Options

OSCP -- What A Ride!

BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
Hello all!

I'm back from the dead.

As some of you remember, I started my OSCP journey about 3 months ago (OCT). I am incredibly happy to report that I passed last week.

It was an awesome journey, and I learned so much. I also met some really awesome people along the way. I truly think that's one of the biggest wins for this course. You will almost certainly have to look for help. Maybe its a blog, or IRC, or reading threads, or emailing someone you met. You will meet people and learn so much from them.

There are so many write ups and reviews that I wont dive into that too much.

BUT, I wanted to address something that I think is very important.

I have several friends that have expressed great interest in OSCP. I've also gotten twitter comments, I've read threads on here, and even gotten emails from others...

It seems like many many people are flat out intimated by the OSCP.

I'm here to say, don't be scared! Don't be intimated! This is an experience best lived through when you just jump right in! -- Yes, its very true that you need to have a level of technical understanding as you start the course. But, never forget that the whole point of the PWK course and Lab is to teach you and prepare you to actually pass the OSCP! -- yes, its also true that's its hard. At times it felt impossible -- but it makes victory all that much sweeter.

Also, something very important to keep in mind: FAILURE IS AN OPTION! - In fact, failure is the driving force for success in this course. You try something, fail, adjust, try again, fail, adjust, then eventually you win. Then you win again. Then you win again, and all of a sudden, one night you're in the lab and you have the thought: "Wow, I actually sort of know what I'm doing right now ..."

As to the exam: I did not pass my first time. I came so close, but not close enough. Trust me when I say, MANY MANY MANY people take OSCP more than once. IF you end up being one of those people, DONT. EVEN. SWEAT. IT! Failure is an option here. All it proves is that this exam is hard, which is something you already knew. I talked with a few people that got pretty down on themselves for not passing the first, or second, or even third time. -- It's a journey!!

In closing, I will say this: The more I learned during this process, the less I realized I actually knew. This is just the beginning for me!

icon_cheers.gif

Comments

  • Options
    averageguy72averageguy72 Member Posts: 323 ■■■■□□□□□□
    Congrats!
    CISSP / CCSP / CCSK / CRISC / CISM / CISA / CASP / Security+ / Network+ / A+ / CEH / eNDP / AWS Certified Advanced Networking - Specialty / AWS Certified Security - Specialty / AWS Certified DevOps Engineer - Professional / AWS Certified Solutions Architect - Professional / AWS Certified SysOps Administrator - Associate / AWS Certified Solutions Architect - Associate / AWS Certified Developer - Associate / AWS Cloud Practitioner
  • Options
    CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    Congratulations!

    Good post too and I agree. I have said a few times to people to stop worrying and just go with the flow. People can and do pass the OSCP every week, it is more than achievable. Just need to read a bit, watch some videos and experiment.

    Things come together. I'd also say to people not to worry about time too much and sign up for as long as you can afford to, and be prepared and willing to extend to learn a bit more and develop your skills.

    Well done again, and good luck for the next challenge.
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • Options
    gespensterngespenstern Member Posts: 1,243 ■■■■■■■■□□
    Congratz!

    Hope to join the club as well when time permits!
  • Options
    JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Congrats on the pass!!
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • Options
    IaHawkIaHawk Member Posts: 188 ■■■□□□□□□□
    Congrats! Thanks for the write up. I hope to tackle this in 2018!
  • Options
    technogoattechnogoat Member Posts: 73 ■■□□□□□□□□
    What certs do you recommend for a newbie before OSCP?

    I'm currently studying for Cisco Cyberops
  • Options
    airzeroairzero Member Posts: 126
    @tchnogoat, here are a few good resources to prepare.

    Hackthebox - great online lab with vulnerable machines, similiar to PWK labs except the machines aren't inter-connected like the PWK network. You'll have to do some research to get pass the entry challenge though.

    https://www.hackthebox.eu/

    Vulnhub - has tons of great vulnerable VMs to practice on. Highly suggest getting some of these and looking up walkthroughs to see how other people got into them.

    https://www.vulnhub.com/

    Metasploit unleashed - Good intro to metasploit from offensive security themselves.

    https://www.offensive-security.com/metasploit-unleashed/

    pentesterlabs - Good resource for learning web apps penetration testing. Not as prevalent for OSCP but still very useful and great resource.

    https://pentesterlab.com/

    If you would like an good and fun exam and structured course I would highly suggest eLearnSecurity's PTS course and eJPT certification if you don't mind spending $300. It's rather basic but gives a great over intro to penetration testing for beginers.

    That should be something to get you started. Let me know if you need any other resources.
  • Options
    joshuamurphy75joshuamurphy75 Member Posts: 162 ■■■□□□□□□□
    Congrats. This sounds like one of those certs that are really worth getting.
  • Options
    LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    Congrats and good job!

    And good post! I agree, people need to just jump in. Yes, there is a baseline of technical skills in Windows, Linux, Kali, networking, and coding that students should meet, but the course is meant to guide someone from that baseline into getting their very first ever root shell on up to being equipped to pwn the whole lab and exam. It's a course, not just the exam. :)

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • Options
    ddnixddnix Registered Users Posts: 3 ■□□□□□□□□□
    Congratulations on the pass
    i'm in the process of doing the labs right now...i'm finding it difficult, which makes me worried about the exam
  • Options
    louiedgr8louiedgr8 Registered Users Posts: 2 ■□□□□□□□□□
    This is a great reference! Thank you!

    I am completely new to Cyber Security and a little loss on what to go after. I am planning to have Penetration Certificate as working in a SOC might become boring. OSCP and CISSP are my goals but I think it is far too advance after my CCNA Cyber OPs so I might take a detour to ECPPT first.

    Thanks again! I just hope I can read more advises from you.
  • Options
    louiedgr8louiedgr8 Registered Users Posts: 2 ■□□□□□□□□□
    louiedgr8 wrote: »
    This is a great reference! Thank you!

    I am completely new to Cyber Security and a little loss on what to go after. I am planning to have Penetration Certificate as working in a SOC might become boring. OSCP and CISSP are my goals but I think it is far too advance after my CCNA Cyber OPs so I might take a detour to ECPPT first.

    Thanks again! I just hope I can read more advises from you.

    This is in response to Airzero. Sorry forgot to do the qoute
  • Options
    jjones2016jjones2016 Member Posts: 33 ■■■□□□□□□□
    Congrats again Buzzsaw!
  • Options
    jjones2016jjones2016 Member Posts: 33 ■■■□□□□□□□
    What are people using as a quick "megaprimer" for the "C language" in order to modify exploit code? Hope this makes sense to people who have taken the course. Thanks!
  • Options
    zlykotzlykot Member Posts: 32 ■■□□□□□□□□
    I doubt you really need any programming, as long as you can follow a simple example you're fine. I would do python more then C. It's my understanding that you need to do very basic things, string operations, loops.

    Good C book: https://www.amazon.com/Programming-Language-2nd-Brian-Kernighan/dp/0131103628/ref=sr_1_1?ie=UTF8&qid=1521778677&sr=8-1
  • Options
    datakandatakan Member Posts: 17 ■■□□□□□□□□
    zlykot wrote: »
    I doubt you really need any programming, as long as you can follow a simple example you're fine. I would do python more then C. It's my understanding that you need to do very basic things, string operations, loops.

    Good C book: https://www.amazon.com/Programming-Language-2nd-Brian-Kernighan/dp/0131103628/ref=sr_1_1?ie=UTF8&qid=1521778677&sr=8-1

    Not even string operations or loops. You'll just add an occasional header or add a variable. Its very very basic coding that anyone can do. Don't blow too much time on this. Python is more widely used.
  • Options
    jjones2016jjones2016 Member Posts: 33 ■■■□□□□□□□
    I agree with you guys, thank you very much!
Sign In or Register to comment.