OSCP - Getting Started

Hi All,

I was hoping some advice for starting the OSCP journey. My background is mainly technical working in network security, security analyst, incident handler, security manager and information security officer roles. I recently passed the GCIH and this was my first introduction into some of the offensive techniques, so first time using Kali, metasploit and Linux.

I think it may be worth honing my skills before attempting the course and have the pressure of the deadline for the exam. Can anyone recommend training resources that would complement the OSCP course and ensure I'm ready to take on the course?

Or would anyone say that the GCIH is a good starting point and to just go for the course?

Any advice is much appreciated

Find more posts tagged with

Comments

BuzzSaw

It's hard for me to understand what your experience level is. So you've been in security roles?

If you are starting from scatch, I would recommend starting with something like Georgia's Pen Testing course on Cybrary, along with reading her book. I would also pick up something like the The Hacker Playbook - Read through those then try your hand at some of the VM's on Vulnhub

Or ...

If you have time and some money, I would recommend maybe going through something like eJPT

Or ...

you could just dive right now. If you have the money to buy 90 days worth of lab time its a good starting point. The course itself will not teach you everything you need to know. It will give you a loose outline, and your goal is to self-learn as much as possible. I read on here a lot about people spending months and month in preparing the take the course that is supposed to prepare you for the exam.

As for the exam deadline, it's pretty loose. You have 90 days to take it AFTER your lab time expires. So, if you start with say, 60 days, and buy another 60 days, you would have a total of 210 days to take the exam I believe.

If you were my little brother, I'd tell you to prep on some of the basics so you wont feel as lost when you start the course. I'd say you would want to be pretty comfortable with the following:
- Networking (subnetting, ports, protocols, etc)
- How operating systems work (Windows vs Linux especially)
- A general understanding of how much exploits work (Buffer overflow vs smashing vs injection, etc )
- A good method of researching things ... trust me, you will be researching things on your own ... A LOT
- Finally, you will want to be able to read code and scripting languages. DON'T LET THIS SCARE YOU - You don't have to be a master. You just need to be able to look at code and understand generally, what it's trying to do, what language it's written in, etc

cjthedj45

BuzzSaw wrote: »

It's hard for me to understand what your experience level is. So you've been in security roles?

If you are starting from scatch, I would recommend starting with something like Georgia's Pen Testing course on Cybrary, along with reading her book. I would also pick up something like the The Hacker Playbook - Read through those then try your hand at some of the VM's on Vulnhub

Or ...

If you have time and some money, I would recommend maybe going through something like eJPT

Or ...

you could just dive right now. If you have the money to buy 90 days worth of lab time its a good starting point. The course itself will not teach you everything you need to know. It will give you a loose outline, and your goal is to self-learn as much as possible. I read on here a lot about people spending months and month in preparing the take the course that is supposed to prepare you for the exam.

As for the exam deadline, it's pretty loose. You have 90 days to take it AFTER your lab time expires. So, if you start with say, 60 days, and buy another 60 days, you would have a total of 210 days to take the exam I believe.

If you were my little brother, I'd tell you to prep on some of the basics so you wont feel as lost when you start the course. I'd say you would want to be pretty comfortable with the following:
- Networking (subnetting, ports, protocols, etc)
- How operating systems work (Windows vs Linux especially)
- A general understanding of how much exploits work (Buffer overflow vs smashing vs injection, etc )
- A good method of researching things ... trust me, you will be researching things on your own ... A LOT
- Finally, you will want to be able to read code and scripting languages. DON'T LET THIS SCARE YOU - You don't have to be a master. You just need to be able to look at code and understand generally, what it's trying to do, what language it's written in, etc

Buzzsaw this is excellent advice. My experience with offensive work really resides with the GCIH exam I have just taken and past. Previous to that my roles have been defensive incident handler roles which are probably most closely related to offensive type work. My background in sys admin and network admin which will serve me well. I'm continuously learning though and have good understanding of attack methods. However I have not actively been attacking systems. The coding side of it does scare me slightly as I have no experience. I have been considering learning Go or Python, but not sure how deep I need to go with this. I will look into your suggestions as these sound like a good starting point.

cjthedj45

BuzzSaw wrote: »

It's hard for me to understand what your experience level is. So you've been in security roles?

If you are starting from scatch, I would recommend starting with something like Georgia's Pen Testing course on Cybrary, along with reading her book. I would also pick up something like the The Hacker Playbook - Read through those then try your hand at some of the VM's on Vulnhub

Hi Buzzsaw thanks for the recommendation for the Georgia course. I have just started this and definitely feels like a good starting place.

BuzzSaw

Yeah it really is a good course, especially for free.

Her book is well worth the money too.