Deciding to take the OSCP
Since passing the CISSP back in September 2016, and beginning work on new material for Pluralsight, certifications have taken a little of a back seat for the last 6 months. In fact, with the exception of attending the “Assessing and Exploiting Control Systems” course, at BlackHat late last year, it’s safe to say that i’ve given very little thought to certs until now.
I decided in January to set myself another goal and head for another cert but I really wanted to set the bar high and aim for something hands on, technical and very challenging. There are of course tons of certs out there which could be candidates for me, however after reviewing all of my options, I finally decided to aim for the OSCP cert.
The OSCP (Offensive Security Certified Professional) is the official exam to accompany the Penetration Testing with Kali Linux course offered by Offensive Security. You can find all the information about the course on their official website here.
If you are a regular reader of this blog, you will most likely have figured out by now that my InfoSec experience has always been very much from a Blue Team perspective. That is to say, I have never been in a full time Pentest role, however I’ve been fortunate enough to be involved with some offensive exercises throughout my career and also, while creating new signatures and detection capabilities as a Blue Team member, I have learned many of the techniques that I think will be covered by the OSCP. I also completed Metasploit Unlimited a few years ago with Joe McCray(StrategicSec) so I guess from an experience perspective, I am certainly no expert but also I’d like to think i’m no n00b(although I guess I will soon find out).
Now that I have set my sights on the OSCP cert, I wanted to begin preparing for study, even before I actually begin the material. I am expecting to purchase the OSCP lab material next month and I understand at that point Offensive Security will provide me with the OSCP videos and PDF material.
I am told, this material is around 70% of the material I am actually going to need in order to pass the exam and will need to develop additional skills throughout the length of the course in order to successfully pass the final 24 hour exam.
With that in mind, I have set out in February to try and get a sort of head start on my studies. My plan for now is super simple.
- Study Study Study!
- Practice Practice Practice!
Being a member and trainer at Pluralsight, I am fortunate enough to have access to their library of Pentest courses available there. Beginning last week, I have been working my way though the material on Pluralsight to begin getting my self into the mindset of the OSCP and learning new skills and tools I might need for the course. So far, I have completed a lot of the material and found nothing particularly new but it is always good to refresh on old skills.
Besides watching the Pluralsight courses I also picked up the Web-application Hackers Handbook which I have been reading to help improve my understand of web app attacks. Again, not an area I am unfamiliar with, but certainly an area I could do with going a little deeper into. I picked up the book from Amazon here.
I’ve also been following Jan Wikholm’s blog/vlog which covered his path to OSCP.
For the next 4 weeks, my goal is to simply read and watch the materials and practice any new skills, techniques or tricks in my lab environment.
You just simply cannot pass an exam like this without practicing… LOTS!.
I began a few weeks ago by working through some of the machines on vulnhub. So far Ive completed a few machines but I am looking for some more webapp heavy VM’s to try and attack.
Since I spend so much time flying I actually have a lot of time to look at these machines and so I have been using travel time to attack these vulnhub images and learning quite a bit. I took a leaf out of Jan’s book and used the walkthroughs on some of the machines just to learn what I should be doing, and learn what other options I had to complete the task. I noticed in some machines that I rooted that my method was not the same as the guide and so it’s been useful to learn multiple paths.
Finally, when I am not on the move, I have been using CTF365.com to hone my skills. Connecting into their world over VPN, enumerating their network and attacking the machines within that environment. I have found this to be the most useful resource so far however since many of these machines are actively defended, it’s also very challenging to find vulnerabilities in these hosts. Still I would absolutely recommend checking out CTF365. You can get a 30 day free trial signing up on their site now. (As of Feb 2017)
I have plenty to keep me busy throughout February but i’d be very interested to hear from others who have already passed OSCP and others who are already studying. What did you do to prepare to begin the course? Are there any more resources you can recommend?
Let me know in the comments below, subscribe and follow on Social media.