OSCP Experience Thread - MSP-IT

As I did with my SCPD certificate, this thread will outline my experience while I go through the certification program.

In my mind, I've made leaps and bounds in the security industry with very little experience. Having only been in IT less than 2 years, and information security even less than 1, I've completed my CCNA: Security, SSCP, and the CISSP exam to this point. Despite the fact that I have indeed worked pretty hard to complete the prior mentioned certifications, they haven't present THAT much of a challenge. This is why I'm turning to the OSCP. I'm ready to try harder.

Despite its recognition and its ability to cushion a resume well, I'm primarily taking the OSCP in order to give me the pen-testing deep dive I'm been preparing myself for through theory training. Starting with the OSCP, my rough plan is to work towards more of an exploitation role through the eCRE with eLearnSecurity and finally to the OSCE with Offensive Security. I believe this will give me the best "bang for the buck" when it comes to certifications. This is also the closest path to my current experience in security working in DevOps and automation.

For me, the challenge starts Aug. 16th and extends until my 90-day lab access ends.

Stay tuned.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

JoJoCal19

MSP-IT wrote: »

The the depth of the material and the curveballs that are thrown, you really need to be attentive and at the peak of your day's mental capacity to feel comfortable enough to absorb most of the information, and that's almost never the case for me after noon.

Ugh. That's bad news for me then because I'm the same way as you. My job is easy but just waking up at 5am, the commute to and fro, and thinking while at work, when I get home by 5pm I'm ready to check out mentally. Then my day still continues for the next 3 hours as I play with kids, dinner time, bath time and put them to bed. When it hits 8 I just want to sit in front of the TV and not actively think. I think that's why moving from CISSP/ITIL to CEH was so difficult. CEH material requires more thought and absorbing while the non-technical stuff just came to me naturally and seemed easy to absorb.

MSP-IT

JoJoCal19 wrote: »

Ugh. That's bad news for me then because I'm the same way as you. My job is easy but just waking up at 5am, the commute to and fro, and thinking while at work, when I get home by 5pm I'm ready to check out mentally. Then my day still continues for the next 3 hours as I play with kids, dinner time, bath time and put them to bed. When it hits 8 I just want to sit in front of the TV and not actively think. I think that's why moving from CISSP/ITIL to CEH was so difficult. CEH material requires more thought and absorbing while the non-technical stuff just came to me naturally and seemed easy to absorb.

It could be different for some people, but I've found that I cannot manage it the same way as other courses I've taken.

JoJoCal19

I definitely agree with you as what you said applies to me for sure. But even if other people are different, I think what you said about the material is spot on. Sounds like the OSCP material requires a lot of thinking and active learning outside of the given materials. Far different than reading some pretty straight forward information like the CISSP.

MSP-IT

I think that the difference is actually why the OSCP is viewed as one of the highest tier certifications in the industry.

The CISSP and other theory-based certifications require more of a understanding of concepts, whereas in PWK and the OSCP, you actively participate and have to learn various things on top of the theory.

si20

You guys are seriously worrying me about the OSCP I've signed up already. I've got very very little pen-testing experience. In University, we just hacked some Windows 2000 machines using a C file and then did the same but with metasploit. I understand some networking and scanning IP's etc. But have I bitten off more than I can chew with the OSCP? I've literally saved up for months and months to afford the 90 day course.... Judging from what I said, am I in too deep?

NovaHax

si20 wrote: »

You guys are seriously worrying me about the OSCP I've signed up already. I've got very very little pen-testing experience. In University, we just hacked some Windows 2000 machines using a C file and then did the same but with metasploit. I understand some networking and scanning IP's etc. But have I bitten off more than I can chew with the OSCP? I've literally saved up for months and months to afford the 90 day course.... Judging from what I said, am I in too deep?

No...you're good. Don't start doubting yourself. OSCP is more about relentless determination than anything. If you want it bad enough, you'll be able to bridge the knowledge gaps required to get there.

MSP-IT

NovaHax is right. I think time and energy (and a baseline of computer knowledge) are really the primary factors when considering the OSCP.

MSP-IT

Progress
PDF Guide: 69% Complete
Videos: 38% Complete
Lab Exercises: 30% Complete
Lab Machine Penetration: 0/50 Attempted

Given my limited ability to connect to the lab machines at work, I've been studying the PDF manual intently. I hope to complete the remainder of the guide by EOD today. I'll continue to re-read through the guide as needed until I have a firm understanding of the basic path in which to proceed. My soft goal is to have the lab exercises complete by 27th of Sept., in which case I can dive into the lab machine penetration tests. I'll give myself roughly a month to work on the machines, which will leave me ~3 weeks in preparation for the exam.

NovaHax

Lol...I actually got in trouble for setting up a dedicated and unauthorized 4G wireless access point at my office to work on OSCP. Completely forgot about that until you mentioned not having access to them at work.

SCSI_BEAR

Hi Folks,

I thought I would join this forum and see how everybody is getting on with the OSCP course. I have recently signed up for the course and an hoping to be able bounce a few ideas, suggestions about gaining access to some of the boxes, looking for some hints or tips basically but no walkthroughs.

Is that something that is possible in this forum ?

MSP-IT

NovaHax wrote: »

Lol...I actually got in trouble for setting up a dedicated and unauthorized 4G wireless access point at my office to work on OSCP. Completely forgot about that until you mentioned not having access to them at work.

I would just assume that'd be frowned upon. Given my organization, I'd probably be let go almost immediately.

MSP-IT

SCSI_BEAR wrote: »

Hi Folks,

I thought I would join this forum and see how everybody is getting on with the OSCP course. I have recently signed up for the course and an hoping to be able bounce a few ideas, suggestions about gaining access to some of the boxes, looking for some hints or tips basically but no walkthroughs.

Is that something that is possible in this forum ?

There are quite a few of us going through it currently (3-5?). I'm sure we could we could help each other's through process on the boxes. As for myself, I haven't started on the lab machines yet, but I hope to take a deep dive in the next few weeks.

si20

I think it'd be a fantastic idea for us all to help each other. I'm not saying give each other the answers - of course not, but I am saying let's learn together. Why isn't something working? Did you try X, Y, Z? Why not? etc. I've recently found out i'm moving onto shift work which is a game changer when it comes to the OSCP. I'm going to have to work hard on my days off and on my work days I wont be able to do any.

wes allen

If you are not on the IRC channel for offsec, then you should join - lots of great info, along with plenty of Try Harder.

MrAgent

I'm idling in the chat now. I start my class Saturday. I am pretty excited to start!

JoJoCal19

NovaHax wrote: »

Lol...I actually got in trouble for setting up a dedicated and unauthorized 4G wireless access point at my office to work on OSCP. Completely forgot about that until you mentioned not having access to them at work.

Why not just use your cellphone as a personal hotspot?

SCSI_BEAR

Progress
PDF Guide: 85% Complete
Videos: 80% Complete
Lab Exercises: 80% Complete
Lab Machine Penetration: 10/50 Attempted
Lab Machine Penetration: 9/50 PWNED

I thought I would include my status so far, good idea that MSP-IT. I find it difficult to gauge the course, I love the course and I love the challenge it presents but it would be nice to have some helpful info besides TRY HARDER. Not sure what the rules are on the forum regarding publishing what boxes you have compromised and how that was done, but I a more than happy to share my experience on what I have been able to accomplish so far and also help where possible.

Also I am based in Scotland, so any replies to posts might be that quick due to time difference (and the fact i have to tear myself away from the labs, they can be addictive)

Preflux

SCSI_BEAR wrote: »

Progress
PDF Guide: 85% Complete
Videos: 80% Complete
Lab Exercises: 80% Complete
Lab Machine Penetration: 10/50 Attempted
Lab Machine Penetration: 9/50 PWNED

I thought I would include my status so far, good idea that MSP-IT. I find it difficult to gauge the course, I love the course and I love the challenge it presents but it would be nice to have some helpful info besides TRY HARDER. Not sure what the rules are on the forum regarding publishing what boxes you have compromised and how that was done, but I a more than happy to share my experience on what I have been able to accomplish so far and also help where possible.

Also I am based in Scotland, so any replies to posts might be that quick due to time difference (and the fact i have to tear myself away from the labs, they can be addictive)

I'm unable to PM you due to 'SCSI_BEAR has chosen not to receive private messages or may not be allowed to receive private messages. Therefore you may not send your message to him/her.', is there another method of contact for yourself?

MSP-IT

I'd like to start a group as well.

MrAgent

Maybe we could create an irc channel? I have a private irc server if anyone is interested PM me.

qasimchadhar

I'm starting OSCP on 20th. Would love to join in

si20

MrAgent wrote: »

Maybe we could create an irc channel? I have a private irc server if anyone is interested PM me.

I'm interested. If we could all get on your IRC channel that would be great. I'd likely be on alot at weekends and some weekdays past 7pm (GMT).

MSP-IT

MrAgent wrote: »

Maybe we could create an irc channel? I have a private irc server if anyone is interested PM me.

Would you mind posting the information here? It seems as though there are enough of us for it to be useful.

MrAgent

The IRC server is irc.osswg.com #oscp
Its up and running now.

MSP-IT

MrAgent wrote: »

The IRC server is irc.osswg.com #oscp
Its up and running now.

Joined. Let the games begin.

Progress
PDF Guide: 100% Complete
Videos: 50% Complete
Lab Exercises: 40% Complete
Lab Machine Penetration: 0/50 Attempted

SCSI_BEAR

Should be ok for PM now Preflux

qasimchadhar

Started OSCP today and it seems quite awesome so far. Material seems to be of skimming nature but that's where TRY HARDER comes into play. Still, this is my initial view and as I follow along your reviews and my experience with material, it might get better

MSP-IT

PDF Guide: 100% Complete
Videos: 100% Complete
Lab Exercises: 50% Complete
Lab Machine Penetration: 0/50 Attempted

At this point in time, I'm spending a lot more time getting to know the lab environment. I really want to get a feel for each one of the machines (fingerprinting) before I start to hack my way into them. I really want to feel decently prepared before I start chopping my tree.

Give me six hours to chop down a tree and I will spend the first four sharpening the axe.
- Abraham Lincoln

Master Of Puppets

Hey, guys, is the use of nmap limited in the course and on the exam? Metasploit obviously is but I was wondering whether you have to write your own scanners or it is cool to use nmap.

Hope you are all going strong.

MrAgent

nmap is pretty essential. I don't see why they would limit it. I used it heavily to get information.