Today I would like to share my experience with OSCP from the guys at Offensive Security.
Why OSCP?
There are now so many certifications in the field of information security that it is difficult to choose one. For me, criteria are the deciding factor in certifications:
- Learn new
- Apply knowledge (i.e. no multiple choice tests)
- It should be known and recognized
- Price performance
Few certifications fulfill all 4 aspects mentioned, the OSCP does.
Preparation
After searching the internet for other testimonials, there were two different opinions:
A) Advanced course in which you will not achieve anything without many years of experience in penetration testing.
B) Beginner course, which teaches you the basics and all other skills necessary to pass the exam.
After nagging my Twitter contacts, it became clear that the truth is probably in the middle.
Due to the fact that I’ve been a penetration tester for a while, I decided that I’d just continue to automate my enumeration phase and otherwise let things come to me.
Start
I opted for the 60 day package because I knew there wouldn’t be too much time for OSCP (lots of time-sensitive projects and dad of two ;-).
6 weeks later my course started and I received the materials, videos and access to the lab.
In the reviews it was recommended to finish videos and documents with the corresponding exercises before “letting off steam” in the lab. No sooner said than done: I forced myself to disregard the Lab and only did the documents, videos and exercises during the first two weeks.
Tip: First documents, videos, exercises then Lab
After two weeks I was done with this refresher, as long as you are in the subject matter you learn nothing new. Nevertheless, the documents are very well structured and explained.
I don’t want to reveal much about the lab, but there are different network segments, which are separated by different firewalls, to penetrate all systems you have to do multiple pivoting. The attacks that are carried out range from outOfTheBox exploits to client-side attacks and manual BufferOverflows, to more complex attack chains.
As I feared, I was only able to use 40% of the 60 days. Nevertheless, I was able to achieve my goal: To take over all systems in the start network segment and at least one box per other segment.
Tip: document everything & take lots of screenshots to be able to follow his work afterwards 😉 Software e.g. Keepnote
I am planning my exam for in two weeks. I felt quite confident, but wanted to practice manual buffer overflows again. For this I repeated the exercises without the help of my notes, since this went without problems I decided that this must be enough.
Tip: What should sit? Pentest Methology, Exploit Search, Manually Customize Exploits, Buffer Overflows (Basics).
OSCP exam
Again, I don’t want to and can’t give much away.
You have 24 hours to test a number of systems. Depending on the level of difficulty and obtained rights on the system, you get different number of points.
After 6 hours, I had already reached half of the achievable total score and water good things. Unfortunately, that’s how it remained for the next 14 hours.
Tip: Try Harder!
Then in the last four hours I got the remaining points to pass. For the next 8 hours, I went to bed, slept for 4 hours, and then finalized the documentation and sent it to the Offsec team….
2 business days later I would have my result:
Vielen Dank Offsec für diese spannende Reise!