With Pain comes Sufferance and you get Humble

3 min readAug 7, 2018

Intro

I received my Offensive Security Certified Professional (OSCP) certification a few days ago which marks the end of a one and a half year journey. Last couple of months; I have been super busy taking the Offensive Security’s Penetration Testing Training with Kali Linux course (I took the 3months lab time access) in preparation for the Offensive Security Certified Professional (OSCP) certification.

Overview

OSCP is one of the top IT security certs in 2018. If you can achieve this cert, that’s awesome! Surely if you pass their exam, it’s almost certain that the person knows the subject well. Most likely you can easily answer interview questions very well. Unlike other exams, answers can be memorized, it doesn’t prove that you have the skill. OSCP exam is quite though, you probably know that, but you can do it!

Course Registration

You can register for 30, 60, or 90 days of lab time — I chose 90 and this cost around $1100

The Course

The PWK course consists of a 375-page PDF study course manual, accompanying videos, and access over a VPN connection to a huge number of (around 50) vulnerable machines. The course PDF doesn’t exactly walk you through every method being taught, and this is a good thing.

CONTENTS

⭐ Given a 300+ pages PDF content

⭐ 8hrs long video content.

LAB

⭐ 50+ machine in private environment

⭐ Given access to one of the subnet , Hack the rest

⭐ Find networksecret.txt to unlock new subnet .

⭐ Hack into Admin network ( Keep everything documented )

The Exam

The exam lasts 23 hours and 45 minutes. During this time you will connect to the exam network where you are provided with a series of vulnerable boxes, similar to the labs, only smaller. It is your job to break into these boxes and document your process in next 24 hours

MY START

I was a small town bug bounty participant when I first heard about Offensive Security certifications. It is hands on and is aimed at individuals whose primary focus is penetration testing. As it is heavily hands on, you will need to have enough experience in the area before attempting the examination.

SKILLS RECOMMENDATIONS

Before starting the PWK course and getting the OSCP certification, I recommend having knowledge on working with Linux/command line, Bash scripting, a scripting language ( Python)

Practice

Now that you have a fundamental understanding of the basics, you need to practice… a lot! If are pretty new to Penetration Testing and think that taking the OSCP will teach you — then you are dead wrong! You need a lot of previous training and experience to even attempt something like the OSCP.

materials below will help you take the first steps into Penetration Testing, and for those who are already experienced, it will help you practice and expand your skills.

Practice Labs

⭐ Hackthebox

Practice on the Retired Machines

⭐ Vulhub

OSCP like VMs:

Videos

IPPSEC

Derek Rook

Study Materials & Guides

Exam Tips:

Enumerate, Enumerate, Enumerate! :)

2. Keep everything documented

3. Don’t give up to easily, and most importantly… “Try Harder!”.

4. Practice, practice and practice. Keep practicing exploiting machines in the Lab

5.Never stop gathering information

6. “Ordinary” Information can be super valuable

7.Google is your friend

Tools

Tools only give you information . Use tools to answer questions rather than the other way around!

Reconnoitre : A reconnaissance tool made for the OSCP labs to automate information gathering and service enumeration whilst creating a directory structure to store results

LinEnum : Scripted Local Linux Enumeration & Privilege Escalation Checks

nishang : Offensive PowerShell

CherryTree : I use it as my primary note keeping tool for everything now.

The OSCP exam and course is really amazing. It provides great value for money plus what you will learn is top-notch.

@ippsec thank you for all those walkthroughs. Helped me a lot ❤