Introduction
I'd wanted to take on the OSCP since it was known as 'PWB' (Pen-testing with Backtrack) a few years ago. Time and money got in the way, but having worked as a Security Analyst for some months, I figured there was no time like the present to start the journey - and a journey it was. The OSCP is the MMORPG of security courses. When signing up, you get the option of signing up for 30 days, 60 days or 90 days. If you're new to pen testing/security concepts, you may want to build some skills before you take on this goliath endeavor, or you should opt for the 90 day package, as I did. I don't believe it's possible to complete the course in 30 days unless you're an experienced pen tester already, can dedicate serious time in those 30 days, or have prior experience.
So, a little bit about me. I'm 25, I was an IT Technician for approx. 5 years before I studied BSc Computer Forensics for 3 years before landing a job as a Security Analyst. I've got some experience with python/scripting, networking/security and I like to believe that I'm good at solving problems in a logical and sometimes illogical manner. Cert-wise, I held some Microsoft certs and the OSWP before signing up for this course. Let me tell you now....I STILL found the OSCP to be the most difficult exam/course I've ever taken.
Three Headed Dragon
The OSCP is a three headed dragon. There are three main parts to it: the labs, the exercises and finally, the exam itself. Once you sign up, you'll receive your VPN login credentials which give you an IP address which will allow you to start interacting with the lab machines. You get a pdf which is essentially the study guide. This study guide contains lots of exercises to carry out, with the difficulty level starting low and rising to the point where you'll barely understand it (at least in my case!). The pdf is bundled with over 5 hours of videos to complement the study guide. Your mission, should you choose to accept it, is to use the study guide and video tutorials to complete the exercises at the end of each chapter, attack the labs and finally, take on the exam itself.
The Labs
The labs are essentially a hacker's playground. The admins have worked very hard to build a very realistic network where everything is vulnerable in one way or another. With the first week, I'd already successfully attacked some machines. This soon came to a halt when I came up against some very tough scenarios. You'll find all sorts of operating systems from Windows 2000 to Server 2008, to freeBSD and Linux variants with different service packs/updates installed. As you'll read on other people's OSCP reviews, you'll get to know Bob, OTRS, WIN7 and if you're feeling brave, you can take on the three machines which are the stuff of nightmares: Pain, Sufference and Humble. I managed to root Pain and get a limited shell only on Sufference. I didn't get to attempt Humble during the time I had left but given the opportunity, i'd love to go back and get Sufference and Humble (read useful links at the bottom for more on this!).
The best advice I can give is this: enumerate your target and document everything with explanations on what you're doing and take screenshots. The OSCP will also improve your note-taking skills, which is imperative in a field such as this. One more thing: Backup your data. I had all my notes in a Word document which I uploaded to the cloud every single day so I knew that I had a backup no matter what.
I managed to compromise around 70-80% of machines in the lab - I probably would have been able to do more if I had purchased an extension... and I've purposefully mentioned this because before taking on this course, you need to be aware of the following: You could fail on your first exam attempt (apparently most people do and I can FULLY understand why), you could need to extend the course... This course could honestly run for 6 months - there is SO MUCH content. Even though I've passed, I'll be going back to read and study parts of it again.
And finally - you need to dedicate A LOT of time to this course. I put in a minimum of 5 hours per day for 3 months - some days, I was working for 12 hours on the course. Let's say (30 days * 5 hrs) * 3 = 450 hours spent on the course, and that's not factoring in the 12 hour days I did. The Offensive Security motto is "try harder" and I could write an entire essay on what "try harder" really means...but I'll save that for now.
The Exam
Now, when you feel you're ready, perhaps your 30, 60 or 90 days is up. Perhaps you've had your extension and you feel as though you're ready for the exam, you can book it (instructions on how to do this are supplied, or you can ask one of the Admins on to do it on IRC. I highly recommend you use the IRC by the way. I used ChatZilla which is a Firefox add-on).
Taken directly from the Offensive-Security.com website: "The OSCP exam consists of a dedicated vulnerable network, which is designed to be compromised within a 24-hour time period. The exam is entirely hands-on and is completed with the examinee submitting an in-depth penetration test report of the OSCP examination network and PWK labs."
As above, you schedule your exam and you're given 24 hours to attack a vulnerable network. This was one of the most demanding exams I've ever taken. Why? Because You're supposed to know the study material inside out. You're supposed to have researched outside of lab material. Then you're in an environment where you don't know what you're up against and you have to successfully compromise as many machines as you can. In a nutshell, each target is worth X amount of points, you need to root systems for points. Once your 24 hours is up, you're given another 24 hours in which to write your pen-test report. (An OffSec template can be found online.) You will also be required to submit your report for your time in the labs. This is VERY much worth doing as it can help you.
I would like to say thanks to the OffSec team for putting together a very difficult, yet interesting course. Thanks to my friends who had to listen to me talk about the OSCP every single day for 3 months (I really am sorry for that...). I can honestly say I've learned a heck of a lot. The course was definitely worth the money. The "try harder" motto is one that I'm going to apply to every aspect of my life from now on. If you work hard enough, anything is possible. If you put the time and effort into this course, you will do it. Good luck on your OSCP journey.
Thank you for reading. Please feel free to comment and I'll get back to each and every one of you ASAP.
Useful links:
I'd wanted to take on the OSCP since it was known as 'PWB' (Pen-testing with Backtrack) a few years ago. Time and money got in the way, but having worked as a Security Analyst for some months, I figured there was no time like the present to start the journey - and a journey it was. The OSCP is the MMORPG of security courses. When signing up, you get the option of signing up for 30 days, 60 days or 90 days. If you're new to pen testing/security concepts, you may want to build some skills before you take on this goliath endeavor, or you should opt for the 90 day package, as I did. I don't believe it's possible to complete the course in 30 days unless you're an experienced pen tester already, can dedicate serious time in those 30 days, or have prior experience.
So, a little bit about me. I'm 25, I was an IT Technician for approx. 5 years before I studied BSc Computer Forensics for 3 years before landing a job as a Security Analyst. I've got some experience with python/scripting, networking/security and I like to believe that I'm good at solving problems in a logical and sometimes illogical manner. Cert-wise, I held some Microsoft certs and the OSWP before signing up for this course. Let me tell you now....I STILL found the OSCP to be the most difficult exam/course I've ever taken.
Three Headed Dragon
The OSCP is a three headed dragon. There are three main parts to it: the labs, the exercises and finally, the exam itself. Once you sign up, you'll receive your VPN login credentials which give you an IP address which will allow you to start interacting with the lab machines. You get a pdf which is essentially the study guide. This study guide contains lots of exercises to carry out, with the difficulty level starting low and rising to the point where you'll barely understand it (at least in my case!). The pdf is bundled with over 5 hours of videos to complement the study guide. Your mission, should you choose to accept it, is to use the study guide and video tutorials to complete the exercises at the end of each chapter, attack the labs and finally, take on the exam itself.
The Labs
The labs are essentially a hacker's playground. The admins have worked very hard to build a very realistic network where everything is vulnerable in one way or another. With the first week, I'd already successfully attacked some machines. This soon came to a halt when I came up against some very tough scenarios. You'll find all sorts of operating systems from Windows 2000 to Server 2008, to freeBSD and Linux variants with different service packs/updates installed. As you'll read on other people's OSCP reviews, you'll get to know Bob, OTRS, WIN7 and if you're feeling brave, you can take on the three machines which are the stuff of nightmares: Pain, Sufference and Humble. I managed to root Pain and get a limited shell only on Sufference. I didn't get to attempt Humble during the time I had left but given the opportunity, i'd love to go back and get Sufference and Humble (read useful links at the bottom for more on this!).
The best advice I can give is this: enumerate your target and document everything with explanations on what you're doing and take screenshots. The OSCP will also improve your note-taking skills, which is imperative in a field such as this. One more thing: Backup your data. I had all my notes in a Word document which I uploaded to the cloud every single day so I knew that I had a backup no matter what.
I managed to compromise around 70-80% of machines in the lab - I probably would have been able to do more if I had purchased an extension... and I've purposefully mentioned this because before taking on this course, you need to be aware of the following: You could fail on your first exam attempt (apparently most people do and I can FULLY understand why), you could need to extend the course... This course could honestly run for 6 months - there is SO MUCH content. Even though I've passed, I'll be going back to read and study parts of it again.
And finally - you need to dedicate A LOT of time to this course. I put in a minimum of 5 hours per day for 3 months - some days, I was working for 12 hours on the course. Let's say (30 days * 5 hrs) * 3 = 450 hours spent on the course, and that's not factoring in the 12 hour days I did. The Offensive Security motto is "try harder" and I could write an entire essay on what "try harder" really means...but I'll save that for now.
The Exam
Now, when you feel you're ready, perhaps your 30, 60 or 90 days is up. Perhaps you've had your extension and you feel as though you're ready for the exam, you can book it (instructions on how to do this are supplied, or you can ask one of the Admins on to do it on IRC. I highly recommend you use the IRC by the way. I used ChatZilla which is a Firefox add-on).
Taken directly from the Offensive-Security.com website: "The OSCP exam consists of a dedicated vulnerable network, which is designed to be compromised within a 24-hour time period. The exam is entirely hands-on and is completed with the examinee submitting an in-depth penetration test report of the OSCP examination network and PWK labs."
As above, you schedule your exam and you're given 24 hours to attack a vulnerable network. This was one of the most demanding exams I've ever taken. Why? Because You're supposed to know the study material inside out. You're supposed to have researched outside of lab material. Then you're in an environment where you don't know what you're up against and you have to successfully compromise as many machines as you can. In a nutshell, each target is worth X amount of points, you need to root systems for points. Once your 24 hours is up, you're given another 24 hours in which to write your pen-test report. (An OffSec template can be found online.) You will also be required to submit your report for your time in the labs. This is VERY much worth doing as it can help you.
I would like to say thanks to the OffSec team for putting together a very difficult, yet interesting course. Thanks to my friends who had to listen to me talk about the OSCP every single day for 3 months (I really am sorry for that...). I can honestly say I've learned a heck of a lot. The course was definitely worth the money. The "try harder" motto is one that I'm going to apply to every aspect of my life from now on. If you work hard enough, anything is possible. If you put the time and effort into this course, you will do it. Good luck on your OSCP journey.
Thank you for reading. Please feel free to comment and I'll get back to each and every one of you ASAP.
Useful links:
Bah....2nd comment, not sure if the first one worked :)
ReplyDeleteGreat post! I've been reading various peoples OSCP reviews, and yours was great.
Question....i'm planning on doing the OSCP in 2015 and currently trying to build up skills in areas of weakness..such as Reverse Engineering (working with binaries in gdb or IDA) and also Exploit Dev (creating exploits for known vulns instead of using MetaSploit)
Are these areas which are used in OSCP a lot?
I feel i'm strong in networking, Linux, WebApps and Forensics.
Cheers mate :)
Hi Dook, it's my second time writing this reply, I wrote it then signed out instead of hitting post....oops :(
DeleteIt sounds like the OSCE (Offensive Security Certified Expert) might be more what you're looking for, as I hear that focuses on exploit development and is harder than the OSCP (which scares me a bit!). Maybe you should do the OSCP before the OSCE? The OSCP focusses on alot of infrastructure pen-testing, although there are quite alot of boxes with web apps on in the labs.
If you've got strong networking skills and linux skills you should be fine. I didn't use much, if any forensics during the entire course.
So yeah, look at the OSCE and decide whether you want to jump straight into that, or take the OSCP first if you want to do some infrastructure pen-testing.
Hope this helps!
Cheers
Cheers Simon :)
DeleteNaaa, i definitely wanna try the OSCP first, just curious if those areas were covered or not, sounds likke they are more in the OSCE as you said.
Many thanks, and congrats on getting the OSCP! :)