Oh my, it’s been a journey for the past year. A lot of hard work and a lot of sleepless nights but it’s been well worth it. I earned my Offensive Security Certified Professional certification!
I’ve worked in various Desktop Support roles for a long time and I’ve wanted move more into Cyber Security, hopefully into a role as a ethical hacker or also know as a penetration tester.
I’ve spent a lot of time studying and working through various security related courses, obtained a few certifications from CompTIA (the Security+ and CySA+), spent a lot of time reading all that I can and practicing my ethical hacking skills every chance I got.
OSCP is the Offensive Security Certified Professional certification, offered by Offensive Security, the same organization that produces Kali Linux. It’s a practical 24 hour exam in which you are granted access to an isolated lab of 5 machines whereupon you perform a simulated Penetration Test. You must compromise enough machines to earn 70 points or more to pass. You must also write up a full Penetration Testing report for all the work you did.
Sounds simple? No, it’s not. I won’t sugar coat it, it’s tough. It’s not like spending time working through CTF machines at TryHackMe or Hack the Box although if you are looking to obtain the OSCP, I highly recommend both of those resources.
It’s a of learning more and more about systems then you ever thought you knew. I don’t want to sound arrogant but I’ve been working in Desktop related roles for 30+ years. I know a lot.
When I started this journey, I thought that was enough. Frankly it wasn’t. Thirty years of knowledge and I was literally back in school again and honestly learning new things everyday. Heck, even during my exam, I learned something new and updates my working notes documents accordingly.
So, how does one prepare to sit for the OSCP challenge?
There are many ways to prepare. For me, outside of the PEN-200 course from OffSec, the resources below I found immensely helpful. If I had chance to go back in time and start this again, it’s the one thing I would have done differently. I would recommend going through this list before you purchase your course and lab time from Offensive Security. That way, you have a solid skill set from which to work from and make very good use of the course labs.
- TCM Security Academy by Heath Adams. Follow him online and keep watch, he’s always offering coupons for these courses.
- Practical Ethical Hacking (https://academy.tcm-sec.com/p/practical-ethical-hacking-the-complete-course). If you are light on IT skills, never hacked a box in your life, this is really where you should start.
- Linux Privilege Escalation (https://academy.tcm-sec.com/p/linux-privilege-escalation). This course helps you to learn techniques on how to obtain root access on a Linux machine.
- Windows Privilege Escalation (https://academy.tcm-sec.com/p/windows-privilege-escalation-for-beginners). This course helps you to learn techniques on how to obtain root access on a Linux machine.
- Tib3ruis courses on Privilege Escalation. These are really the cream of the crop and will also help you in several ways
- Linux Privilege Escalation (https://www.udemy.com/course/linux-privilege-escalation/)
- Windows Privilege Escalation (https://www.udemy.com/course/windows-privilege-escalation/) .
- The Journey to Try Harder by TJ Null (https://www.netsecfocus.com/oscp/2019/03/29/The_Journey_to_Try_Harder-_TJNulls_Preparation_Guide_for_PWK_OSCP.html).
- This has a lot of very useful information even though it’s from 2019.
- He maintains a list of training VM’s that one should focus on to prepare. The updated version of this list is located at https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/edit#gid=1839402159.
- Training Lab Websites. These offer safe labs of virtual machines where you can practice your skills.
- Offensive Security Proving Grounds (https://www.offensive-security.com/labs/individual). This is a newer lab website offered from Offensive Security. Here you will find all the machines from Vulnhub (they bought them in 2020) as well as machines created from OffSec employees. Well worth the subscription. TJ Nulls vulnhub machines are accessible here.
- TryHackMe (https://tryhackme.com). This have many free options available to you. I do recommend paying for access as there is so much here. The Offensive Pentesting learning path (https://tryhackme.com/path/outline/pentesting) is well worth your time. Also check out the Buffer Overflow room by Tib3rius. It’s a must!
- Hack the Box (https://www.hackthebox.eu/). This place has all kinds of machines that you can get into and learn different techniques. Again, there is a lot there for free but I recommend paying for access here as well. Just a note, this place you actually have to ‘hack’ to register an account.
- Training videos
- Ippsec has a series of videos of the TJ Null list (https://www.youtube.com/watch?v=2DqdPcbYcy8&list=PLidcsTyj9JXK-fnabFLVEvHinQ14Jy5tf). This I highly recommend.
Lastly, I would like to plug the OSCP community on Reddit (https://www.reddit.com/r/oscp/). This is a place that you can ask pretty much any question you have and find a useful answer. The amount of help you can find here is really a tribute to the InfoSec community.
As for the exam, I received some very good advice from someone and frankly it’s what I did. Plan to fail on the first exam. With all that you are expecting to happen, just plan to spend money on a second exam voucher and don’t sweat failing your first exam. Most people don’t pass the first time around, myself included.
Always remember, failure will teach you more than success. How you apply what you learn is how you find success. That’s what it means to “Try Harder!”
Until next time and good luck to anyone pursuing their OSCP!