My hunger for knowledge and my odd craving for challenges that push me to my limits have remained insatiable. Proving something to me is important, as are establishing my InfoSec credentials. Offensive Security Certified Professional OSCP is a certification program that focuses on hands-on offensive information security skills. It consists of two parts: a nearly hour pen testing exam, and a documentation report due 24 hours after it.
OSCP is a very hands-on exam. Taking the course is mandatory for you to become eligible to take the OSCP. In addition to the knowledge you gain from the course, it opens doors to several career opportunities in information security. Of course, those who pass get bragging rights too. If you ask OSCP-takers about the difficulty level of the exam, you will get varied answers but most people say that it's the most difficult exam they've taken in their lives.
This is why it is critical to prepare well for it. I cannot emphasize enough the importance of preparing prior to the course. Time to get your hands dirty! After reading up and reviewing on the topics above, you can apply the things you learned with these:. I hope my suggestions will help you in your OSCP journey. If you have questions or need any help you can reach me via Twitter blad3ism.
What is the OSCP certification training? How hard is it to pass the OSCP certification? These will help you spot clues for privilege escalation. Brush up on them! This will help you to automate redundant tasks. Also, practice bypassing web security filters for injection attacks.
Metasploit Framework — Brush up on creating payloads with different formats, using multi handlers, and using staged vs non-staged payloads. Knowing these things will save you some time during your exam. File transfer - It is important that you know the different techniques to transfer files to a target machine. Aside from those topics, these books will also come in handy: Kali Linux Revealed - To freshen up your Linux Fundamentals.
This book covers almost all the aspects of what the OSCP entails. The book covers web application attacks from attacking access controls, application logic, and application servers. Hacking: The Art of Exploitation 2 nd Edition - This book covers deeper knowledge about penetration testing. After reading up and reviewing on the topics above, you can apply the things you learned with these: OSCP Like vulnerable machines list by abatchy Over The Wire: Natas - It focuses on web application challenges.
TAGS: certificationpen testingoscpmetasploitwiresharkkali linux. Get the latest security news in your inbox. Twitter LinkedIn Facebook Reddit. Get Price Free Trial.Hey Everyone, it is Matt here, and I know it has been a super long time. Since late June. I have constantly thought about my blog along the way, and I know I have neglected it.
But, I have been diligently working everyday, and I truly wanted my next post to be a celebration post. It is finally here! I have been working every single day since, and two days ago, Tuesday September 4th, I took my 2nd exam attempt and passed with flying colors! On my last post I had rooted 30 boxes, and wow that is nothing compared to where I am at now.
After my last post 30 boxes rooted I continued to work through the lab machines, and I scheduled my exam for July 31st. I finished every single machine in the labs about 55 by Mid-July, and utilized the next two weeks or so to go back and re-root the machines I struggled with. In total, by July 30th I had rooted every single machine in the labs, and I had re-done about Additionally, I had re-familiarized myself with Buffer Overflows Really good idea!
I woke up two hours early before my exam, an anxious wreck. For two hours I tried to calm myself down, get some Starbucks, drive etc. Normally I handle pressure very well, but not today! In true Offsec fashion, my exam email arrived right on the dot. This was a pretty short and sweet email giving my the download link for the VPN, Control Panel link, and a couple of pointers. After getting everything configured only about 5 minutes I pulled up the Control Panel, read the objectives for the first machine, and I was off to the races!
Additionally, you do not get to keep your same IP Address that you have had throughout the whole labs, so be prepared for a different one! Memorize it! I tried to get the 25 pointer Not the Buffer Overflow oneand I was failing, hard.
After deciding to table the 25 pointer for now, I re-focused my efforts on a 20 pointer. I scanned out the system, and once again, I was struggling! I decided to take a breather and come back with a fresh mind.
After about a 30 minute break, I came back and decided to do the Buffer Overflow machine. After about an hour, I successfully compromised the target, and I had obtained 25 points!
Confidence Boost! Short lived! After this Buffer Overflow machine, I decided to re-attack the 20 pointer that I had attacked earlier, and after another hour or so tinkering I got a shell! Currently hours into the exam, with one root and one low level shell.
How to Prepare to Take the Offensive Security Certified Professional (OSCP) Exam
I played around with privilege escalation for about an hour and half before tabling it. I decided I wanted to add up some more points, so I went after the 10 point machine. It took around 30 minutes, but I got root access pretty fast, which brought my points up to somewhere around 45! I was feeling better, but I think at this point I knew it was probably over. This was the most brutal time period of the whole exam, and I actually felt like puking.
I rotated from the low level shell, to the 25 pointer, to the other 20 pointer. Over and over and over again. After many hours, I finally obtained a root level shell the original 20 pointer, which brought me up to 55 points. Now I had a battle between the 25 pointer and the 20 pointer. So, I went to sleep.
I woke up at about am with about 3 hours left.This exam is a great way to prove your penetration testing skills and a great one to add to your resume. You have to get 70 points to pass, out of a possible There is also 5 points of extra credit for doing the lab-work and the course-work. First, some background about me. I was a cyber PM, analyst, and engineer at my job. I signed up for the labs in September,by going to the official website.
I actually broke into about 12 boxes to be on the safe side and ensure they are unique.
This is pretty much all I had time for in my 30 days of lab time. It has multiple subnets to emulate a few different environments, with plenty of servers on there for you to break into. Something like this:. This is my box owning history on hackthebox. So my first exam date was scheduled for Nov 16th. The reason for this is that optimal start times e.
Keep in mind you have 24 hours for the exam when you are booking. Retired machines have youtube videos, would highly recommend Ippsec videos like this one to learn quickly.
Our blog also has quite a few tutorials on the recently retired machines. I went into the exam guns blazing… but only got about 50 of the 70 points necessary to pass.
By about 22 hours in, I was beginning to take naps and just was not effective anymore. The proctors were pretty chill though, all you have to do is show them the room with the webcam, and screen share all monitors you will be using. They will note down anyone that enters and exits the room. You may take breaks and walk away, then come back at any time within the 24 hours. So what did I do wrong? Nothing really. I failed that first exam.
What I did was go straight back to HTB and continue trying to break boxes. By the time that rolled around, I had gotten into 43 boxes total on HTB and 12 lab boxes, putting me at over 50 boxes broken into.Start your free trial. This is a well-recognized certification for information security professionals that touches on hacking techniques that are being used in pentests today.
They also show themselves to be well-versed in finding vulnerabilities due to software or hardware flaws or configuration mistakes. OSCPs can be the go-to individuals in infosec because they are problem-solvers and analytical thinkers.
This sector, as OffSec states, was born out of the belief that the only way to achieve sound defensive security is through an offensive approach — i.
Putting theory into practice is where the OSCP really shines, and it is also what separates it from other certifications. Exam takers will need to apply various tools for pentesting within the Kali Linux operating system and learn how to work with different kinds of exploits, all while documenting any vulnerabilities in the lab exercises. This can help you earn an extra five points in the exam. It is essential for professionals to document all they can during the time being connected to a system that detect weakness and identify areas for improvement.
In fact, test takers will be required to compose and submit a real-life pentest report of all the activities in the lab. This means that the candidate will not only have to prove technical abilities but also the professional communication and proper documentation skills that are a requirement for the majority of IT roles. A great feature of this certification is that OSCP holders do not need to re-qualify. However, anyone who is found engaging in any unethical practices such as cheating on the exam or divulging test material will have their certification revoked and receive a lifetime ban from any future courses or offerings by Offensive Security.
Another interesting aspect of becoming an OSCP is that Offensive Security does not require its students to maintain their certification status by earning continuing education credits periodically or by paying an annual fee.
The OSCP certification challengers learn to put themselves in the shoes of an attacker by using the same tools and techniques that they will later apply to defending applications against real-world attacks. The exam lasts 24 hours to prove that the candidate has the right degree of persistence and determination to be successful in this role.
During that time, the professional is exposed to real world, hands-on penetration testing on an isolated VPN exam network with five victim hosts. This is to demonstrate their ability to successfully defend a system. Once the tester has completed the exam, it is important he or she follows the submission guidelines. However, no digital versions of the certificate are issued, as successful candidates will be mailed their credential proof. Possession of a current certification can also be verified by emailing a request to orders offensive-security.
The OSCP credential is becoming a respected and sought-after designation within the information security realm, thanks to its unique way of testing applicants that really targets their technical ability.
Unlike many other related certificationsOSCP is truly percent hands-on, so it is extremely valuable to employers looking for professionals who not only have a solid theory background but the practical skills necessary to identify weaknesses in their IT environment.You have to immense yourself in practice, practice and practice.
I spent about 3 months to obtain my certification. From not owning any box, to rooted 87 machines right before my OSCP exam. Dedication is needed. Stay healthy is also needed.
Yet you also need enough rest to let your body recover both physically and mentally. I am going to layout what I went through for this journey and hopefully this would be helpful to those brave souls who are ready to take the challenge. While it took me 3 months, time needed for others vary. Some need less while some need more. Other blogs suggested about solid hours practice which I think is a fairly good estimate.
So I have roughly 2 weeks to prep before the actual course starts. Since they all have writeups, I could refer to the writeups when I am really stuck. But I tried to avoid as much as I could and only to read them after I rooted the machine to see how other people did the box and learn from them.
When the start day arrived, I received emails from Offensive Security to unlock the course materials: course pdf, video clips and connection pack to the lab network. I would rather get better equipped first. So instead, I took my time going the through the course materials, doing the exercises and documented them. While studying through the course materials, I continued to spend time trying out vulnhub VMs.
I rooted another 5 VMs to a total of 10 vulnhub VMs. After that, I moved on to HackTheBox. I also made sure the boxes I picked has the corresponding video walkthroughs from ippsec.
His walkthroughs are amazing and I learnt a lot from him even only watched after I rooted the boxes. A multi-threaded network reconnaissance tool which performs automated enumeration of services. This tool will automatically start nmap scanning and launch subsequent enumeration tools based on available services on the target machine. But be caution that this pre-scanning may not be accurate in some boxes because the boxes were not in fresh startup state. To obtain the most accurate enumeration results, always revert the box first and then do the enumeration.
I ended up checking out the scan results quickly, box by box and picked the box that I felt more familiar to start with. So my emotion was like a sine curve. This is where you developed your methodology, how you approach a machine and what tools to use in different situation. Keeping notes of what you learnt and used is very important.
I kept detailed notes of each and every box I rooted.I began my OSCP journey in the late fall of I want to give a brief description of what the OSCP is and how it is different than other certifications. I also want to provide some advice that may help you along the way if you choose to pursue it. The quote above says it all. Lab time is bought in in one- to three-month increments, which gives you VPN access to a shared lab.
You are also able to buy lab extensions at very affordable rates. These prices include the exam itself. As far as certification and training goes, the OSCP is very affordable.
Much more affordable than just about any other training program or certification. Where the OSCP is very expensive is in terms of time.
Is OSCP Difficult?
It takes most people hundreds of hours of time, but the good news is the labs are actually quite fun well, at least most of the time. At times, it is a bit like playing a video game. In terms of value for both your time and money, really nothing beats the return that the OSCP provides. The exam itself is just a smaller version of the labs. You are given 23 hours and 45 minutes to root as many machines as you can, and there are just a few in the exam.
Partial credit is given for low privilege shells. The best part about the labs is that nothing is off limits, so you can use any tools you want and any methods you want with very few limitations. However, there are some restrictions on the actual exam.
Those exceptions can be found on their website and basically boil down to not using commercial automated tools for vulnerability scanning and for exploitation. There are no restrictions for nmap. I would recommend jumping in right away no matter where you are with your knowledge, your career or your experience level.Incident Responder, creator of random tools and boardgame geek.
Full disclosure I am not a penetration tester and I failed my OSCP exam twice before eventually passing on the third attempt. I am hoping something I share here will prevent you from making the same mistakes. This allowed me to put alot of time into the lab network and own all but 5 boxes.
After hearing about the Offensive Security labs for the last few years I got a bit too excited and as soon as I got my VPN access and jumped straight into the lab network without reading any of the documentation. After a week I had a few of the really easy boxes but found myself getting stuck alot and with no real idea of what to do next.
So I stepped back and decided to take a more methodical approach which started with reading the material and trying the techniques in the lab network. There are bonus points for writing up the Labs and the Exercises that can be used as an additional submission to your final report. I had originally planned to do this as there were 10 points up for grabs, however at some point a month or so before my lab time started Offensive Security changed the weighting of the extra submissions. What was originally:.
Became 5 points for both. Whilst writing the Labs was good practice for the final Exam report and the exercises were informative it felt like it was going to be alot of extra effort and use even more of my dwindling free time to document it all correctly. One big takeaway from the labs is to get into the habit of documenting everything you do to compromise a host it will help you so much later in the labs and exam when you come across a similar vulnerability.
It also makes the final exam report a case of copying and pasting. I have included a copy of my reporting template for each host below.
The Try harder mantra is something your are going to hear a lot. There are going to be times where you are so frustrated and you just cant figure out what to do on a certain box and all the help you seem to get is Try Harder! The act of self discovery and figuring out those steps yourself is a big boost, after smashing the keyboard for 3 days and then finally finding that missing links.
It makes grabbing those flags just a little sweeter. The exam is tough, it requires you to score a minimum of 70 points within 24 hours and then submit a formal penetration test report in the following 24 hours.
I tried to start each exam as early in the day as I could normally around 9amam. I thought this would give me the best shot of staying alive if I had to use the full 24 hours.