Musings on the OSCP

I’d like to diverge from our typical blog topics today to discuss the Offensive Security Certified Professional (OSCP) certification, and more importantly the associated course Penetration Testing with Kali (PWK) provided by Offensive Security. There are a number of blog posts discussing this course and certification already, almost all of them overwhelmingly positive. Why another? Because right now there’s a potential PWK student on the fence on whether they should go for it, or someone who has recently enrolled in PWK and are eagerly awaiting their start date who is scouring the web for any more OSCP related posts to read. I know, I was that person.

For those of you who don’t already know, the online PWK course is a hands on, lab based course that teaches the student penetration testing. It’s self-paced with additional lab time easily added if you need more time. The PWK/OSCP is very reasonable priced for a security related course and certification, especially one of its caliber. Students are provided with a lengthy PDF book and associated video tutorials with exercises to get them started. A Kali Linux VM and VPN access to the student lab network are also provided. These PDF and videos make excellent references as the student works their way through the lab networks finding vulnerabilities, exploiting those vulnerabilities to gain access to the systems, and looting those systems for nuggets of information that will help them move deeper into the networks. These lab networks are the playgrounds that really define the PWK experience, providing a wide variety of vulnerabilities and systems to exploit. That, and getting used to hearing the words “Try Harder”. There will be no hand holding during your PWK/OSCP experience.

Once the student feels they are ready, they can schedule their OSCP exam. Oh the infamous OSCP exam. The student gets 24 hours to own a handful of servers. Different servers will be worth different amounts of points depending on the difficulty of exploiting the system. You should know going into the exam that quite a few people don’t pass the first try. I certainly didn’t. It made the second try all the sweeter at 4am when I popped the last shell I needed to pass, almost 23 hours after I started the exam. Schedule your exam well in advance (slots fill up fast!), try to get some rest if you can, and definitely take breaks. If you’re stuck for a while, step away. Go for a walk, get a snack, drop some expletives on IRC. Clearing your head for a bit does wonders for getting a fresh perspective on that box that refuses to pop a shell for you.

So how did I get there? Before I took the plunge, I had been eyeing the OSCP for some time. I already worked in infosec, and had a strong interest in the offensive security side. I was slowly working my way at night through the occasional penetration testing book and home lab, but never seriously planning on when I would tackle the OSCP. Then I was fortunate enough to spectate at a National Collegiate Cyber Defense Competition (NCCDC) in San Antonio where one of the opening speakers (for the life of me I can’t recall his name) gave a talk on the OSCP and what a great foundation it is in offensive security. That was the last push I needed and I sat down with the wife to figure out how to fit the PWK into our hectic lives. It can (and will) consume large amounts of your time. I opted for a slower pace and just kept adding lab time (total of six months by the end) to try to maintain a semblance of work/family/hacking balance.

There are a number of excellent blogs discussing how to prepare for the PWK/OSPC, in particular Abatchy’s. My own preparation involved:

  • Reading “The Basics of Hacking and Penetration Testings: Ethical Hacking and Penetration Testing Made Easy” (ISBN: 978-0124116443)
  • Free Course: “Metasploit Unleashed
  • Reading: “Metasploit: The Penetration Testers Guide” (ISBN: 978-1593272883)
  • Corelan articles on writing exploits:
  • Reading: “Black Hat Python” (ISBN: 978-1593275907)

You should also be comfortable using a command line shell in Linux. You will be spending a of time using a command line in Kali Linux throughout the PWK and OSCP. If you’re interested in offensive security, you’re going to need to feel comfortably at home in Linux.

So should you tackle the OSCP? Doing the PWK/OSCP is best described as going through offsec boot camp. If that appeals to you, then I encourage you to go for it. The value to experienced professionals may not be there to justify the time investment, but for those looking to get started in offensive security, you could hardly take a better step in my opinion. It will be hard, it will take a lot of time, you will learn quite a bit. If you’re like most OSCPs you’ll also greatly enjoy the experience.

Note: No computer systems or blue teamers were harmed in the creation of this blog post.