Road To OSCP
We don’t know about you, but we will say the OSCP is one of the best security certification any offensive cyber security professional should have. The guys at Offensive Security will say it is an entry level certification, but the OSCP exam is a tough nut to crack depending on the effort you put in. Once you are successful, you’ll will realise how much it is worth. The tip below is collaborative advice from two Nigerian based OSCP’s.
Living in a country, where you leave home wee hours of the morning and spend 3 or 4 hours on the road commuting to and fro between home and work, you have very little time to study. Also, with the erratic power supply and not too stable internet, you should be ready to put a lot of work into practicing for the OSCP, you do not have the luxury to practice anytime you want, as there could be no power, hence you must adjust your body and mental strength to the availability of power and internet. But whenever there is a will there is a way, a simple trick is just taking a few hours after work and lots on weekends, means no TGIF’s and owambe for a while.
Before taking on the PWK, we would advise you to pay for the three (3) month option if you are working full-time, furthermore try to finish the course material no more than a month regardless of your penetration testing experience, then you get 2 months on the lab to practice and get better. Remember, you must schedule out time for the course.
During the PWK course
Be ready to learn and do a lot of googling, the PWK course really teaches you to learn from your own research, although we noticed that in most of the machines we compromised during the lab and exam attempt, the attack strategies taught in the course applies majority of the time. So, remember to glance through the course when stuck in the exams or in the Lab.
Make use of CTF’s a lot, a couple of times, lab time gets exhausted due to hectic work schedule and at the end of the day we had to rely on CTF’s like vulnhub, pentestlabs and our favourite “hackthebox” which has a similar simulation network like the OSCP labs.
You should take note that a lot of research has to go into preparing for the OSCP exam. The information below were very helpful during the course;
Last tips before the Exam:
Perfect your buffer overflow (BO), this is a 25-point system, regardless of the system given, the BO approach taught in the course material works.
Get a list of all precompiled windows privilege escalation executables — GitHub is a great source
For Linux precompiled exploits:
Take your body and mental strength through a 20-hour exam, or something close. Simply go on a CTF and spend roughly 16–18hrs on it, this will let you understand how your body thinks when under stress. This really was a weakness, the ability to think straight after 16 hours on a tedious exam, the answers will be in your front, but you are physically and mentally stressed, time is running against you, you begin to get paranoid, it blinds you from the answers.
Taking the exam :
The exam is 23hrs 45 mins with 5 machines given to you to compromise, have a lot of rest before that day, make sure power and internet is sorted, backup as well, you don’t want your modem failing you, and we have to say, the internet speed from the average Nigerian ISP is good enough. Also, if you wish, stock up on some biscuits and drinks for that sugar rush. Time your breaks, and have a long one at least between 2–5 hours during the exam, whatever works for you.
If you’ve got your Buffer Overflow sorted, it would take you less than 2 hours to gain 25 points. Start simple, from Nmap aggressive scans, to enumerating any web page you come across manually, take notes of all services and information you come across. Begin to go through each service and information in a timely manner, do not get stuck for too long.
Remember, enumeration is the key. Enumerate services found during the nmap scan, your way in will surely be through one of the services. Most times, you would gain limited shell to a machine and you need to enumerate further to escalate privileges. G0tm1lk’s Linux Privilege Escalation blog has always proved to be helpful, so make sure you have that page open as a guide.
When you come across an exploit on exploit-db, please read it, sometimes it may take you many hours to root a machine just because you failed to read the exploit code and see that the environment was slightly different, and a little tweak was needed in the command.
Take screenshots of everything you do especially after every successful step. True story, Adetutu’s kali linux crashed a minute after he finished his exam, good thing he used Microsoft OneNote to take screenshots and keep notes.