing in any new elements. Hence, once you understand the pdf, you are also ready for the exam. Good luck on the course 💪🏼 have fun

I took quite some time to finish the entire labs. After that, I guess I have invested another 2 months study. 3 months studying for the exam with proper base knowledge should be enough though :)

You're welcome!

I would not say one or the other. Both is needed. However, I personally think that web app has a slight edge over the other.

@@Hacksplained thank you for answering :)

@@lIlIllll1 Of course :)

Nope, first of all, the vulnerable machines already had VScode installed. If not, you can just install it. But I had it installed on my local machine and used remote debugging. Look up VScode remote debugging on Google. There's lots of information how that works. Just make sure to get comfortable with the setup prior to the exam as this sometimes is a little tricky. Also the course PDF talks about it if I remember correctly.

@@Hacksplained Thank you!

VSCode has "Remote Explorer" feature which you can connect it to your target via SSH (if you're working from your host)

I just sometimes use them to print the value of a specific parameter. This is often times faster than constantly debugging the code for the same. Do you have anything more specific regarding debug statements that you are wondering about?

I think I understand what you mean. Still could see value of you showing that. Maybe if you have other tips that come along with it.

Hey :) 1. I am not a DEV. Programming language know-how is helpful as with everything else in this world but it's not a must to start this course. 2. Absolutely :) hahah But still make sure to have your scripts ready during the exam. The PDF contains a ton of knowledge. Make the scripts re-usable and have them ready!!

Yeap. So all the vulnerablities that show up in the exam have been talked about as well in the PDF. Obviously the way to exploit them is going to vary a bit (different web app, different params, different code), but you should be ready to find the flaw once you have fully understood the PDF.

@@Hacksplained Hello thanks you for your time I will buy Learn Fundamentals option which is 799 how they teach is it based on pdf or videos ?

Hey there, I have been doing both in the past yeap. You cannot compare them in my opinion. Pentesterlab Pro is probably giving you more insights into a broader spectrum of vulnerabilities. With that, you have more knowledge for bug bounty programs. They are both great though. OSWE is a little more helpful if you want to find a job in a country where they are really caring about certificates. The knowledge has helped me to understand the technical details of web apps and with that you have an easier time searching for vulnerabilities.

@@Hacksplained Thank you, what is the probability of securing a job right after i have completed the OSWE certification?

Basic programming know how was enough. I don't code in any of the languages that are part of the cert. The PDF teaches you all you need to know. I didn't even finish all the boxes in time. Hence, I was also not doing anything on HTB, THM, etc :)

@@Hacksplained Thx for reply :)

Absolutely, the exam was in no way harder than the lab machines. If you manage to do the extra miles by yourself without cheating, then you definitely have enough skills to pass the exam.

Well you definitely can make use of that knowledge but for bug bounties, I would rather recommend portswiggers web app academy. Go through one lab after another and try it against real targets using Intigriti.

Do you mean simulating a victim who falls for your payload? If that is needed, it will be available. You also can browse the exam machine. You only can't ssh or rdp to it.

I really liked the OSWE. I personally don't have another web app vuln one, but I have heard good things about the INE certs.

I have used the vscode ssh extension for that. There are also run configs available which only need to be slightly adapted.

@@Hacksplained ah! I got it Thanks so much

Yes, that's pretty much what the OSWE is all about!

Cheers :)

Hey there :) No, they are definitely not the same. You can find all differences over here: www.offensive-security.com/courses-and-certifications/ But yeah, OSWE is definitely very source code review heavy!

English ones for sure. Don't kno about others right now.

You will have to script your own exploits, so yes, you should have a good understanding. If you can script all the exploits in the course book, you are fine!

Depends on what you want to learn. Network hacking - OSCP; Source Code Review - OSWE. They are both good and worth their money!

Was it a consultancy company doing pentests for clients? If yes, easy, most clients wanna have their web apps tested for compliancy reason. If you are signing up for an internal security team, it might look completely different.

@@Hacksplained they tested me in both web app knowledge and internal it was a security consultant junior position. They also tested my knowledge live in there virtual environment which was so stressfull

@@georgesotiriadis2763 i can imagine. Interviews can be tough and terrible if done wrongly. What was the outcome?

@@Hacksplained I didn't get the job and they said me to do more hsckthebox and level up .my web app skills

@@georgesotiriadis2763 sorry to hear 😬 but yeah, definitely go for more of those labs and you'll a good gig in no time 🔥

Of course 😇 would be terrible otherwise

OS does not matter at all. Whatever you are feeling more comfortable with. If you e.g. need any tool that only exists on Linux, you can e.g. always use the Linux subsystem for Windows in case you are a Windows user.

The best bug bounty platform is Intigriti but in general very little programs share source code! But you might be interested in hackerone.com/ibb

Not necessarily. You can connect to the debug machine via xrdp and debug the code there. Also check out vscode's Remote - SSH extension which is quite handy 😊

@@Hacksplained Thanks! I will check vscode remote ssh extension!

Depends on the job you want to land and where

@@Hacksplained Thanx 😊

I cannot give away too much about the exam, but if you manage to complete all the ones out of the PDF, you are all set :)

Hi Sebastian :D

You will most likely have an easier job to pass HR. However, you'd still have to go through multiple interview rounds at a good company. I have another video with typical interview questions which you can use to prepare. If you master all that, you should end up having a job! Good luck on your journey 🔥

@@Hacksplained WOW THAT WAS FAST.. THANK YOUU FOR YOUR REPLY ❤️

@@armwrestlingjourney7408 you are welcome 🤙🏼

You are welcome :) No, the OSCP is more infrastructure hacking based. I am also having a SANS GPEN certification, which is similar to the OSCP. But no, I am not going to get OSCP certified. I did not take any time to prepare before enrolling. I enrolled, did all the boxes and then asked myself what I was still missing. In the meantime, my lab access was already gone. So, I stated using different materials to learn a bit more like Portswiggers web app sec academy or Pentesterlab.

People have different opinions here, but I say no. They teach completely different topics. Look at the syllabus of both courses and take the one that sparks your interest more!

@@Hacksplained Thanks!

There is no single answer for that my friend. Depends on so many different aspects.

of course :)