OSCP Review
Techand$$
Member Posts: 18 ■■□□□□□□□□
Hello everyone,
I just passed my OSCP exam and I'm currently on cloud nine:)! Since I got a lot of information from this forum I would like to give some feedback regarding my journey towards the OSCP exam. My background: Network security and auditing with almost nonexistent knowledge in: scripting/programming, SQL, Buffer Overflow and Linux.
So the first stage of my preparation started off with Georgia Weidman's book. I would highly recommend (for anyone like me starting off in pen-testing) to read this book from end to end and complete all the tasks as you go along. This book will help you decide whether you would like to continue your journey towards OSCP or pen-testing in general.
Next up, HacktheBox. This website will give you an almost similar feel to the OSCP lab environment. In my opinion, this website by itself wouldn't have added much value to my learning experience if it wasn't for the well articulated easy to understand IppSec's write-up video's on youtube. At the end of it, I had rooted around 40 machines, also I tried to avoid newly released hard boxes and mostly targeted easy to medium boxes and all the retired boxes.
Next I downloaded and solved all the VM's suggested by Abatchy's blog which had around 15 VM's listed. Also note that till now I had never managed to compromise a box single-handedly, I always had to rely on hints or write-ups.
After being convinced I had all the basics in place I went on to sign up for the 90 days OSCP lab, within 40 days I had solved around 45 machines which included all the hard boxes, again I must have solved maybe 2-3 machines all by myself, for the rest I had to rely on hints from the OSCP forums.
I had booked the exam for June end, but the excitement about giving the exam (or sizing it up
) forced me to jump the gun and book it this month. The exam was a different experience altogether, so without saying much and repeating what is already mentioned, in short: exploiting around 100 machines gave me a 75% chance of clearing the exam. I was borderline close,also I'm sure it was the reporting that helped push me towards the 70 point mark, but in the end I was really glad that the effort paid off.
Overall I'm sure given time and practice anyone can pass the OSCP exam (or any exam, or anything
). So for those attempting to get this certification I wish you guys best of luck! Cheers
I just passed my OSCP exam and I'm currently on cloud nine:)! Since I got a lot of information from this forum I would like to give some feedback regarding my journey towards the OSCP exam. My background: Network security and auditing with almost nonexistent knowledge in: scripting/programming, SQL, Buffer Overflow and Linux.
So the first stage of my preparation started off with Georgia Weidman's book. I would highly recommend (for anyone like me starting off in pen-testing) to read this book from end to end and complete all the tasks as you go along. This book will help you decide whether you would like to continue your journey towards OSCP or pen-testing in general.
Next up, HacktheBox. This website will give you an almost similar feel to the OSCP lab environment. In my opinion, this website by itself wouldn't have added much value to my learning experience if it wasn't for the well articulated easy to understand IppSec's write-up video's on youtube. At the end of it, I had rooted around 40 machines, also I tried to avoid newly released hard boxes and mostly targeted easy to medium boxes and all the retired boxes.
Next I downloaded and solved all the VM's suggested by Abatchy's blog which had around 15 VM's listed. Also note that till now I had never managed to compromise a box single-handedly, I always had to rely on hints or write-ups.
After being convinced I had all the basics in place I went on to sign up for the 90 days OSCP lab, within 40 days I had solved around 45 machines which included all the hard boxes, again I must have solved maybe 2-3 machines all by myself, for the rest I had to rely on hints from the OSCP forums.
I had booked the exam for June end, but the excitement about giving the exam (or sizing it up
) forced me to jump the gun and book it this month. The exam was a different experience altogether, so without saying much and repeating what is already mentioned, in short: exploiting around 100 machines gave me a 75% chance of clearing the exam. I was borderline close,also I'm sure it was the reporting that helped push me towards the 70 point mark, but in the end I was really glad that the effort paid off.Overall I'm sure given time and practice anyone can pass the OSCP exam (or any exam, or anything
). So for those attempting to get this certification I wish you guys best of luck! Cheers OSCP | CISSP | CREST CRT | CCNP | ITIL
Goal: CREST CCT | PMP
Comments
-
Naruto985
Member Posts: 67 ■■□□□□□□□□
Congrats Techand$$ on cometing OSCP exam. Thanks for the tips. Will include the above tips. My plan is to become OSCP certified. -
Techand$$
Member Posts: 18 ■■□□□□□□□□
All the best Naruto985
OSCP | CISSP | CREST CRT | CCNP | ITIL
Goal: CREST CCT | PMP
-
talboris
Registered Users Posts: 1 ■□□□□□□□□□
Hello everyone,
This website will give you an almost similar feel to the OSCP lab environment. In my opinion, this website by itself wouldn't have added much value to my learning experience if it wasn't for the well articulated easy to understand IppSec's write-up video's on youtube. At the end of it, I had rooted around 40 machines, also I tried to avoid newly released hard boxes and mostly targeted easy to medium boxes and all the retired boxes.
what Ippsec writeups? -
KAmes4545
Member Posts: 13 ■■■□□□□□□□
I want to say I really appreciate this review a lot. There's tons of them out there, but for me you were very candor and somewhat vulnerable when you said things like "I always had to rely on hints or write-ups" and "I must have solved maybe 2-3 machines all by myself, for the rest I had to rely on hints from the OSCP forums". Exploiting 100 machines even if you got hints is tremendous. I don't know, you see "Try harder" everywhere, but this is the first review where somebody had mentioned that they used a lot of hints to get through the material. I appreciate this review cause I have the mind set of work on a box for a hour or two and if I don't get it, get a hint so I continue to progress. I don't have the time to bang my head against a wall for weeks and only in the end learn a very small aspect of one box. There's too much to learn I feel. Congrats! and thank you for your candor journey through this exam.
-
Techand$$
Member Posts: 18 ■■□□□□□□□□
what Ippsec writeups?
Look for IPpsec channel on YouTube
@KAmes4545: Appretiate the feedback. Given unlimited amount of time, no one would need a hint to find a vulnerability and exploit it, but since I had a deadline to meet I used all the information I could get my hands on to exploit a box.OSCP | CISSP | CREST CRT | CCNP | ITIL
Goal: CREST CCT | PMP