Buy More Lab Days

7 years, 6 months ago

OSCP half-time and my thoughts on it so far.

OSCP (Offensive Security Certified Professional) is a highly-regarded penetration testing qualification. Unlike other certifications (e.g. CEH), it's not a multiple-choice quiz memory test. Instead,

A 370 page course book, with plenty of exercises.
A fake company with around 60 virtual machines to hack.
A final exam. 24 hours to hack 3 5 machines, then 24 hours for a report.

OSCP accepts diverse technical backgrounds, from complete newcomers to senior penetration testers. My background is mathematical physics. Having an interest in computer security for about a year, mostly with the "defensive" aspects like encryption, sysadmin stuff, and general programming. Penetration testing certification seemed the right way to go.

I'd looked at a few certs, seeing some of the old course notes for CEH, and similar. For a few weeks I partially resigned to slogging through these memeory-tests. I have always hated memory tests. Every exam I took in university I'd never learn off solutions to blindly parrot. Learning off methods felt more interesting and more practical, to figure problems out each time. Thankfully, I found OSCP.

0. Beginning the Book

So I start OSCP using my savings. I'd been using Kali for nearly a year on a thinkpad. To even register for the course, you have to be able to use openvpn. A nice touch from the OS crew, not taking money from people without any command line ability.

The last offensive computer experience I can remember is playing around with sub7 and other script-kiddy things as a teenager. I have a BSc from an online-uni, so the self-motivated study part of it doesn't phase me. I decide to do the whole book first, taking meticulous notes and doing every exercise - (Notes on exercises and labs can boost your final-exam grade if oyu were close to passing but didn't make it)

Without any linux or programming experience, the book would probably be a nightmare. I imagine experienced penetration testers could fly through it. I made markdown "cheatsheets" with example commands for grepping program names. The amount of tools you learn, it can be difficult to off-hand remember all useful syntax.

1. Labs, Labs, Labs

It was frustrating to not really be able to start labs without completing the book first. Having learnt so much, but not really been able to put it into practice yet. So once labs came it was really, really enjoyable.

Considering it like a game, it is pretty non-linear. You have to keep prodding until you find the lowest hanging fruit. Some of the hardest machines are directly accessible. It is during the labs that you learn the most. Searching for solutions, searching for credentials on various software. Nothing beats learning by doing.

I have already learnt so much, it would be stupid to try to detail it in this one post. Yet, my enthusiasm keeps pressuring me to try. What you learn is real. It is fun. It is stressful. It gives you a real idea on what penetration testing is. It is not a memory test. No one holds your hand. OSCP is difficult and that difficulty is what makes it feel worth doing.

2. Continuing On

I've hacked about 50% of the computers, including some in the optional IT-department range. Learnt so much and currently have several ideas on how to compromise other computers.

My problem is getting distracted with other technical aspirations. This blog service as a prime example! Hofstadter's law always shows up to make things take longer.

I want to make good money doing hard work as a pentration tester. Now that this blog is up, time to knuckle down and continuing on with the OSCP.

↑ Top ⌂ Home