Passed the OSCP

I highly suggest this to everyone...

C|EH was a joke compared to this course.

It was also nice to take an exam based on actually being able to use knowledge rather then picking A, B, C, D.

If anyone has any specific questions post up.

Now I have to figure out what to get next.

Find more posts tagged with

Comments

NightShade03

How much linux knowledge did you have going into this exam? My concern about going after this exam is that I won't know enough on linux. I manage some linux servers but haven't programed on it or anything.

j_a_s_o_n

Congrats! What was the test like?

dynamik

Congrats!

I'm curious what your background is like and how much time it took you to actually complete the exam.

I only went with 30 days, but I've been swamped, so I think I'm going to have to get an additional 30. I'll see how far I get this weekend though. I've already gone through all the material; now I just have to go back and do the exercises.

NightShade03 wrote: »

How much linux knowledge did you have going into this exam? My concern about going after this exam is that I won't know enough on linux. I manage some linux servers but haven't programed on it or anything.

That's the easy part. Wait until you get into fuzzing, debugging, and exploit writing

JDMurray

I'm starting the OSCP course in December and will be working on it over the Winter holidays. I'm not sure how long after I will be ready to take the OSCP cert exam, but maybe March.

Did the course do a good job of preparing you for the exam, or did you need to do a lot of extra studying to pass?

dynamik

I obviously can't speak for him, but I haven't touched mine for about two weeks because I've been going through Python and assembly in order to better understand the exploit development. I went through most of the other stuff pretty fast, but I felt like I hit a brick wall when it moved on to the exploit work. It's certainly not just point-and-click with the Metasploit GUI/web interface

Honestly, the course probably gives you all you need to know as far as all that goes; I just wanted to go above-and-beyond for my own curiosity. You should have a good foundation with Linux too. I've certainly learned new stuff along the way, but it was all taken in stride. I'm going to take a stab at mine in early-mid December. I should be doing CEH and GPEN around the same time. It's all coming together...

mshadow

NightShade03 wrote: »

How much linux knowledge did you have going into this exam? My concern about going after this exam is that I won't know enough on linux. I manage some linux servers but haven't programed on it or anything.

I have been working with Linux for 5+ years in my career and since I was 12 so.....However I don't program I know some C/python/Ruby/perl but I wouldn't call my self a programmer by any stretch.

JDMurray wrote: »

I'm starting the OSCP course in December and will be working on it over the Winter holidays. I'm not sure how long after I will be ready to take the OSCP cert exam, but maybe March.

Did the course do a good job of preparing you for the exam, or did you need to do a lot of extra studying to pass?

I took the class/30 day lab signed up for the test 2 days after the lab ended.

Couple things the course offers you tasks to get bonus points on the exam make sure you grab all those I didn't bother doing all them since I burned through the course quickly and had other projects at work going on.

The course teaches you how to write stack overflows if you don't have some basic knowledge of memory layout and the basics of how to use a debugger(ollydebug) I would brush up on that and watch these videos.

Exploitation by Dino Dia Zovi

Dino Dai Zovi - Exploitation 101 (Part 1) on Vimeo
Dino Dai Zovi - Exploitation 101 (Part 2) on Vimeo

I spent about 13-14 hours straight on the exam I over thought a few of the machines that needed to hacked.

The course however needs to hit more on web attacks it doesn't go that in depth into them.

They also don't mention during the course you can't use Nessus/Nikto/or any other automated vulnerability scanner on the exam and you can only use metasploit against one of them machines on the final exam. You can do it easily with out scanners but people often miss simple/low hanging fruit that the scanners always pick up and you forget to manually check.

Before you take the exam I would really spend some time being able to locate vulnerable versions of web applications and various services using nmap/netcat and know how to get good results from google, OSVDB(OSVDB: The Open Source Vulnerability Database), and milw0rm, and various other places.

I would suggest taking this class after the CEH or if you have some kind of background in security.

I will probably go after the CISSP in about 6months...I have been meaning to finish off my CCNA and JNCIA....I keep putting both of these off because work put me through the CEH and OSCP.

Edit: If any of this didn't make sense I have drinking cough syrup all day...

JDMurray

Excellent review! Thanks! I am looking forward to the the class and the exam now more than ever.

Jstn

Nice work mshadow

al3ph.one

nice one, thx mshadow. I am actually putting some time to do homework before starting the course. I lack unix/linux OS and scripting skills and buffer overflow, rest all is done thing.

Thx