Hi All! I just wanted to share my experience on my journey throughout OSCP.
what is OSCP?
OSCP is Offensive Security Certified Expert certification provided by Offensive security team. This certification can be achieved by taking mandatory PWK course provided by offsec and passing 24 hour fully hands on practical exam.
Why are you doing it ?! when there are many reviews available already!??
I come from “different background” than most of the reviews i have seen. Just to add to long list of reviews available already 🙂
Lets get to the main part straight!
When Did you start and your previous job experience?
I Started my OSCP journey , in the month of june . I signed up for 60 days of lab time. I had nearly 1.5 years of previous experience working on application automation and DevOps projects. I was always interested in the penetration testing field and voluntarily took up security testing of the projects i was working on along with my day to day job. I moved to new team as full time web application pentester exactly when my course started .
How did you do in your course and labs?
Coming to the course materials, we will get a pdf material and videos which helps us to gain different set of skills and techniques, which can then be used on labs to pawn different machines which are separated by segments of four departments. we must pawn machines to get access to different networks and finally compromise all the machines in all four network.
My suggestion is to start working on lab in parallel with course pdf and videos. And make the most out of your lab.
there are extra points(5) given for documentation of exercises and lab machines, i never bothered to do it . but its really good thing to document as it helps us in our final reporting.
I was able to pawn around 35+ machines in my first month ,including all big four ( Pain, Sufference , Humble and Ghost) and get access to additional two networks…
When my lab time ended , i relied on solving machines on hackthebox particularly windows ones ( as it was my weakest point!) .
how did you do in your exam?
we need at least 70 out of 100 points to pass the exam. you will be given 24 hrs of time to crack the machines in the exam network. And additional 24 hrs to report your findings .
I gained the required points within first 12 hrs of my exam. Key thing is to enumerate the system properly without jumping directly after partial enumeration. Post exam, i used Official template given by offsec for my reporting.
I received the mail after a day , that i passed.
Some important supplements to the course materials?
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
http://www.fuzzysecurity.com/tutorials/16.html
https://toshellandback.com/20ehPrivJob.exe15/11/24/ms-priv-esc/
https://www.sploitspren.com/2018-01-26-Windows-Privilege-Escalation-Guide/
https://scriptdotsh.com/index.php/2018/04/17/31-days-of-oscp-experience
https://blog.ropnop.com/using-credentials-to-own-windows-boxes/
Is Programming essential?
No . but basic knowledge on any scripting language such as bash and python will surely help.
if you are just planning to take one, do not wait! just enroll! its a wonderful experience altogether . Just make sure to do lot of self research on the topics when you are stuck in the labs.
Your final thoughts?
This is one of the best learning curve i ever had until now! because , this course forced me to learn many concepts otherwise i wouldnt touch or read. I was always a linux guy, it force me to learn windows environment and thanks to offsec, its really good to step out of our comfortzone! I thank offensive security team for providing such awesome experience .