Offensive Security’s “Penetration Testing with Kali Linux” Course — and why it’s possibly the best way to get started in InfoSec

At the time of writing, I’ve just finished my Penetration Testing with Kali Linux exam, and I am incredibly surprised at how ruthless the course was. “Try Harder.” has become my philosophy, and I have never seen or heard of a course that is as demanding and hands on as this.

Penetration Testing with Kali is a course offered by Offensive Security, a company well known for their catchy reggae songs, penetration testing linux distribution, huge archive of exploits, google dorks, shellcode and papers and penetration testing services. It’s fair to say they know what they’re talking about, and if you’re even remotely involved in Penetration Testing you’ll have heard the name. The course itself is described as an “online, self-paced penetration testing course” but really it is much more than this. In fact, I’d go as far as saying I’ve not seen any widely advertised entry-level security courses available.

The course itself consists of 4 parts, the book, the videos, the labs and the exam. I did my course in order, but it’s possible to watch the videos alongside the book if you wish. The main part (or selling point at least) for me is the labs. As part of your course, you have access to a range of machines that are vulnerable to various forms of exploitation, of which you have to enumerate and find the issues manually yourself. Learning InfoSec, for me (and a lot of other people), is kind of like learning to draw; you can read many books about it, watch tonnes of videos showing how to draw, but unless you practice it, it just goes in one ear and out the other.

Another part of what the course excels at, is how in depth it goes. It doesn’t explain just the high level Metasploit stuff, it also explains how and why they work. As part of the course guide, you will be developing a buffer overflow exploit for a piece of vulnerable software. It seems daunting at first, but the videos explain it so well it’s very easy to get a good grasp of a very finicky subject. But this is vital to anyone pursuing a serious career in InfoSec. And a lot of other courses don’t seem to have this content, or test it on their students. Using my art analogy again, it’s like tracing and drawing; tracing will get you a good idea of drawing the lines in the stencil (*cough* metasploit *cough*), but what about when you need to make your own stencil? It’s things like these that really make the OffSec course a brilliant foundation for anyone getting into Information Security.

But if you get stuck, the answers there for you to learn from, right? Nope. Welcome to OffSec, where motto is try harder. For a distance learning course, as someone who has done Open University before, it’s pretty surprising at first but you then realise they have amazing support on their IRC channel who are great at giving you hints with no more than what you already have. There is pretty much always an admin on in the channel (though they have official staff hours) and they are all friendly and willing to help without giving you the answer. The Try Harder motto works for some, as when you find the answer it feels a whole lot better. But it’s not for everyone. I’ve read numerous complaints about the “Try Harder” attitude on the course, but all I can really say to that is welcome to the real world. If this was a real life penetration test, you can’t ask your target for a hint on what’s vulnerable, enumerating that is your job. I wouldn’t personally feel comfortable hiring someone who doesn’t carry this mindset as I would have no confidence they are going to discover everything that’s vulnerable.

Hacking the labs is fun, and you can buy additional time for them in 30 day increments (I had 60 days but only used about 2–3 weeks), but what about when it comes to actual penetration tests on machines you know nothing about that in a time limit? Well, that’s covered in the exam. I won’t go into too much detail about what’s included on the exam but I can say it was one of the hardest 18 hours (though you have 24 hours to complete the exam) of my life, and I am still exhausted from all the work I put into it. And as part of the exam, you had to document your findings in the form of a professional penetration test. The only complaint I could make about the course is this last bit though, as there is little to none in the course content about writing the report. They give you a very well made template you can choose to use (I didn’t as I love Markdown too much) which has an explanation for what each section needs to have, but they could give a bit more information on it in the course guide.

Before registering for the OffSec course, I was considering doing a Certified Ethical Hacker qualification. I decided against it in the end, after reading numerous recommendations that OSCP is the way to go if you want to get into a more technical route. But the thing is, for the price ($1000 is relatively average compared to other qualifications), you are getting the best value for money on the market, with training from real penetration testers who are active in the InfoSec community and even develop the tools you use. I’m not a HR person, so I can’t comment on how well respected it is in that sense, but after the recent announcement that it will be considered equivalent to a CREST Registered PenTester certification, it’s clear this may be the best thing you can invest your time and money in if you want to get started in information security.

In conclusion, I’d say this course is an amazing choice for anyone who wants to get serious about learning InfoSec. However, it’s not for everyone and if you can’t handle the “try harder” attitude, then you probably don’t have the mindset you need to become a penetration tester. If you can’t afford the course, or want to sample it, I really recommend having a look at the Metasploit Unleashed course also offered by Offensive Security, which is a free online resource that goes more in depth than any other free course I’ve seen. I’d also recommend you’ve got a good idea of using the linux command line, you know your basic networking concepts and you’re comfortable scripting and understanding languages. That last one is a must if you want to get anywhere, as there will be a lot of programming modifications you need to make in languages you might not understand.

Thanks again to OffSec for an amazing course, and if you have any questions about the course feel free to ask other students and the staff in #offsec on Freenode IRC. If you have any questions about my experience, feel free to drop me a line as well, though I won’t be able to answer about my exam or any specific lab machines/exercises. If you’re stuck on them, then go for a walk, take a break, come back and just try harder.