OSCP 2020: Bitting the Bullet (My OSCP Journey Log with PWK 2.0 Study Materials)
roninkai
Member Posts: 307 ■■■■□□□□□□
After much deliberation on which way I want to take my cyber career, I've finally decided to bit the bullet, clear my plate of all other certification study efforts, and restart my work on OSCP.
In mid-2018, I was fortunate enough to have my employer fund the course, lab time, etc. However, I enrolled at a time when I thought my after-work hours would be relatively available for study. Boy was I wrong.
The role I stepped into and the amount of overtime and stress entailed, was enough to make anyone come home, plop on the couch, and instantly pass out. This roll continued at that pace for almost 2 years, but alas that rigorous schedule is finally over. I'm back to a more balanced schedule, less stress, and actually have a pretty good workout routine going on, seeing some nice results...
Which leads me to back to OSCP. I have the study materials and the technical experience to attack this head on. What I don't have however is lab access. I'm not planning to
purchase any lab time until I've been through the course materials again and ready to dedicate 2 - 3 hours per night in the labs. In the meantime, what are people using for lab work
other than the OSCP labs? Vulnhub? Hack the Box?
In the meantime however, I'm opening this thread to track my progress, share ideas/frustrations, and hopefully give something back to the community here. I know a lot of
us are working on this certification and some are intimidated by its reputation of rigor and challenge. However, I continue to hear stories of people with just a few years of practical infosec experience who
are able to pass the OSCP in a relative short period of time. I don't think there is anything to be intimidated by, as long as you are confident in your ability to learn, practice, and stick with it, no matter how long it takes.
I've been in this field since I was 16. I'm now 41, and man does the time fly. I can recall 'hacking' back in the day with cult of the dead cow tools, l0phtcrack, etc. Back then, there were certainly no certifications available, and if you were a 'hacker', you were probably viewed as a black-hat. The field hadn't matured to what it is today. I can recall wanting to learn so many years ago, but afraid I'd land myself in hot water just in my desire to learn, so I simply hung that hat a long time ago. Virtual machines weren't available to where you could practice in an isolated environment. The Internet had just become a "thing" and I can remember being one of the first in my neighborhood to have "the Internet", accessible by my first-edition Mac computer with a whopping 80 MB hard drive!
Anyway...I've eliminated all of the management type of certs I thought I wanted to work on this year. I'm not ready to leave the technical side of the field. I love it too much. Already in my current role, I delegated alot of the work, spent less and less time inside the labs, and frankly became a bit saddened by the fact that I was no longer doing the "fun stuff". I was the guy in 400 meetings per day. That's not why I got into this field.
Pentesting however I think provides a nice technical career trajectory, where no matter what your age or experience, you can continue to learn and improve, and become a master at the craft, while still staying highly-technical. That's what excites me. I was deterred initially thinking that that the salaries in pen-testing weren't near what I would make now, but I think that is all pretty much relative to the company, experience, and role.
That said, let's get OSCP underway.
In mid-2018, I was fortunate enough to have my employer fund the course, lab time, etc. However, I enrolled at a time when I thought my after-work hours would be relatively available for study. Boy was I wrong.
The role I stepped into and the amount of overtime and stress entailed, was enough to make anyone come home, plop on the couch, and instantly pass out. This roll continued at that pace for almost 2 years, but alas that rigorous schedule is finally over. I'm back to a more balanced schedule, less stress, and actually have a pretty good workout routine going on, seeing some nice results...
Which leads me to back to OSCP. I have the study materials and the technical experience to attack this head on. What I don't have however is lab access. I'm not planning to
purchase any lab time until I've been through the course materials again and ready to dedicate 2 - 3 hours per night in the labs. In the meantime, what are people using for lab work
other than the OSCP labs? Vulnhub? Hack the Box?
In the meantime however, I'm opening this thread to track my progress, share ideas/frustrations, and hopefully give something back to the community here. I know a lot of
us are working on this certification and some are intimidated by its reputation of rigor and challenge. However, I continue to hear stories of people with just a few years of practical infosec experience who
are able to pass the OSCP in a relative short period of time. I don't think there is anything to be intimidated by, as long as you are confident in your ability to learn, practice, and stick with it, no matter how long it takes.
I've been in this field since I was 16. I'm now 41, and man does the time fly. I can recall 'hacking' back in the day with cult of the dead cow tools, l0phtcrack, etc. Back then, there were certainly no certifications available, and if you were a 'hacker', you were probably viewed as a black-hat. The field hadn't matured to what it is today. I can recall wanting to learn so many years ago, but afraid I'd land myself in hot water just in my desire to learn, so I simply hung that hat a long time ago. Virtual machines weren't available to where you could practice in an isolated environment. The Internet had just become a "thing" and I can remember being one of the first in my neighborhood to have "the Internet", accessible by my first-edition Mac computer with a whopping 80 MB hard drive!
Anyway...I've eliminated all of the management type of certs I thought I wanted to work on this year. I'm not ready to leave the technical side of the field. I love it too much. Already in my current role, I delegated alot of the work, spent less and less time inside the labs, and frankly became a bit saddened by the fact that I was no longer doing the "fun stuff". I was the guy in 400 meetings per day. That's not why I got into this field.
Pentesting however I think provides a nice technical career trajectory, where no matter what your age or experience, you can continue to learn and improve, and become a master at the craft, while still staying highly-technical. That's what excites me. I was deterred initially thinking that that the salaries in pen-testing weren't near what I would make now, but I think that is all pretty much relative to the company, experience, and role.
That said, let's get OSCP underway.
浪人 MSISA:WGU
ICP-FDO ▪ CISSP ▪ ECES ▪ CHFI ▪ CNDA ▪ CEH ▪ MCSA/MCITP ▪ MCTS ▪ S+
2020 Level Up Goals: (1) DevSecOps Learning Path (2) OSCP
ICP-FDO ▪ CISSP ▪ ECES ▪ CHFI ▪ CNDA ▪ CEH ▪ MCSA/MCITP ▪ MCTS ▪ S+
2020 Level Up Goals: (1) DevSecOps Learning Path (2) OSCP
Comments
-
averageguy72 Member Posts: 323 ■■■■□□□□□□Certainly understand the "fun stuff" getting replaced with meetings. Good luck on your journey!CISSP / CCSP / CCSK / CRISC / CISM / CISA / CASP / Security+ / Network+ / A+ / CEH / eNDP / AWS Certified Advanced Networking - Specialty / AWS Certified Security - Specialty / AWS Certified DevOps Engineer - Professional / AWS Certified Solutions Architect - Professional / AWS Certified SysOps Administrator - Associate / AWS Certified Solutions Architect - Associate / AWS Certified Developer - Associate / AWS Cloud Practitioner
-
chrisone Member Posts: 2,278 ■■■■■■■■■□Currently using VHL 3 month pass for $250. Its an awesome deal and having done both course books, I like VHL's course book much more. The labs are similar, granted when I did PWK I only got through 25ish hosts, no wonder I have failed oscp so many times I lost count....
In any case, at the end of my VHL 3 months, I am going to buy a test renewal with 15 days of PWK lab time. Then give the OSCP exam another shot.
If you have the money I would pick VHL 3 month pass.Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX -
roninkai Member Posts: 307 ■■■■□□□□□□So after 5 days of anxiously waiting, the new PWK materials finally arrived today in my inbox. I've spent quite a bit of time organizing the content, ensuring I have solid backup archives in place, because after 72 hours the links will die and I'll have to repurchase the course.
I've got a pretty ambitious first read thru plan, and simply using this thread to share and for accountability. Since I'm in the process of moving, and have a million other things going on, I broke any day that had more than 50 pages into two days of reading. This keeps it more realistic and also allows for ample note taking time. This is a marathon, not a sprint, but even so, if I can stick to this schedule, I'll have the read thru completed by about 3/6. Once that's done, it will be off to all the video content to fill in any gaps. I was pleased to also find out today that the entire PWK videos have been redone. They sound much better and I think this will help stay engaged in the content.
Anyway, here's my read thru schedule of the 853 page PWK manual (avg ~43 pages/day):02/16 Done Read Chapters 1 / 2 17-48 (31) 02/17-02/18 Done Read Chapters 3/4 49-104 (55) 02/19-02/20 Done Read Chapters 5/6 105-170 (65) 02/21-02/22 Not Started Read Chapters 7/8 171-239 (68) 02/23 - 02/24 Not Started Read Chapters 9/10 240-344 (104) 02/25-02/26 Not Started Read Chapters 11/12 345-411 (66) 02/27 Not Started Read Chapters 13/14 412-454 (42) 02/28 Not Started Read Chapters 15/16 455-489 (34) 02/29-03/01 Not Started Read Chapters 17/18 490-570 (80) 03/02 Not Started Read Chapters 19/20 572-621 (49) 03/03-03/04 Not Started Read Chapters 21/22 622-723 (101) 03/05-03/06 Not Started Read Chapters 23/24 724-851 (127) 03/06 Not Started Read Chapter 25 (final) 852-853 (1)
浪人 MSISA:WGU
ICP-FDO ▪ CISSP ▪ ECES ▪ CHFI ▪ CNDA ▪ CEH ▪ MCSA/MCITP ▪ MCTS ▪ S+
2020 Level Up Goals: (1) DevSecOps Learning Path (2) OSCP -
wd40 Member Posts: 1,017 ■■■■□□□□□□Do you plan just to read the pdf, read and do the exercise or read, do the exercise and watch the videos?I am asking because I am on page 49 now, it took me 30 minutes to learn how to use the "find" command for one of the exercises.
-
roninkai Member Posts: 307 ■■■■□□□□□□I'm going to do a full read-thru once, then go back over each chapter to perform the lab exercises. Once that's done and I feel I've committed any new material to memory, then I'll start the video content. I have pretty solid Linux foundation, so most of the material so far is just review. I know it will get progressively harder though. But I like to read on my iPad in bed or on the couch. When I get to the lab work, I like to have my Confluence instance ready for note taking. I'll see how this approach works. Last time I attempted, I started with the videos and made it about 60% before I got pulled into work/overtime such that I had no mental capacity remaining for studying.浪人 MSISA:WGU
ICP-FDO ▪ CISSP ▪ ECES ▪ CHFI ▪ CNDA ▪ CEH ▪ MCSA/MCITP ▪ MCTS ▪ S+
2020 Level Up Goals: (1) DevSecOps Learning Path (2) OSCP -
yoba222 Member Posts: 1,237 ■■■■■■■■□□30/60/90 days?
I'll be joining you in 2 or 3 weeks. My approach will be a bit different, since I'll be constrained to 30 days of access (work paying for). Seems unrealistic to carve through 850+ pages, 17+ hours of video, and 70+ boxes in such a short amount of time, but it has lit a fire under me which wouldn't have been there otherwise.
I've spent probably 20 hours the last three days pouring over the syllabus, prioritizing and cherry picking what to study first from what I believe I don't know or hardly know. I also noticed that the PWK 2020 has section 1.2: Overall Strategies for approaching the course. I believe this is new (compared to the PWK 2014 ) ). I'm curious as to what approach Offensive Security recommends and if it's different now, considering how much more material there is.
A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP -
roninkai Member Posts: 307 ■■■■□□□□□□I'm giving myself the entire year to obtain the cert, just so I have the focus and time set aside for labs. But if I can get the manual/videos knocked out relatively soon, then I can spend the most of my time in the labs, where the real learning happens. I dont like having the lab clock ticking though, while I'm working through the materials. Id rather only start labs when I'm 100% ready and done with the content.浪人 MSISA:WGU
ICP-FDO ▪ CISSP ▪ ECES ▪ CHFI ▪ CNDA ▪ CEH ▪ MCSA/MCITP ▪ MCTS ▪ S+
2020 Level Up Goals: (1) DevSecOps Learning Path (2) OSCP -
roninkai Member Posts: 307 ■■■■□□□□□□Has anyone been through the Metasploit course also by OS and can comment? I was thinking to tackle this also within my studies just to get more familiar with the tool.浪人 MSISA:WGU
ICP-FDO ▪ CISSP ▪ ECES ▪ CHFI ▪ CNDA ▪ CEH ▪ MCSA/MCITP ▪ MCTS ▪ S+
2020 Level Up Goals: (1) DevSecOps Learning Path (2) OSCP -
FSF150 Member Posts: 119 ■■■□□□□□□□Great to see this, OP. I'm teetering on the edge of trying PWK/OSCP again after a fail last year. Unsure of the right approach, I'd really enjoy hearing how you think the PWK 2.0 material compares to PWK 1.0, both in "overall quality" and also in "man, this would have been really useful the first time around".
First we drink the coffee. Then we do the things. -
yoba222 Member Posts: 1,237 ■■■■■■■■□□Any journey updates?A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP -
chrisone Member Posts: 2,278 ■■■■■■■■■□Curious to find out any updates as well.
Also keep in mind this year was difficult for many families and individuals with deaths and possible loss of employment. Hoping non of the above happened to op.Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX