OSCP Passed

TeKniques · February 2017

I finally got through the OSCP exam and received my email last night that I passed. It was truly a good test of perseverance for me as I started the course with no penetration testing experience. I failed the exam twice, both times narrowly missing the mark. There are plenty of reviews on this forum of the exam, coursework and material, so I figured maybe I would just answer some questions that I had before I took the course to maybe give some others guidance.

Question 1: Do you need to have penetration testing experience to take this course?
Answer: No, but it would have certainly helped. The coursework does NOT go deep enough to teach you everything you need to know to pass the exam. You must be able to research topics and understand them. You must not overlook any of the topics in the coursework that Offsec provides as the labs do cover just about everything in there.

Question 2: Do you need to be a Python programmer to take this course?
Answer: Not at all. However, if you have not taken any sort of programming course for school or learned anything in your spare time it may seem challenging. You do need to be able to read through exploit code and replace certain elements of them. Again, the coursework gives you a good primer on this, but by no means should it be the only thing you review.

Question 3: How many lab machines do you need to take down before you know you’re ready to take the exam?
Answer: It depends … I was able to compromise all of the public machines (including Pain, Sufferance, and Humble) and many in the IT and Dev networks. I was not able to get into the Admin network, but have no doubt I would have if I had more lab time. In my opinion the exam machines are pretty difficult and if you do not have a good understanding of what the course material talks about you will fail. That 24 hours goes by pretty quick!

Question 4: How much time should I expect to study?
Answer: Again, it depends on you. I purchased the 90-day labs; went through the course material for the first 30-days and then used the remaining 60-days in the actual labs. This was a mistake! I should have reviewed the material and got in the labs sooner so that I would have known what I was up against and then research topics. After 90-days, I took and failed the exam. I then purchased another 30-days of lab access and failed the exam again. I then purchased another 30-days of lab access, spent another 60-days after it expired to practice with boot-2-roots on Vulnhub and then finally passed the exam on the third attempt. So almost 9 months I spent on the course … albeit, I do have a demanding job and I put in about 3 hours a night studying for pretty much that whole 9 months.

I really enjoyed the course. I learned more than I thought I would have and it was easily the most difficult certification track I have ever taken. For me, there are really no comparisons in difficulty with the other exams I’ve taken (and it’s quite a bit). If I had anything to gripe about regarding the course it would be that I think the coursework could be a little more thorough. However, the Offsec motto is to ‘try harder’ so I believe a lot of that is done to make someone have to work hard. If you’re engaged in a real pen test you will have to no doubt research and find things on your own.

I do plan on attempting the OSCE track (what am I thinking?), but now that I know how the Offsec courses are and what is expected from their students I will do a lot of preparation outside before even attempting the CTP challenge. My role is in information security management, but this kind of security has always interested me and I like learning things outside my comfort zone. Again, it was a great experience. I would recommend the course to anyone interested in penetration testing … just be prepared to work hard!

Ohmjones · February 2017

I cant help but disagree with your answer to question 1. Why? Because when I started the pwk course I had zero experience in the IT field. Signed up in 2015 and its 2017 and I just failed it for the third time.

Here's the real answer to question 1:
You do not need pentesting experience but you do need to be cynical. This is likely the only time Id condone negativity to be effective, but one thing the oscp doesn't teach you is that tools dont always work.

You MUST have a basic, I can Google and exercise this skillset, understanding of everything. Tcp/ip; how linux interprets command syntax (: >, &>1, ;, etc...), scripting (you have got to be able to automate the redundant stuff you find yourself doing).

If you have a solid grasp on windows/nix environments and are not a gun carrying ex military grunt, im sure youll do fine though. I truly believe id have my oscp if I actually had paid attention to my sys admin classes, too (granted I went ITT and their not even a school now) - Not as far as deployment goes but those fun little lines of *conf files you alter before hoping you can ssh to another device at your office.

TeKniques · February 2017

That all may be true, but like I mentioned in my first post - Offsec's motto is the 'try harder' mentality. While that kind of sounds like a big middle finger when you're stuck it is expected of the student to do a lot of research. I'm not saying it's fair ... it's just the way it is. One thing I found myself lacking in after my 2nd failure was my ability to attack web applications. That's where I put in a lot of my efforts before my third attempt.

p@r0tuXus · February 2017

Congratulations and thanks for taking the time to write this up. A few questions for you if you don't mind?

1) How much experience / what roles did you have before you went for this exam?

2) How many machines did you take down in your first 90 day period?
< Purely curious.

3) Did you have/use any other programming languages (Bash, C, Powershell, etc.) in your labs or exam?

Ertaz · February 2017

Congrats man!

Ohmjones · February 2017

Noone mentioned try harder in their response. I am just trying to help adequately give those who have not seen the course an opportunity to not waste money or time.

I like the try harder motto, but its not the reality. There are going to be those students, who take it, thinking that trying harder might work but then you go for it and trying harder requires an additional class, book, night reading RFCs. You want kudos for passing? Be honest with those who follow behind you.

p@r0tuXus · February 2017

Ohm, I want to thank you for your input. I'm looking at the HackingDojo as a possible (and affordable) supplement or precursor to the OSCP. In sad reality, the HackingDojo statuses are not recognized by many in job searches. The OSCP is. You may not like the way that organization handles testing, but I think it's important to remember a few things from my own perspective, so I'd like to share them. It's important to teach people how to think, not just what to think. This applies to technologies and methodologies also. Permit those people who are going to be saving our networks to develop creatively to help in securing them and reverse engineering threats in the wild. I would prefer to be tested in that manner. You'll know you have what it takes to find the answers, not just remembering them.

TeKniques · February 2017

p@r0tuXus wrote: »

Congratulations and thanks for taking the time to write this up. A few questions for you if you don't mind?

1) How much experience / what roles did you have before you went for this exam?

2) How many machines did you take down in your first 90 day period?
< Purely curious.

3) Did you have/use any other programming languages (Bash, C, Powershell, etc.) in your labs or exam?

Sure no problem - answers below:

1) I have 13 years of IT experience. My roles in order through that have been: Help Desk, Web Programmer, Network Admin, IT Manager, IT Auditor, Security Engineer, and Information Security Manager (current role).

2) 27 - Out of the identified toughest 3 machines (Pain, Sufferance, and Humble) I had Pain done.

3) I made a few Python scripts to help with some automated enumeration stuff. I also wrote a couple BASH scripts.

Ohmjones wrote: »

Noone mentioned try harder in their response. I am just trying to help adequately give those who have not seen the course an opportunity to not waste money or time.

I like the try harder motto, but its not the reality. There are going to be those students, who take it, thinking that trying harder might work but then you go for it and trying harder requires an additional class, book, night reading RFCs. You want kudos for passing? Be honest with those who follow behind you.

I do not need any kudos for passing. That wasn't my point of posting lol. I understand where you're coming from and there's a lot of truth to what you're saying. The course is not for everyone for sure.

DAVIS NGUYEN · February 2017

Congrats!

Dr. Fluxx · February 2017

TeKniques wrote: »

I finally got through the OSCP exam and received my email last night that I passed. It was truly a good test of perseverance for me as I started the course with no penetration testing experience. I failed the exam twice, both times narrowly missing the mark. There are plenty of reviews on this forum of the exam, coursework and material, so I figured maybe I would just answer some questions that I had before I took the course to maybe give some others guidance.

Question 1: Do you need to have penetration testing experience to take this course?
Answer: No, but it would have certainly helped. The coursework does NOT go deep enough to teach you everything you need to know to pass the exam. You must be able to research topics and understand them. You must not overlook any of the topics in the coursework that Offsec provides as the labs do cover just about everything in there.

Question 2: Do you need to be a Python programmer to take this course?
Answer: Not at all. However, if you have not taken any sort of programming course for school or learned anything in your spare time it may seem challenging. You do need to be able to read through exploit code and replace certain elements of them. Again, the coursework gives you a good primer on this, but by no means should it be the only thing you review.

Question 3: How many lab machines do you need to take down before you know you’re ready to take the exam?
Answer: It depends … I was able to compromise all of the public machines (including Pain, Sufferance, and Humble) and many in the IT and Dev networks. I was not able to get into the Admin network, but have no doubt I would have if I had more lab time. In my opinion the exam machines are pretty difficult and if you do not have a good understanding of what the course material talks about you will fail. That 24 hours goes by pretty quick!

Question 4: How much time should I expect to study?
Answer: Again, it depends on you. I purchased the 90-day labs; went through the course material for the first 30-days and then used the remaining 60-days in the actual labs. This was a mistake! I should have reviewed the material and got in the labs sooner so that I would have known what I was up against and then research topics. After 90-days, I took and failed the exam. I then purchased another 30-days of lab access and failed the exam again. I then purchased another 30-days of lab access, spent another 60-days after it expired to practice with boot-2-roots on Vulnhub and then finally passed the exam on the third attempt. So almost 9 months I spent on the course … albeit, I do have a demanding job and I put in about 3 hours a night studying for pretty much that whole 9 months.

I really enjoyed the course. I learned more than I thought I would have and it was easily the most difficult certification track I have ever taken. For me, there are really no comparisons in difficulty with the other exams I’ve taken (and it’s quite a bit). If I had anything to gripe about regarding the course it would be that I think the coursework could be a little more thorough. However, the Offsec motto is to ‘try harder’ so I believe a lot of that is done to make someone have to work hard. If you’re engaged in a real pen test you will have to no doubt research and find things on your own.

I do plan on attempting the OSCE track (what am I thinking?), but now that I know how the Offsec courses are and what is expected from their students I will do a lot of preparation outside before even attempting the CTP challenge. My role is in information security management, but this kind of security has always interested me and I like learning things outside my comfort zone. Again, it was a great experience. I would recommend the course to anyone interested in penetration testing … just be prepared to work hard!

Im considering doing the CISSP after the OSCP....what are your thoughts. Brutal Honesty please!

Ohmjones · February 2017

NetworkNewb wrote: »

So because the "try harder" motto might require someone to look in other resources its not the reality? Maybe I'm mis-understanding your post. But I thought it was common knowledge you would need to use other resources to complete this. To me that is exactly the reality of the motto.

Grats on the pass TeKniques!

My point is that, if you are not an IT guy. If you have no experience with databases, webservers, scripting, etc... you will (regardless of how many rfc's, books, tutorials you read) not understand the why of things. There is a lot of material in the OSCP that is google-able but even if you know how something works you might not understand WHY they are even checking that. Without the why's, alot of the stuff in the OSCP will allude you. That's how it worked for me. In fact, I have hacked all 44 systems in the public subnet of the PWK lab; I also hacked the entire Admin, Dev and IT systems for the additional 12 systems (this took me over 1 year of lab access). Have I passed the OSCP exam? no.

Why? Because there is not enough in the PWK course to allow you to teach yourself everything you need to know to be a successful pentester. Just because you know how to load up a wordlist into a tool or navigate to a specific directory, doesn't mean you'll know why you need to do these things.

For some, and those that I'm trying to warn, it's not enough. I did not say "OSCP needs to be a one-stop shop; no additional resources necessary". To further make my point, look at teKniques work experience and certifications. He's been apart of this community since 2004. He didn't even pass it the first go-round. There are people with OSCP reviews who have 20+ years experience and fail it a couple times. I know speakers at conferences (defcon, etc) who took 3 attempts to pass it.

Ohmjones · February 2017

p@r0tuXus wrote: »

Ohm, I want to thank you for your input. I'm looking at the HackingDojo as a possible (and affordable) supplement or precursor to the OSCP. In sad reality, the HackingDojo statuses are not recognized by many in job searches. The OSCP is. You may not like the way that organization handles testing, but I think it's important to remember a few things from my own perspective, so I'd like to share them. It's important to teach people how to think, not just what to think. This applies to technologies and methodologies also. Permit those people who are going to be saving our networks to develop creatively to help in securing them and reverse engineering threats in the wild. I would prefer to be tested in that manner. You'll know you have what it takes to find the answers, not just remembering them.

You are right, having HackingDojo Yodan belt on your resume won't get you a job. What will, is knowing what cross site scripting is and how to create payloads off the top of your head. Which, is what HackingDojo will help you to learn. The OSCP is more advanced than a lot of people think it is. There are things you see in the PWK lab & exam that you simply won't see in the real world (I make a living as a pentester - but I only have 3 years of experience in the field; so I'm very much a newbie).

People come to this forum to look for advice, I am just trying to keep it real. If you go into the OSCP lab, you will be on your own - and get very little guidance/assistance from the student admins. If you'd rather go into the PWK/OSCP course and pass on your first go, it's important to go through the right steps. Not do it thinking you'll pass it just like it's another exam (much like I did).

TeKniques · February 2017

Dr. Fluxx wrote: »

Im considering doing the CISSP after the OSCP....what are your thoughts. Brutal Honesty please!

My honest answer is that the two exams are apples to oranges. Imo, the CISSP is nowhere near as challenging as the OSCP but it's all relative. You should ask yourself a couple questions. How much experience do you have in the CISSP domains? Similarly, reading the OSCP syllabus, how much experience do you have in those areas?

@Ohmjones
Taking the OSCP with zero IT experience/knowledge isn't recommended, in fact it's foolhardy. Note in my original post, imo you do not need any pentesting experience to take the course; this doesn't mean no IT experience. That being said you should have a solid understanding of Windows and *nix systems and how the file systems work. You also need imo a good foundation of network knowledge (i.e. how protocols work and what common services use common ports).

LonerVamp · February 2017

Ohmjones wrote: »

Noone mentioned try harder in their response. I am just trying to help adequately give those who have not seen the course an opportunity to not waste money or time. I like the try harder motto, but its not the reality. There are going to be those students, who take it, thinking that trying harder might work but then you go for it and trying harder requires an additional class, book, night reading RFCs. You want kudos for passing? Be honest with those who follow behind you.

The issue you might be missing here is the course and certificate prepare you for the real world of pen testing. For almost every single engagement and almost every single box you come across, you're going to have to use the same methodology you use in the PWK labs to enumerate and own boxes. The point of the course is to learn the methodology and get used to the learning and researching process when you're on your own. If you can't do that in the labs, at best you'll basically just end up a vulnerability scanner/analyst.

p@r0tuXus · February 2017

Ohmjones wrote: »

What will, is knowing what cross site scripting is and how to create payloads off the top of your head. Which, is what HackingDojo will help you to learn. The OSCP is more advanced than a lot of people think it is. There are things you see in the PWK lab & exam that you simply won't see in the real world (I make a living as a pentester - but I only have 3 years of experience in the field; so I'm very much a newbie).

If you'd rather go into the PWK/OSCP course and pass on your first go, it's important to go through the right steps. Not do it thinking you'll pass it just like it's another exam (much like I did).

I appreciate your point in the top of this quote box. It seems like those skills are harder to learn and apply, like many pentester skills from what I've learned about, which may be why so many good pentesters were previous admins with the working knowledge of the "Why" as you coherantly pointed out.

I think this post proved to me you were trying to keep it real and shows a bit of humility on your part as well. Thanks for that.

chrisone · February 2017

Great work and Congrats! 9 months seems like a lot of time. I know the test is hard, but maybe those with pentesting experience can finish in 4-6 months. I took elearnsecurity PTPv2 back in 2013, and I am currently doing PTPv4 and shooting for the eCPPT cert. Immediately after I am done with eCCPT (hoping mid-late march) I plan on jumping on OSCP. Hopefully I can get it done within 5-6 months. You give me inspiration! Amzing dedication and work once again!

JoJoCal19 · February 2017

Congrats on the pass!!! Definitely a great achievement!

McxRisley · March 2017

Congrats on the pass man!! I would like to give my 2 cents on the matter Ohm is speaking about. As I noted in my review of the course, it is not for everybody. This certification is basically like the NAVY SEALS of Infosec certifications, everybody wants to be one but most simply dont have what it takes. If this offends you than I'm sorry but it is the truth. OHM is not the only one who has been on this course for a long time, this course has a very low pass rate due to its difficulty. Now i'm not saying that the course is impossible but it is hard as hell. I spent over 40 hours a week while working full-time and having a newborn baby. I consider myself lucky to have passed on my first attempt(I came very close to failing simply becausae I almost ran out of time).

LaSeeno · March 2017

Congrats man! I got work to pay for this. As soon as I sit for CISA in May I'm jumping in!

OSCP Passed

Comments