p@r0tuXus wrote: » Congratulations and thanks for taking the time to write this up. A few questions for you if you don't mind? 1) How much experience / what roles did you have before you went for this exam? 2) How many machines did you take down in your first 90 day period? < Purely curious. 3) Did you have/use any other programming languages (Bash, C, Powershell, etc.) in your labs or exam?
Ohmjones wrote: » Noone mentioned try harder in their response. I am just trying to help adequately give those who have not seen the course an opportunity to not waste money or time. I like the try harder motto, but its not the reality. There are going to be those students, who take it, thinking that trying harder might work but then you go for it and trying harder requires an additional class, book, night reading RFCs. You want kudos for passing? Be honest with those who follow behind you.
TeKniques wrote: » I finally got through the OSCP exam and received my email last night that I passed. It was truly a good test of perseverance for me as I started the course with no penetration testing experience. I failed the exam twice, both times narrowly missing the mark. There are plenty of reviews on this forum of the exam, coursework and material, so I figured maybe I would just answer some questions that I had before I took the course to maybe give some others guidance. Question 1: Do you need to have penetration testing experience to take this course? Answer: No, but it would have certainly helped. The coursework does NOT go deep enough to teach you everything you need to know to pass the exam. You must be able to research topics and understand them. You must not overlook any of the topics in the coursework that Offsec provides as the labs do cover just about everything in there. Question 2: Do you need to be a Python programmer to take this course? Answer: Not at all. However, if you have not taken any sort of programming course for school or learned anything in your spare time it may seem challenging. You do need to be able to read through exploit code and replace certain elements of them. Again, the coursework gives you a good primer on this, but by no means should it be the only thing you review. Question 3: How many lab machines do you need to take down before you know you’re ready to take the exam? Answer: It depends … I was able to compromise all of the public machines (including Pain, Sufferance, and Humble) and many in the IT and Dev networks. I was not able to get into the Admin network, but have no doubt I would have if I had more lab time. In my opinion the exam machines are pretty difficult and if you do not have a good understanding of what the course material talks about you will fail. That 24 hours goes by pretty quick! Question 4: How much time should I expect to study? Answer: Again, it depends on you. I purchased the 90-day labs; went through the course material for the first 30-days and then used the remaining 60-days in the actual labs. This was a mistake! I should have reviewed the material and got in the labs sooner so that I would have known what I was up against and then research topics. After 90-days, I took and failed the exam. I then purchased another 30-days of lab access and failed the exam again. I then purchased another 30-days of lab access, spent another 60-days after it expired to practice with boot-2-roots on Vulnhub and then finally passed the exam on the third attempt. So almost 9 months I spent on the course … albeit, I do have a demanding job and I put in about 3 hours a night studying for pretty much that whole 9 months. I really enjoyed the course. I learned more than I thought I would have and it was easily the most difficult certification track I have ever taken. For me, there are really no comparisons in difficulty with the other exams I’ve taken (and it’s quite a bit). If I had anything to gripe about regarding the course it would be that I think the coursework could be a little more thorough. However, the Offsec motto is to ‘try harder’ so I believe a lot of that is done to make someone have to work hard. If you’re engaged in a real pen test you will have to no doubt research and find things on your own. I do plan on attempting the OSCE track (what am I thinking?), but now that I know how the Offsec courses are and what is expected from their students I will do a lot of preparation outside before even attempting the CTP challenge. My role is in information security management, but this kind of security has always interested me and I like learning things outside my comfort zone. Again, it was a great experience. I would recommend the course to anyone interested in penetration testing … just be prepared to work hard!
NetworkNewb wrote: » So because the "try harder" motto might require someone to look in other resources its not the reality? Maybe I'm mis-understanding your post. But I thought it was common knowledge you would need to use other resources to complete this. To me that is exactly the reality of the motto. Grats on the pass TeKniques!
p@r0tuXus wrote: » Ohm, I want to thank you for your input. I'm looking at the HackingDojo as a possible (and affordable) supplement or precursor to the OSCP. In sad reality, the HackingDojo statuses are not recognized by many in job searches. The OSCP is. You may not like the way that organization handles testing, but I think it's important to remember a few things from my own perspective, so I'd like to share them. It's important to teach people how to think, not just what to think. This applies to technologies and methodologies also. Permit those people who are going to be saving our networks to develop creatively to help in securing them and reverse engineering threats in the wild. I would prefer to be tested in that manner. You'll know you have what it takes to find the answers, not just remembering them.
Dr. Fluxx wrote: » Im considering doing the CISSP after the OSCP....what are your thoughts. Brutal Honesty please!
Ohmjones wrote: » What will, is knowing what cross site scripting is and how to create payloads off the top of your head. Which, is what HackingDojo will help you to learn. The OSCP is more advanced than a lot of people think it is. There are things you see in the PWK lab & exam that you simply won't see in the real world (I make a living as a pentester - but I only have 3 years of experience in the field; so I'm very much a newbie). If you'd rather go into the PWK/OSCP course and pass on your first go, it's important to go through the right steps. Not do it thinking you'll pass it just like it's another exam (much like I did).