Offensive Security Certified Professional

My experience with the PWK course and the OSCP exam

3 min read - 575 words

Introduction

I received my OSCP certification via mail. The perfect time to write a short review. Try Harder!

The Offensive Security Certified Professional (OSCP) is the companion certification for the Penetration Testing Training with Kali Linux (PWK) course. It was the world’s first completely hands-on offensive information security certification.

As I did not know what to expect from this certification, I booked the 90 days lab access. Also, I wanted to finish all the exercises and gain root access on as many systems as possible. The learning material and the VPN connection to the lab provided a first insight of what to expect. The initial exercises were quite easy. They establish a baseline knowledge of tools and methods. The later exercises go more into detail of information security.

The Lab

The really interesting stuff was going on in the lab environment. There were about 50 systems distributed in a few separate network segments. Every time I gained root access on a machine it felt like Christmas. Every time I gained access to another subnet it felt like Christmas, with all the new targets to attack. After the 90 days of lab access and a lot of hard work I was only missing access to 6 boxes. At this point, my lab report was about 50 pages. I already had created a LaTeX template for the report, that I could also use for the exam. So, I thought it was better to move on the actual exam.

The take away from the lab was to Try Harder. With enough hard work and some clever thinking, most boxes can be rooted quite easily. There might also be other students working on the same machine. They might have left a backdoor running or added a firewall rule. So, reset a machine before working actively on a machine. And if a reset storm hits your desired system, maybe switch to another machine.

While working on the different lab machines a bag of trick proofed to be quite handy. This bag contained compiled standalone exploits. Having those ready at hand was quite handy for some machines. Also, it was important not to rely on one single exploit, but to try different ways of exploiting a system.

The Exam

The exam is limited to 24 hours of hacking. After the exam you have got an additional 24 hours to write and submit the exam report.

All the details for the exam will land in your mailbox when the scheduled exam starts. Obviously, you will have to take over a certain number of machines. You have to achieve this without relying on an automated tool or existing Metasploit modules. Exploits, documentation and evidence all has to be created by yourself in the limited time period. Consequently, preparation is key. So, spend every minute you can in the lab environment. After the lab period is expired, try working on simple exploits. This is what distinguishes the OSCP from other exams.

Conclusion

The Offensive Security Certified Professional is a great basis for anybody interested in information security. Your skill level does not play a big role. If you are new in this area there will be quite a steep learning curve. For the more advanced, the lab has ample opportunities to test and improve your security knowledge. The most important thing to bring along is the motivation to learn and understand new things. I will Try Harder!

Try Harder!

Resources