Penetration Testing with Kali (PWK) & Offensive Security Certified Professional (OSCP) Review


 

Intro

There are a lot of certifications in the Information Security industry. If you want to learn InfoSec as a whole with a management point of view, take the CISSP. If you want to meet compliance and read about the methodology and tools hackers use, take the CEH. If money is not an issue, take a SANS course.

However, if you want to take a course that is reasonably priced, gives back exactly what you put in, and learn to be a true offensive security professional; take the PWK course with an OSCP certification as a reward.

I am not going to explain much about the course itself. There are many blogs out there that are better than anything I could ever write. Also, I am not going to jeopardize leaking any information on the course due to a signed contract. However, I will be high level with what went through my head before, during and after the OSCP.

Wait, what is the OSCP?

Coming straight from the Off-Sec Website :

The Offensive Security Certified Professional (OSCP) is the companion certification for our Penetration Testing with Kali Linux training course and is the world’s first completely hands-on offensive information security certification. The OSCP challenges the students to prove they have a clear and practical understanding of the penetration testing process and life-cycle through an arduous twenty-four (24) hour certification exam.
An OSCP has demonstrated their ability to be presented with an unknown network, enumerate the targets within their scope, exploit them, and clearly document their results in a penetration test report.


Preparing for the OSCP


Before signing up for the PWK course and eventually taking the OSCP exam, I spent a lot of time researching on it. I read countless blogs on others experience in the course. What did they do to prepare? What were their current skill-set prior to the course? What were their recommendations? Here's what I felt needed to get done before signing up for the PWK:

  • First and foremost, I needed to let my girlfriend (soon to be wife) know what was about to happen. Having the support from her was critical in our well being since the amount of effort needed to study would certainly shorten the amount of time spent with her and our friends
  • I started studying some scripting languages. Specifically python and bash. This was a big help
  • I watched a lot of youtube videos on different "hacks". These videos helped me get in the mindset of what to expect when entering the labs
  • I started downloading VM's from VulnHub. There were some VM's specifically geared towards what you may expect when studying for the OSCP and taking the PWK course

During the PWK course



I signed up for the 90 day lab time. I felt having a full time career, there was no need to rush with the 30 or 60 day lab. I figured, why not spend a few extra bucks and take the 90 days? In hindsight, 60 days would have been plenty, but I have no regrets since the labs were the best part of the whole course.

I spent A LOT of time studying and exploring the lab environment. I couldn't have spent less than 4-5 hours every night during the week and 8-10 hours each day on the weekends. Since you are spending much of your time researching and testing different hacking techniques, it's hard to spend any less than 2 hours at any given time.

I feel the amount of effort you put into the course will reward you tenfold. This is a self-paced course. The documents and videos that are given by Offensive Security is only a fraction of what is needed to obtain the certification.

The lab was amazing. It was beautifully architected and constructed. The applications and technologies found replicate that of a mid-size corporate environment. When you are in the labs, you truly get the feeling that you are hacking your way through a real corporate environment. There are emails to be read, documents to be found and files to be opened in order to make it to the crown jewel, the Admin Network.

When it's all said and done, the feeling you get when rooting a box that you spent hours, if not days working on, is something that is memorable. There were nodes that I encountered that I will never forget, and techniques found that will be valuable in future endeavors.

Exam

For the exam, I found that it is hard to tell when I was ready. I was able to compromise nearly 40 boxes in the labs but still had that doubt when it was time to take the test. Ultimately, it took me 2 attempts to pass the exam. I'll start off with what went wrong on my 1st attempt:

1st attempt


My first attempt was an eye opener. During the entire 24 hour period, I took about 3, 10 minute breaks. This was not nearly enough to clear my mind and give it the rest needed to think critically.

I did have the proper food though. I had vegetbles and fruit; water, coffee and energy drinks; and sandwiches and pizza at my finger tips. However, I found that I barely touched any of it. I was so consumed with the exam that again, I never gave my mind or body the proper nutrition to function appropriately.

I also found that during the exam, I was able to get on the box, but lacked many privilege escalation techniques in order to fully gain root on the hosts.

I ended my first attempt with about 55 of the 70 necessary points in order to pass. I still wrote my exam report and touched up the report for both the lab and exercises. I found this beneficial to help understand if I was able to gather all the necessary screen shots and artifacts from the exam. It also helped me to build a solid report template for future tests.

2nd attempt 



On the 2nd and final attempt, things went a lot more smoothly. I made sure to take breaks after each box I rooted. I also scheduled breaks every few hours to just get up, go for a walk and get some fresh air. This was found to be extremely helpful and important. I can't stress this enough, taking breaks is IMPORTANT. At one point during the exam, I was stuck on a box and I decided to go for a run. During my 30-45 min run, I was able to be completely hands off keyboard and came up with a few different attack's that I wanted to perform when I came back. This helped because if I were to be on the keyboard the whole time, I may have spent hours trying to do something when it may have been time to try something else.

I also changed up my exam time. My first exam was at 10am and I noticed around 4am to 6am, I wasn't thinking straight. On the second attempt, I scheduled the exam at 4am. This way most of the exam would be done during the day which is when my mind is at its peak. It was tough going to bed early the night before, but I was still able to get about 6 to 7 hours of rest prior to waking up for the exam.

Also, during the null period between the 1st and 2nd attempt, I did a lot of research on privilege escalation. I read up on many techniques that were found to be extremely helpful for the exam.

With all work I put into studying and preparing for the second attempt, I was able to get the necessary 70 points after about 14 hours. I spent the remaining time trying to get more points and ensuring I had the proper artifacts and screen shots for the final report. Also, like before, I submitted my lab and exercises to relieve all doubt that I didn't have the minimum points.

I submitted my report, lab and exercises and ultimately received my confirmation email that I had successfully passed the exam and awarded the OSCP certification.


Final Thoughts

This was by far the most rewarding course I have ever taken in my professional career. The knowledge gained, the effort put in and the feeling when getting 'rootz' is something that can never be taken away from me.

Now that my time spent taking the OSCP is over, I will be taking a bit of a break before getting back at it and working towards the OSCE or GXPN! My break will still consist of casually studying reverse engineering and advanced exploitation, along with working on VM's found on VulnHub, it will just be a little less intense right now. =)

In closing, I highly recommend this course for anyone wanting to get into penetration testing or simply wanting to learn more about what it takes for hackers to penetrate a system and network. This course is not for the light hearted and requires dedication, time and effort in order to succeed. Much of hacking isn't about the "hacking" as it is about the mindset and the approach when encountering a system. It's about what you can do with the information given.

Good luck to anyone starting this course and remember: Try Harder!