Doesn’t matter if you’re just getting into cyber security or you have already been here a while, you must’ve heard about offensive-security and their well known Offensive Security Certified Professional or OSCP for short.
root@acc3ssp0int:~# cat OSCPguide/newb.txt
I’ve never written a blog before, this is an attempt at one. This post is going to be divided into three parts, highlighting stuff like, is oscp for you? what to prep and from where? and a few exam tips.
This is where it all began, back in 2016, fresh out of C|EH and spending a few months as an intern is when I realized there is much more to penetration testing than Metasploit. That’s when my mentor told me about OSCP and how he was preparing for it. This is when I knew, I too wanted to do it, and promised myself, one day I will.
After a lot of back and forth and constant rejections, It took a while to land a stable job as a “cyber security consultant” (8-10 months, to be honest). This delayed the study time by a year and I officially started preparing for it sometime in Mid 2017, but more on this later.
Honestly, I may be repeating a lot of what other blog posts will say about preparing for OSCP, however, I would like my readers to know, for me, coming from a non-IT background (commerce to be specific) it took a lot of time, efforts, dedication, determination and persistence to get here.
That being said, let us begin.
root@acc3ssp0int:~# service oscp_cert start
Some things to keep in mind:
- It’s not for everyone.
- It’s expensive.
- It will bring about a moderate level of insanity with it.
- It doesn’t come with a manual, just a framework.
root@acc3ssp0int:~# man OSCP
This section is going to help you decide whether or not OSCP is for you.
I. Would I? Should I? Must I?
- Yes, if you’re looking to work in the InfoSec field, or just here for the knowledge.
- It looks great on the CV and shows that you have basic to intermediate skills of penetration testing and its tools, techniques and procedures.
- Do not opt in for the content if you don’t have at least 4-5 hours to practice in the labs.
- The more you invest, the more it will return. Not only this, you will also have a better chance to get it right in the first go.
III. Lab time?
The short answer would be, based on the amount of time you can invest, in a day is how you should decide the lab purchase. Usually what works is 60 days or 90 days lab access.
root@acc3ssp0int:~# cat oscp_structure.docx
OSCP is detailed into three sections i.e. Content, Labs and Exam.
I. The Content
OffSec sends you a bundle, including PDF and videos which highlight and teach you a tonne of basic hacking stuff, from enumeration to exploitation and more. Each section comes packed with its own exercises to practice. If you choose to document this, and look to submit this (for 5 extra exam points) then I would highly recommend you do so while going through the content.
Note: Documentation of Lab work is optional, however it does prove to be helpful.
II. The Labs
This is the biggie. Everything you’ve learnt through the videos, and everything you’ll learn through constant GoogleFu, enumerations and more will prepare you for what’s to come. I cannot stress enough, how important it is to spend all the time you are able to get, in the labs.
GO BANANAS!!! own every machine, practice everything you’ve learnt, and Google more.
III. The Exam
This is where all your time, efforts and everything else you’ve spent in the labs is going to be put to test. This is a smaller network than the labs, but it comes with a time limit. The notorious 24-hour exam.
root@acc3ssp0int:~# diff vulnhub.txt oscp.txt
Vulnhub, or hack the box (HTB) are more CTF based, but that doesn’t mean it will give you a small taste of what to expect in the labs. The labs are more of a simulated real-world environment containing client side exploits, and more.
root@acc3ssp0int:~# cat /home/OSCPguide/*
This concludes the first part of the guide. I know this guide was not too technical or highlighted the study part. I’ll get to that in part 2 and part 3 will tell you what to do with the few weeks you have before the exam.
You can read part 2 here
You can read part 3 here