OSCP -- What A Ride!

BuzzSaw

Hello all!

I'm back from the dead.

As some of you remember, I started my OSCP journey about 3 months ago (OCT). I am incredibly happy to report that I passed last week.

It was an awesome journey, and I learned so much. I also met some really awesome people along the way. I truly think that's one of the biggest wins for this course. You will almost certainly have to look for help. Maybe its a blog, or IRC, or reading threads, or emailing someone you met. You will meet people and learn so much from them.

There are so many write ups and reviews that I wont dive into that too much.

BUT, I wanted to address something that I think is very important.

I have several friends that have expressed great interest in OSCP. I've also gotten twitter comments, I've read threads on here, and even gotten emails from others...

It seems like many many people are flat out intimated by the OSCP.

I'm here to say, don't be scared! Don't be intimated! This is an experience best lived through when you just jump right in! -- Yes, its very true that you need to have a level of technical understanding as you start the course. But, never forget that the whole point of the PWK course and Lab is to teach you and prepare you to actually pass the OSCP! -- yes, its also true that's its hard. At times it felt impossible -- but it makes victory all that much sweeter.

Also, something very important to keep in mind: FAILURE IS AN OPTION! - In fact, failure is the driving force for success in this course. You try something, fail, adjust, try again, fail, adjust, then eventually you win. Then you win again. Then you win again, and all of a sudden, one night you're in the lab and you have the thought: "Wow, I actually sort of know what I'm doing right now ..."

As to the exam: I did not pass my first time. I came so close, but not close enough. Trust me when I say, MANY MANY MANY people take OSCP more than once. IF you end up being one of those people, DONT. EVEN. SWEAT. IT! Failure is an option here. All it proves is that this exam is hard, which is something you already knew. I talked with a few people that got pretty down on themselves for not passing the first, or second, or even third time. -- It's a journey!!

In closing, I will say this: The more I learned during this process, the less I realized I actually knew. This is just the beginning for me!

averageguy72

Congrats!

CyberCop123

Congratulations!

Good post too and I agree. I have said a few times to people to stop worrying and just go with the flow. People can and do pass the OSCP every week, it is more than achievable. Just need to read a bit, watch some videos and experiment.

Things come together. I'd also say to people not to worry about time too much and sign up for as long as you can afford to, and be prepared and willing to extend to learn a bit more and develop your skills.

Well done again, and good luck for the next challenge.

gespenstern

Congratz!

Hope to join the club as well when time permits!

JoJoCal19

Congrats on the pass!!

IaHawk

Congrats! Thanks for the write up. I hope to tackle this in 2018!

technogoat

What certs do you recommend for a newbie before OSCP?

I'm currently studying for Cisco Cyberops

airzero

@tchnogoat, here are a few good resources to prepare.

Hackthebox - great online lab with vulnerable machines, similiar to PWK labs except the machines aren't inter-connected like the PWK network. You'll have to do some research to get pass the entry challenge though.

https://www.hackthebox.eu/

Vulnhub - has tons of great vulnerable VMs to practice on. Highly suggest getting some of these and looking up walkthroughs to see how other people got into them.

https://www.vulnhub.com/

Metasploit unleashed - Good intro to metasploit from offensive security themselves.

https://www.offensive-security.com/metasploit-unleashed/

pentesterlabs - Good resource for learning web apps penetration testing. Not as prevalent for OSCP but still very useful and great resource.

https://pentesterlab.com/

If you would like an good and fun exam and structured course I would highly suggest eLearnSecurity's PTS course and eJPT certification if you don't mind spending $300. It's rather basic but gives a great over intro to penetration testing for beginers.

That should be something to get you started. Let me know if you need any other resources.

joshuamurphy75

Congrats. This sounds like one of those certs that are really worth getting.

LonerVamp

Congrats and good job!

And good post! I agree, people need to just jump in. Yes, there is a baseline of technical skills in Windows, Linux, Kali, networking, and coding that students should meet, but the course is meant to guide someone from that baseline into getting their very first ever root shell on up to being equipped to pwn the whole lab and exam. It's a course, not just the exam.

ddnix

Congratulations on the pass
i'm in the process of doing the labs right now...i'm finding it difficult, which makes me worried about the exam

louiedgr8

This is a great reference! Thank you!

I am completely new to Cyber Security and a little loss on what to go after. I am planning to have Penetration Certificate as working in a SOC might become boring. OSCP and CISSP are my goals but I think it is far too advance after my CCNA Cyber OPs so I might take a detour to ECPPT first.

Thanks again! I just hope I can read more advises from you.

louiedgr8

louiedgr8 wrote: »

This is a great reference! Thank you!

I am completely new to Cyber Security and a little loss on what to go after. I am planning to have Penetration Certificate as working in a SOC might become boring. OSCP and CISSP are my goals but I think it is far too advance after my CCNA Cyber OPs so I might take a detour to ECPPT first.

Thanks again! I just hope I can read more advises from you.

This is in response to Airzero. Sorry forgot to do the qoute

jjones2016

Congrats again Buzzsaw!

jjones2016

What are people using as a quick "megaprimer" for the "C language" in order to modify exploit code? Hope this makes sense to people who have taken the course. Thanks!

zlykot

I doubt you really need any programming, as long as you can follow a simple example you're fine. I would do python more then C. It's my understanding that you need to do very basic things, string operations, loops.

Good C book: https://www.amazon.com/Programming-Language-2nd-Brian-Kernighan/dp/0131103628/ref=sr_1_1?ie=UTF8&qid=1521778677&sr=8-1

datakan

zlykot wrote: »

I doubt you really need any programming, as long as you can follow a simple example you're fine. I would do python more then C. It's my understanding that you need to do very basic things, string operations, loops.

Good C book: https://www.amazon.com/Programming-Language-2nd-Brian-Kernighan/dp/0131103628/ref=sr_1_1?ie=UTF8&qid=1521778677&sr=8-1

Not even string operations or loops. You'll just add an occasional header or add a variable. Its very very basic coding that anyone can do. Don't blow too much time on this. Python is more widely used.

jjones2016

I agree with you guys, thank you very much!