Today I want to share my experience on OSCP from the guys at Offensive Security.

Why OSCP?

There are now so many certifications in the field of information security that it is difficult to choose one. For me, criteria are the deciding factor in certifications:

1. Learn new things
2. Apply knowledge (i.e. no multiple choice tests)
3. It should be known and recognized
4. Price performance

Few certifications fulfill all 4 aspects mentioned, the OSCP does.

Preparation

After searching the internet for other testimonials, there were two different opinions:

A) Advanced course in which you will not achieve anything without many years of experience in penetration testing.
B) Beginner course, which teaches you the basics and all other skills necessary to pass the exam.

After nagging my Twitter contacts, it became clear that the truth is probably in the middle.

Due to the fact that I’ve been a penetration tester for a while, I’ve decided that I’ll just continue to automate my enumeration phase and otherwise let things come to me.

Start

I opted for the 60 day package because I knew there wouldn’t be too much time for OSCP (lots of time-sensitive projects and dad of two ;-).

6 weeks later my course started and I received the materials, videos and access to the lab.

In the reviews, it was recommended to finish videos and materials with the corresponding exercises before “letting off steam” in the lab. No sooner said than done: I forced myself to disregard the lab and only did the papers, videos and exercises for the first two weeks.

Tip: First documents, videos, exercises then Lab

After two weeks I was done with this refresher, as long as you are in the subject matter you don’t learn anything new. Nevertheless, the documents are very well structured and explained.

I don’t want to reveal much about the lab, but there are different network segments, which are separated by different firewalls, to get into all systems you have to do multiple pivoting. The attacks that are carried out range from outOfTheBox exploits to client-side attacks and manual buffer overflows, to more complex attack chains.

As I feared, I was only able to use 40% of the 60 days. Nevertheless, I was able to achieve my goal: To take over all systems in the start net segment and at least one box per other segment.

Tip: document everything & many screenshots to be able to understand his work afterwards 😉 Software e.g. Keepnote

I’m planning on taking my exam in two weeks. I felt pretty confident, Wanted to practice manual buffer overflows again though. For this I repeated the exercises without the help of my notes, since this went without problems I decided that this must be enough.

Tip: What should sit? Pentest Methology, Exploit Search, Manual Exploit Customization, Buffer Overflows (Basics)

OSCP examination

Again, I don’t want to and can’t give much away.

You have 24 hours to test a number of systems. Depending on the level of difficulty and acquired rights on the system, you get different amounts of points.

After 6 hours I had already reached half of the achievable total score and water in good spirits. Unfortunately, that’s where it stayed for the next 14 hours.

Tip: Try Harder!

Then in the last four hours I got the remaining points to pass. For the next 8 hours, I went to bed, slept for 4 hours, and then finalized the documentation and sent it to the Offsec team….

Two business days later, I’d have my results:

Vielen Dank Offsec für diese spannende Reise!