OSCP Review
Techand$$
Member Posts: 18 ■■□□□□□□□□
Hello everyone,
I just passed my OSCP exam and I'm currently on cloud nine:)! Since I got a lot of information from this forum I would like to give some feedback regarding my journey towards the OSCP exam. My background: Network security and auditing with almost nonexistent knowledge in: scripting/programming, SQL, Buffer Overflow and Linux.
So the first stage of my preparation started off with Georgia Weidman's book. I would highly recommend (for anyone like me starting off in pen-testing) to read this book from end to end and complete all the tasks as you go along. This book will help you decide whether you would like to continue your journey towards OSCP or pen-testing in general.
Next up, HacktheBox. This website will give you an almost similar feel to the OSCP lab environment. In my opinion, this website by itself wouldn't have added much value to my learning experience if it wasn't for the well articulated easy to understand IppSec's write-up video's on youtube. At the end of it, I had rooted around 40 machines, also I tried to avoid newly released hard boxes and mostly targeted easy to medium boxes and all the retired boxes.
Next I downloaded and solved all the VM's suggested by Abatchy's blog which had around 15 VM's listed. Also note that till now I had never managed to compromise a box single-handedly, I always had to rely on hints or write-ups.
After being convinced I had all the basics in place I went on to sign up for the 90 days OSCP lab, within 40 days I had solved around 45 machines which included all the hard boxes, again I must have solved maybe 2-3 machines all by myself, for the rest I had to rely on hints from the OSCP forums.
I had booked the exam for June end, but the excitement about giving the exam (or sizing it up
) forced me to jump the gun and book it this month. The exam was a different experience altogether, so without saying much and repeating what is already mentioned, in short: exploiting around 100 machines gave me a 75% chance of clearing the exam. I was borderline close,also I'm sure it was the reporting that helped push me towards the 70 point mark, but in the end I was really glad that the effort paid off.
Overall I'm sure given time and practice anyone can pass the OSCP exam (or any exam, or anything
). So for those attempting to get this certification I wish you guys best of luck! Cheers
I just passed my OSCP exam and I'm currently on cloud nine:)! Since I got a lot of information from this forum I would like to give some feedback regarding my journey towards the OSCP exam. My background: Network security and auditing with almost nonexistent knowledge in: scripting/programming, SQL, Buffer Overflow and Linux.
So the first stage of my preparation started off with Georgia Weidman's book. I would highly recommend (for anyone like me starting off in pen-testing) to read this book from end to end and complete all the tasks as you go along. This book will help you decide whether you would like to continue your journey towards OSCP or pen-testing in general.
Next up, HacktheBox. This website will give you an almost similar feel to the OSCP lab environment. In my opinion, this website by itself wouldn't have added much value to my learning experience if it wasn't for the well articulated easy to understand IppSec's write-up video's on youtube. At the end of it, I had rooted around 40 machines, also I tried to avoid newly released hard boxes and mostly targeted easy to medium boxes and all the retired boxes.
Next I downloaded and solved all the VM's suggested by Abatchy's blog which had around 15 VM's listed. Also note that till now I had never managed to compromise a box single-handedly, I always had to rely on hints or write-ups.
After being convinced I had all the basics in place I went on to sign up for the 90 days OSCP lab, within 40 days I had solved around 45 machines which included all the hard boxes, again I must have solved maybe 2-3 machines all by myself, for the rest I had to rely on hints from the OSCP forums.
I had booked the exam for June end, but the excitement about giving the exam (or sizing it up
) forced me to jump the gun and book it this month. The exam was a different experience altogether, so without saying much and repeating what is already mentioned, in short: exploiting around 100 machines gave me a 75% chance of clearing the exam. I was borderline close,also I'm sure it was the reporting that helped push me towards the 70 point mark, but in the end I was really glad that the effort paid off.Overall I'm sure given time and practice anyone can pass the OSCP exam (or any exam, or anything
). So for those attempting to get this certification I wish you guys best of luck! Cheers OSCP | CISSP | CREST CRT | CCNP | ITIL
Goal: CREST CCT | PMP
Comments
OSCP | CISSP | CREST CRT | CCNP | ITIL
Goal: CREST CCT | PMP
what Ippsec writeups?
Look for IPpsec channel on YouTube
@KAmes4545: Appretiate the feedback. Given unlimited amount of time, no one would need a hint to find a vulnerability and exploit it, but since I had a deadline to meet I used all the information I could get my hands on to exploit a box.
OSCP | CISSP | CREST CRT | CCNP | ITIL
Goal: CREST CCT | PMP