OSCP Passed

I finally got through the OSCP exam and received my email last night that I passed. It was truly a good test of perseverance for me as I started the course with no penetration testing experience. I failed the exam twice, both times narrowly missing the mark. There are plenty of reviews on this forum of the exam, coursework and material, so I figured maybe I would just answer some questions that I had before I took the course to maybe give some others guidance.
Question 1: Do you need to have penetration testing experience to take this course?
Answer: No, but it would have certainly helped. The coursework does NOT go deep enough to teach you everything you need to know to pass the exam. You must be able to research topics and understand them. You must not overlook any of the topics in the coursework that Offsec provides as the labs do cover just about everything in there.
Question 2: Do you need to be a Python programmer to take this course?
Answer: Not at all. However, if you have not taken any sort of programming course for school or learned anything in your spare time it may seem challenging. You do need to be able to read through exploit code and replace certain elements of them. Again, the coursework gives you a good primer on this, but by no means should it be the only thing you review.
Question 3: How many lab machines do you need to take down before you know you’re ready to take the exam?
Answer: It depends … I was able to compromise all of the public machines (including Pain, Sufferance, and Humble) and many in the IT and Dev networks. I was not able to get into the Admin network, but have no doubt I would have if I had more lab time. In my opinion the exam machines are pretty difficult and if you do not have a good understanding of what the course material talks about you will fail. That 24 hours goes by pretty quick!
Question 4: How much time should I expect to study?
Answer: Again, it depends on you. I purchased the 90-day labs; went through the course material for the first 30-days and then used the remaining 60-days in the actual labs. This was a mistake! I should have reviewed the material and got in the labs sooner so that I would have known what I was up against and then research topics. After 90-days, I took and failed the exam. I then purchased another 30-days of lab access and failed the exam again. I then purchased another 30-days of lab access, spent another 60-days after it expired to practice with boot-2-roots on Vulnhub and then finally passed the exam on the third attempt. So almost 9 months I spent on the course … albeit, I do have a demanding job and I put in about 3 hours a night studying for pretty much that whole 9 months.
I really enjoyed the course. I learned more than I thought I would have and it was easily the most difficult certification track I have ever taken. For me, there are really no comparisons in difficulty with the other exams I’ve taken (and it’s quite a bit). If I had anything to gripe about regarding the course it would be that I think the coursework could be a little more thorough. However, the Offsec motto is to ‘try harder’ so I believe a lot of that is done to make someone have to work hard. If you’re engaged in a real pen test you will have to no doubt research and find things on your own.
I do plan on attempting the OSCE track (what am I thinking?), but now that I know how the Offsec courses are and what is expected from their students I will do a lot of preparation outside before even attempting the CTP challenge. My role is in information security management, but this kind of security has always interested me and I like learning things outside my comfort zone. Again, it was a great experience. I would recommend the course to anyone interested in penetration testing … just be prepared to work hard!
Question 1: Do you need to have penetration testing experience to take this course?
Answer: No, but it would have certainly helped. The coursework does NOT go deep enough to teach you everything you need to know to pass the exam. You must be able to research topics and understand them. You must not overlook any of the topics in the coursework that Offsec provides as the labs do cover just about everything in there.
Question 2: Do you need to be a Python programmer to take this course?
Answer: Not at all. However, if you have not taken any sort of programming course for school or learned anything in your spare time it may seem challenging. You do need to be able to read through exploit code and replace certain elements of them. Again, the coursework gives you a good primer on this, but by no means should it be the only thing you review.
Question 3: How many lab machines do you need to take down before you know you’re ready to take the exam?
Answer: It depends … I was able to compromise all of the public machines (including Pain, Sufferance, and Humble) and many in the IT and Dev networks. I was not able to get into the Admin network, but have no doubt I would have if I had more lab time. In my opinion the exam machines are pretty difficult and if you do not have a good understanding of what the course material talks about you will fail. That 24 hours goes by pretty quick!
Question 4: How much time should I expect to study?
Answer: Again, it depends on you. I purchased the 90-day labs; went through the course material for the first 30-days and then used the remaining 60-days in the actual labs. This was a mistake! I should have reviewed the material and got in the labs sooner so that I would have known what I was up against and then research topics. After 90-days, I took and failed the exam. I then purchased another 30-days of lab access and failed the exam again. I then purchased another 30-days of lab access, spent another 60-days after it expired to practice with boot-2-roots on Vulnhub and then finally passed the exam on the third attempt. So almost 9 months I spent on the course … albeit, I do have a demanding job and I put in about 3 hours a night studying for pretty much that whole 9 months.
I really enjoyed the course. I learned more than I thought I would have and it was easily the most difficult certification track I have ever taken. For me, there are really no comparisons in difficulty with the other exams I’ve taken (and it’s quite a bit). If I had anything to gripe about regarding the course it would be that I think the coursework could be a little more thorough. However, the Offsec motto is to ‘try harder’ so I believe a lot of that is done to make someone have to work hard. If you’re engaged in a real pen test you will have to no doubt research and find things on your own.
I do plan on attempting the OSCE track (what am I thinking?), but now that I know how the Offsec courses are and what is expected from their students I will do a lot of preparation outside before even attempting the CTP challenge. My role is in information security management, but this kind of security has always interested me and I like learning things outside my comfort zone. Again, it was a great experience. I would recommend the course to anyone interested in penetration testing … just be prepared to work hard!
Comments
Here's the real answer to question 1:
You do not need pentesting experience but you do need to be cynical. This is likely the only time Id condone negativity to be effective, but one thing the oscp doesn't teach you is that tools dont always work.
You MUST have a basic, I can Google and exercise this skillset, understanding of everything. Tcp/ip; how linux interprets command syntax (: >, &>1, ;, etc...), scripting (you have got to be able to automate the redundant stuff you find yourself doing).
If you have a solid grasp on windows/nix environments and are not a gun carrying ex military grunt, im sure youll do fine though. I truly believe id have my oscp if I actually had paid attention to my sys admin classes, too (granted I went ITT and their not even a school now) - Not as far as deployment goes but those fun little lines of *conf files you alter before hoping you can ssh to another device at your office.
1) How much experience / what roles did you have before you went for this exam?
2) How many machines did you take down in your first 90 day period?
< Purely curious.
3) Did you have/use any other programming languages (Bash, C, Powershell, etc.) in your labs or exam?
In Progress: Linux+/LPIC-1, Python, Bash
Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE
I like the try harder motto, but its not the reality. There are going to be those students, who take it, thinking that trying harder might work but then you go for it and trying harder requires an additional class, book, night reading RFCs. You want kudos for passing? Be honest with those who follow behind you.
In Progress: Linux+/LPIC-1, Python, Bash
Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE
Sure no problem - answers below:
1) I have 13 years of IT experience. My roles in order through that have been: Help Desk, Web Programmer, Network Admin, IT Manager, IT Auditor, Security Engineer, and Information Security Manager (current role).
2) 27 - Out of the identified toughest 3 machines (Pain, Sufferance, and Humble) I had Pain done.
3) I made a few Python scripts to help with some automated enumeration stuff. I also wrote a couple BASH scripts.
I do not need any kudos for passing. That wasn't my point of posting lol. I understand where you're coming from and there's a lot of truth to what you're saying. The course is not for everyone for sure.
Im considering doing the CISSP after the OSCP....what are your thoughts. Brutal Honesty please!
My point is that, if you are not an IT guy. If you have no experience with databases, webservers, scripting, etc... you will (regardless of how many rfc's, books, tutorials you read) not understand the why of things. There is a lot of material in the OSCP that is google-able but even if you know how something works you might not understand WHY they are even checking that. Without the why's, alot of the stuff in the OSCP will allude you. That's how it worked for me. In fact, I have hacked all 44 systems in the public subnet of the PWK lab; I also hacked the entire Admin, Dev and IT systems for the additional 12 systems (this took me over 1 year of lab access). Have I passed the OSCP exam? no.
Why? Because there is not enough in the PWK course to allow you to teach yourself everything you need to know to be a successful pentester. Just because you know how to load up a wordlist into a tool or navigate to a specific directory, doesn't mean you'll know why you need to do these things.
For some, and those that I'm trying to warn, it's not enough. I did not say "OSCP needs to be a one-stop shop; no additional resources necessary". To further make my point, look at teKniques work experience and certifications. He's been apart of this community since 2004. He didn't even pass it the first go-round. There are people with OSCP reviews who have 20+ years experience and fail it a couple times. I know speakers at conferences (defcon, etc) who took 3 attempts to pass it.
You are right, having HackingDojo Yodan belt on your resume won't get you a job. What will, is knowing what cross site scripting is and how to create payloads off the top of your head. Which, is what HackingDojo will help you to learn. The OSCP is more advanced than a lot of people think it is. There are things you see in the PWK lab & exam that you simply won't see in the real world (I make a living as a pentester - but I only have 3 years of experience in the field; so I'm very much a newbie).
People come to this forum to look for advice, I am just trying to keep it real. If you go into the OSCP lab, you will be on your own - and get very little guidance/assistance from the student admins. If you'd rather go into the PWK/OSCP course and pass on your first go, it's important to go through the right steps. Not do it thinking you'll pass it just like it's another exam (much like I did).
My honest answer is that the two exams are apples to oranges. Imo, the CISSP is nowhere near as challenging as the OSCP but it's all relative. You should ask yourself a couple questions. How much experience do you have in the CISSP domains? Similarly, reading the OSCP syllabus, how much experience do you have in those areas?
@Ohmjones
Taking the OSCP with zero IT experience/knowledge isn't recommended, in fact it's foolhardy. Note in my original post, imo you do not need any pentesting experience to take the course; this doesn't mean no IT experience. That being said you should have a solid understanding of Windows and *nix systems and how the file systems work. You also need imo a good foundation of network knowledge (i.e. how protocols work and what common services use common ports).
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
I appreciate your point in the top of this quote box. It seems like those skills are harder to learn and apply, like many pentester skills from what I've learned about, which may be why so many good pentesters were previous admins with the working knowledge of the "Why" as you coherantly pointed out.
I think this post proved to me you were trying to keep it real and shows a bit of humility on your part as well. Thanks for that.
In Progress: Linux+/LPIC-1, Python, Bash
Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE
2023 Cert Goals: SC-100, eCPTX
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework