OSCP journey

I decided to finally go after the famous OSCP certification. Start day is December 12, and I figured that I owe you guys a narrative on how things are going, since I use this forum extensively for my CISSP cert. (and I must say it helped a lot).

A little bit about myself: I've been in IT for about 5 years now, doing mostly helpdesk and network 'engineering', but I took a definite turn towards security, and from what I can figure from talking to various security folks and from reading all kinds of forums, OSCP is the real deal, and a good way to understand security. I am CISSP certified, so I think I have a pretty good general idea about security, but I really want to get my hands dirty and learn the hard way.

I am excited and a little nervous since I really have no idea of what am I getting myself into, but I figured that 90 days will be enough to at least get a grasp on this thing.

Like I said, I'll keep you guys posted on how things are going. Cheers!

Find more posts tagged with

Comments

JasminLandry

Good luck! I'll be following your journey for sure, like most of these OSCP journey threads. I've been reading a lot of these in the past couple of weeks as I would like to do this one in the next year as well. Hoping to learn a thing or two reading you

Blade3D

I've been on and off since July, I've lost most of my motivation, though I do find it interesting. Good luck, I try to be in the IRC channel when I'm working on it.

adrenaline19

I'm starting Jan. 8th.

We can drop machines together!

vladone9

So a little update: I am about half way thru the videos and the book, and so far I figured I make a summary of the course with all the relevant commands from both sources and save it to KeepNote. It's all starting to make sense, but I am just getting to the juicy stuff.

Sheiko37

I started just over a week ago and after getting to the exercises at chapter 9 I actually feel like I was ripped off. There is a very large amount of prerequisite knowledge required and the book and videos are not very educational at all. I don't even know where to begin with these exercises, the book may as well be written in French, I guess I could just "try harder" and learn to speak another language, easy.

lmoworld

You got to work for it. I'm about to endure the challenge too (2 Jan), but I know it's possible. Good Luck.

Mitechniq

Straight from their website:

requires students to have certain knowledge prior to attending the online training class. A solid understanding of TCP/IP, networking, and reasonable Linux skills are required. Familiarity with Bash scripting along with basic Perl or Python is considered a plus.

Sheiko37

Exactly, after getting to these particular exercises I went back to the site to re-read exactly what you've quoted. I thought maybe I initially overlooked it, but no, there it is, "reasonable Linux skills" and listing scripting as only "a plus" is a gigantic understatement.

MrAgent

My scripting skills are not very strong, but I was able to get the course and exam. I was never intimidated by any of the exercises that had you scripting. You can get through it. Try harder.

ilikeshells

Sheiko37 wrote: »

I started just over a week ago and after getting to the exercises at chapter 9 I actually feel like I was ripped off. There is a very large amount of prerequisite knowledge required and the book and videos are not very educational at all. I don't even know where to begin with these exercises, the book may as well be written in French, I guess I could just "try harder" and learn to speak another language, easy.

You would be ripped off if you only got the PDF of basics. However, it's in the labs where you hone your skills. If you are feeling overwhelmed, just move slowly and research what you don't know. This may take a lot of time and can be frustrating at points. However, in the end, it will make you a better security professional and that's the ultimate goal right?

Sheiko37

I ended up finishing the exercise but only because I went to a friend who's an experienced pen tester and passed the OSCP many years ago. Now that I know the solution I can say with certainty that there would be almost no chance of me figuring that out on my own, having a level of C language knowledge is not "a plus" for that exercise, it's absolutely mandatory. I won't take up any more of your thread vladone9.

vladone9

ilikeshells wrote: »

You would be ripped off if you only got the PDF of basics. However, it's in the labs where you hone your skills. If you are feeling overwhelmed, just move slowly and research what you don't know. This may take a lot of time and can be frustrating at points. However, in the end, it will make you a better security professional and that's the ultimate goal right?

I was about to say that I am a little bit overwhelmed right now - to mirror what Sheiko37 was stating - so I appreciate any encouragements. I’m not done with the videos and the book yet, I am hoping to get thru it by Monday (really took my time with the material). I didn’t expect this to be easy, so as long as I know that others did it, I’m good. And yes, I wanted to do this so I can understand security better, although it seems that I chose the hard way.

vladone9

Sheiko37 wrote: »

I ended up finishing the exercise but only because I went to a friend who's an experienced pen tester and passed the OSCP many years ago. Now that I know the solution I can say with certainty that there would be almost no chance of me figuring that out on my own, having a level of C language knowledge is not "a plus" for that exercise, it's absolutely mandatory. I won't take up any more of your thread vladone9.

I have absolutely no experience with any scripting or programming language, and I am a little familiar with Linux, but I’ve never seen a bash script before. So it looks like we are in the same boat, and I am sharing your concerns, but I never thought this is going to be easy. I say that where there’s a will there’s way.

Jebjeb

Heres my 2 cents. Its more about your aptitude for problem solving, I'm not a C programmer, and I don't know any real Linux before now. I didn't finish the videos or the labs. But I'm making good progress thru the machines. Pick one and scan it. Figure out the OS and any exposed apps, then go search for the them and the word exploits. You'll be amazed at how it comes together, check the class material for the specific subjects your looking for when you narrow it down.

DONT GET OVERWHELMED. You'll be defeated before you start. C is not required nor is scripting. It helps don't get me wrong, but its mostly modifying existing scripts. Yes I had to go look up a new buffer overflow ret address twice I think? I have yet to write a single script from scratch except an asp one, that lasted until I found a better canned rev shell one. The only Mandatory skill, is the ability to Google and learn from what you find.

impelse

I got the same problem, not experience in scripting and C, network and Windows is easy for me, Linux was more difficult.

so I fought what ever I could trying to learn and then when the lab ended I extended, lab ended again, so I gave a break and begin to work in my really weak area like privilege escalation, more Linux knowledge, python and then I will take more for exploitation.

You will see at the end of the two or third month you already learned a lot and you will not regret it.

This cert is not easy.