OSCP Review

Well, now that it is all said and done, I figured it was an appropriate time to post my review of the Penetration Testing with Kali Linux (PWK) course and the subsequent Offensive Security Certified Professional (OSCP) Exam/Certification.

Course Materials

All in all, I was a big fan of the course material. There were a few chapters that were largely refreshers, but there were others that were almost completely new to me (a lot of the file transfer methods were really neat). I could see myself referencing the PDF in the future in addition to my other resources (Google), so that’s definitely a plus.

At first, it annoyed me that the videos followed the PDF so closely, but a few chapters in I realized this would be beneficial. A lot of the later chapters I would either read quickly or only skim, but then the video going over the same information definitely helped to solidify the knowledge a bit more.

Plus, as anyone else who has taken the course can verify, Muts’ voice will forever haunt my dreams/nightmares.

Lab Environment

I really enjoyed the lab environment, and yearn to set up something similar for myself soon. There were plenty of machines, networks, attack vectors, and difficulties which kept it always interesting. Additionally, there were plenty of machines that looked obvious, but required some slight tweaks to get everything working (or even vice-versa).

Though the exploits ranged in difficulty from click and own to custom development, there were enough targets that they touched on a lot of concepts, software, and OSes which was great.

I ended up 6 machines short of a full network compromise in the end, but I’m glad I took a step back to let my mind clear before the exam, and I’d recommend this to anyone else considering a time for scheduling.

Exam

The exam was very similar to the lab environment, and it was great. While the challenge of rotting 5 machines in under 24 hours was overwhelming at first, it was just a matter of breaking it all down and staying focused. Additionally, the machines in my version of the exam were hard enough, but still satisfying. Almost every one of the machines made me really think about the problem from a slightly different angle, but popping a new box kept me exhilarated and pressing forward every time.

The biggest pieces of advice I can share are to keep good notes/screenshots as this will make the report MUCH easier to write as well as properly enumerate everything (even if it doesn’t seem useful yet). Other than that, you can script some of your processes (enumeration, escalation, exfiltration, etc.) to save time if you’d like, but it isn’t something that is completely necessary (I scripted some things, but some things I still prefer to do manually and non-linearly).

IRC/administrators

IRC was an invaluable tool, as were other students/administrators. There can definitely be a love/hate relationship when you message an admin, as they aren’t really able to give away too much. Eventually you get used to this though, and they can even just be helpful as a place to describe your issue out loud (Rubber Duck Debugging). Additionally, having other students in IRC (even just as motivation/unrelated idea sounding boards) helps to keep things in perspective and motivational.

Overall + Final Thoughts

Overall, I truly enjoyed this course, and would recommend it to anyone with an interest or background in a more offensive security background. Fair warning though, this class will have an occasional roller-coaster of emotion (YES, I’m the best! This is awful, if I paid for this class why won’t the admins help me?! Oh wait, I can learn this on my own and do it myself! THIS IS AWFUL AND I HATE COMPUTERS. *Phew* I passed.). Additionally, it is not for the faint of heart, and Try Harder! isn’t just some sort of joke or catchphrase; you will have to really believe and live by it during the course.

Additionally, it helps a lot to have someone cheering you on or at the very least supporting you. I would get constant messages of praise and support from my girlfriend while spending late, late nights in the lab environment, as well as some messages during the exam encouraging me. If you live with someone (significant other, roommate, animal companion), then let them know what you will be doing for sure. This not only lets them help you/not interrupt you, but that support stream can help during a few of the tougher times.

While I’m still not sure if OSCE is my next step (still something I will do at one point), I do know that I have obtained a lot more than a piece of paper from this certification.

doyler on Githubdoyler on Twitter
doyler
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he's done it all. To show for it, he has obtained an OSCP, eCPPT, eWPT, eWPTX, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!

He currently serves as a Senior Penetration Testing Consultant for SecureWorks. His previous position was a Senior Penetration Tester for a major financial institution.

When he's not figuring out what cert to get next (OSCE?!) or side project to work on, he enjoys playing video games, traveling, and watching sports.

8 Comments

Filed under Security Not Included

8 Responses to OSCP Review

  1. Higgs

    Can you post about eCPPT vs OSCP?
    I’m currently taking SANS GCIH course and I would like to select one of these courses/certification
    If you were me,what would be your next step after GCIH?
    eCPPT or OSCP?

  2. Pingback: Part x01 – OSCP – Reviews – Baseline Security

  3. Hey Doyler
    A very well-developed post with step by step guidance on OSCP Review. The way you explained each point with necessary details and maintained good balance between theory and practice is really commendable. Its very much informative . I have a question What do I need to pass the OSCP exam?

    Thank you.

    • Thanks, and I’m glad you enjoyed the review.

      To pass the exam you need a score of 80 (out of 100). The are 5 machines in the exam environment, each worth a set number of points. Properly exploit and escalate on each of them (with documentation), and get full points!

  4. Farooqi

    Please tell me that exam place is home or some registered centers of offensive security ?

    • You take the exam remotely, in an environment very similar to the lab.

      They can monitor what you do/run on the systems, but all you actually turn in is the Penetration Testing Report.

Leave a Reply

Your email address will not be published. Required fields are marked *

*