Friday, December 23, 2016

Passed OSCP exam

I have known about Offensive Security for a while. My first certificate was Offensive Security Wireless Professional (OSWP) (https://www.offensive-security.com/information-security-certifications/oswp-offensive-security-wireless-professional/). I got this when I was in high school (2010). I used to hang around on Freenode IRC and OSWP was recommended to me. I was familiar with Linux and I had used Backtrack so I thought I might as well get the cert. Also, I had to have a senior project presentation so I ended up talking about security and me getting OSWP cert.

I recently passed Offensive Security Certified Professional (OSCP) (https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/) exam. This course was fun and challenging. There is a lot of focus on information gathering, enumeration, and post-exploitation. Also, you are taught to not rely on one tool too much. For example, in the exam, you can only use Metasploit on one of the targets. In course, you also learn to modify and fix existing exploits, this comes in handy during the exam.

When you register for OSCP, you receive your training materials and lab access information. Training material is for you to learn things and lab is where you can try things out. When I started doing the labs, I took the easy way out and used Metasploit a lot. Although, I did go back and do some of the labs again without using Metasploit.

If you plan to sign up for this, make sure you can dedicate time to it.
Know the basics of networking, Linux, and Linux command line.
Be strong. Some of the machines in the lab will make you cry.
Take good notes and document everything!
If you can, see if anyone on /r/netsecstudents is doing OSCP and maybe work with them. I was working alone and sometimes I lost motivation to do the labs. Maybe having a partner will keep you in line and motivated.
Read the reviews and tips posted by other blogs. I've provided links at the bottom. Other posts provide you with more information this post.

Prepare your tools and scripts before you start the exam. I recommend starting exam early in the morning. I took it twice. First time, I started at 5PM and started to get tired at around 11PM. Second time, I woke up at 4AM and started the exam.

I was able to do this thanks to BSidesIndy (http://www.bsidesindy.com/) and Offensive Security. I won the training as a prize at BSidesIndy.

If you are thinking about focusing on pentesting, I highly recommend OSCP. I would love to do OSCE (https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/) too when I get more time to dedicate to it.

Better blog posts:
https://itgeekchronicles.co.uk/2012/11/01/oscp-the-lab-report/

http://www.jasonbernier.com/oscp-review/

http://blog.knapsy.com/blog/2015/03/29/oscp-thoughts-and-tips/

https://www.wasserman.me/blog/2015/10/12/how-i-learned-to-love-enumeration-and-passed-the-oscp/