It's offical, I passed the OSCP exam!!

r0ckm4n

Well I finally did it! I passed my OSCP exam! I completed my exam and submitted my report yesterday and this afternoon I got the official email notifying me that I passed the exam. It took me 12 hours this time.

Thanks to everyone for your support and words of encouragement.

j.petrov

Congrats! I'd love to do this cert at some point down the road. It sounds like a lot of fun.

gbdavidx

what is your job role?

r0ckm4n

j.petrov wrote: »

Congrats! I'd love to do this cert at some point down the road. It sounds like a lot of fun.

Thanks! It's an awesome course. I learned more from the course and certification challenge than any course I have taken to date. I highly recommend this course. If you want to learn pentesting/ethical hacking, this is the course.

r0ckm4n

gbdavidx wrote: »

what is your job role?

I am a consultant/pentester. I started as a pentester March 2012. I had application and network vulnerability assessment experience, but was lacking the hacking skills for pentesting, so I signed up for the OSCP course.

jasong318

Congrats man!

ChooseLife

Congrats, awesome achievement!

cyberguypr

Congrats!

Master Of Puppets

That's awesome, congrats Now we are waiting for Justin's pass

r0ckm4n

Thanks everyone!

r0ckm4n

Master of Puppets, I think Justin will do well and I think he will pass it the first time.

dmoore44

r0ckm4n wrote: »

I am a consultant/pentester. I started as a pentester March 2012. I had application and network vulnerability assessment experience, but was lacking the hacking skills for pentesting, so I signed up for the OSCP course.

I'm on the vulnerability assessment/compliance and audit side of the house and would like to move over to the PenTesting side some day. I'm just biding my time, learning everything there is to learn before I attempt to make that transition.

the_Grinch

Congrats! I need to get back on the horse with my certs!

r0ckm4n

dmoore44 wrote: »

I'm on the vulnerability assessment/compliance and audit side of the house and would like to move over to the PenTesting side some day. I'm just biding my time, learning everything there is to learn before I attempt to make that transition.

With your experience, the OSCP course would be what you need to make the transition. I had network and web app vulnerability experience, but just didn't have the penetrating/hacking knowledge or skills.

r0ckm4n

the_Grinch wrote: »

Congrats! I need to get back on the horse with my certs!

Thanks, Grinch! I agree, you should get back at it.

Hypntick

Congrats on the pass! That's an amazing accomplishment, would love to see your review of things.

the_hutch

r0ckm4n wrote: »

Master of Puppets, I think Justin will do well and I think he will pass it the first time.

Thanks guys...hopefully I can live up to the high expectations. Guess we'll find out in 4 days :-/

r0ckm4n

r0ckm4n wrote: »

Thanks, Grinch! I agree, you should get back at it.

Thanks! I had someone else inquire about a write up. I will post it up when I complete the write up.

YuckTheFankees

Hey r0ckm4n,

Congrats! What resources did you use outside the course material for buffer overflows/ASM/editing exploits?

r0ckm4n

YuckTheFankees wrote: »

Hey r0ckm4n,

Congrats! What resources did you use outside the course material for buffer overflows/ASM/editing exploits?

Thanks, YuckTheFankees! I used the first 2 corelan tutorials, the grey corner tutorials and the SecurityTube buffer overflow and ASM primers. For me it helped to see this stuff several times, I also think it helps because people explain things differently and you may understand their style better or by that time you have been over it enough it finally clicks. One of the biggest thing that helped me was working in the lab.

The Grey Corner: Stack Based Windows Buffer Overflow Tutorial
https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/
http://www.securitytube.net/groups?operation=view&groupId=4
http://www.securitytube.net/groups?operation=view&groupId=5
http://www.securitytube.net/groups?operation=view&groupId=6

YuckTheFankees

Awesome! Thanks

r0ckm4n

YuckTheFankees wrote: »

Awesome! Thanks

You're welcome! There are more tutorials than that on corelan and grey corner, quite a lot actually. All of the SecurityTube megaprimers are good.

YuckTheFankees

Before you started the OSCP, were you a complete newb to buffer overflows? Cuz I am haha

r0ckm4n

YuckTheFankees wrote: »

Before you started the OSCP, were you a complete newb to buffer overflows? Cuz I am haha

I was a complete newb to buffer overflows and that was my first experience with them. I still need some work with buffer overflows. I want to take the OSCE in the next year or so.

da_vato

Congrats! I hope to accomplish this cert sometime in the next year myself. I have found the postings from you and the_hutch to very inspirational in regards to this cert. Both of you have obviously worked very hard.

spicy ahi

Congrats on the pass! I was supposed to sign up this month with the 90 day option but something came up and my OSCP funds disappeared. Gonna go the "cheaper" route and knock out CEH and hopefully when I'm done I'll have the money to go ahead with this. Any words of wisdom?

r0ckm4n

da_vato wrote: »

Congrats! I hope to accomplish this cert sometime in the next year myself. I have found the postings from you and the_hutch to very inspirational in regards to this cert. Both of you have obviously worked very hard.

Thanks, da_vato! It's a great course and you will learn a lot. You should take it.

r0ckm4n

spicy ahi wrote: »

Congrats on the pass! I was supposed to sign up this month with the 90 day option but something came up and my OSCP funds disappeared. Gonna go the "cheaper" route and knock out CEH and hopefully when I'm done I'll have the money to go ahead with this. Any words of wisdom?

Thanks, spicy ahi! Once you get the chance take it. The course is very reasonably priced and especially for what all you learn. If you do the CEH the right way and not just memorize test simulators, you can take that knowledge and use it on the OSCP course. I took a CEH course back in 2010, but I made the mistake of not taking the exam. I learned how to use a lot of the same tools during the CEH course and with the OSCP, you learn how to penetrate systems with the tools. Use your time wisely in the CEH and it should help you with the OSCP.

da_vato

r0ckm4n, in your opinion would programming knowledge help any in this course? My degree is in computer science so though i may not be the best programmer I understand coding quite well and can modify code no problem. Or is there any skill that you would recommend strengthening before attending?

r0ckm4n

da_vato wrote: »

r0ckm4n, in your opinion would programming knowledge help any in this course? My degree is in computer science so though i may not be the best programmer I understand coding quite well and can modify code no problem. Or is there any skill that you would recommend strengthening before attending?

You should be OK with buffer overflows and modifying exploit code. I have some links listed below for buffer overflow tutorials a couple of the SecurityTube tutorials are for assembly, which are helpful with buffer overflows. There are a lot of great tutorials on all three of those sites, but the links I listed should probably be enough for the course. It should take much for you to catch on to buffer overflows with your skillset and knowledge. Python is good to know, but you can get by with only knowing how to modify the code. That's one of the things on my to do list, is to learn Python. I am taking the SecurityTube Python Scripting Experts course and there is a free version on the SecurityTube website.


The Grey Corner: Stack Based Windows Buffer Overflow Tutorial
https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/
http://www.securitytube.net/groups?operation=view&groupId=4
http://www.securitytube.net/groups?operation=view&groupId=5
http://www.securitytube.net/groups?operation=view&groupId=6

horusthesun

Congrats. What did you use to study for the exam? what books?