I managed to pass the Offensive Security Certified Professional (OSCP) certification exam! Here is my experience and review on the Penetration Testing with Kali Linux (PWK) course.
Last couple of months; I have been super busy taking the Offensive Security’s Penetration Testing Training with Kali Linux course (I took the 2 months lab time access) in preparation for the Offensive Security Certified Professional (OSCP) certification.
Good news is that just last week, I have received an e-mail from Offensive Security that I have successfully completed the Penetration Testing with Kali Linux certification exam and obtained the Offensive Security Certified Professional (OSCP) certification. It feels good being able to pass the OSCP exam and managed to pass it in one take.
With this, I will be sharing my experience/s regarding the course, in doing the labs, preparing for the exam and maybe some tips and tricks on passing it.
Update: Last week, my mailed hard copy OSCP certificate and ID arrived.
Just arrived. Thank you @offsectraining team! I tried harder and now an #OSCP. It was a great experience! My review: https://t.co/YvlrlcXfJF pic.twitter.com/DER0bbNWsd
— Ameer (@ameerpornillos) October 21, 2016
What is my background?
Before discussing my experience regarding the course, I would like to give brief information about my I.T. background which may somehow help or encourage other people with the same background to try the course.
I have been doing freelance web developing and advertising during these past years, though before I used to work as a Technical Product Engineer for a software security company. Working on the software security company, I have developed several I.T. skills that are valuable up to now – this includes working with different operating systems, networking, scripting, programming and producing reports. During that time, I also did manage to get several I.T. certifications which includes Cisco Certified Network Associate (CCNA), CompTIA Network+, Microsoft Certified Technology Specialist (MCTS) (Small Business Server 2008) and Microsoft Certified Professional (MCP).
These skills made me comfortable working with Kali Linux (plus other operating systems) and working on command line.
Being a freelance web developer/advertiser made me knowledgeable working on different content management systems (CMS) and web programming languages like PHP, HTML, CSS and JavaScript which exposed me on different relational database management system (RDBMS) like MySQL and MSSQL. This also made me knowledgeable on different web application attacks such as SQL Injection (SQLi), Cross-site scripting (XSS) and Cross-Site Request Forgery (CSRF).
I came from a technical marketing background so I needed to learn more to cope up with my lack of knowledge in penetration testing. I have been studying and self training on penetration testing these past few months, now wanting to test my knowledge and skills I found the OSCP certification. Based from my conducted research OSCP is the “certification” on penetration testing. I have also read “horror” stories regarding the certification. With this I have decided to take the PWK course and prove my skills by earning the OSCP certification.
I signed up for the 60 days Lab access. I figured that the time frame is best for me – as it is not too long and not too short. The time frame gave me a sense of urgency which made me serious taking the course.
Skills Recommendations
Before starting the PWK course and getting the OSCP certification, I recommend having knowledge on working with Linux/command line, Bash scripting, a scripting language either Perl or Python, TCP/IP networking and Assembly language. I did not list any automatic exploitation tools or mass vulnerability scanners like Nessus, Acunetix, HP WebInspect, OpenVAS and many others since the certification exam restricts usage of these tools. You need to know how to conduct penetration testing manually and not just doing clicks to be able to pass the exam.
What the course is about?
Penetration Testing with Kali Linux (PWK) is a self-paced online penetration testing course where a student can conduct hands-on penetration tests/vulnerability assessments on a specially crafted Lab network which simulates a real corporate environment.
The course includes videos and document materials which introduces/teaches a student ethical hacking techniques and tools. These techniques and tools can be used and executed on the Lab network. Upon completing of the course materials, the student will have the basic skills to penetrate vulnerable systems in the Lab.
The objective is to hack and gain administrative/root access to the machines (access the trophy – proof.txt).
Offensive Security Certified Professional (OSCP) is the certification obtained upon passing the exam.
Accessing the Lab Network
The Lab network is where the action happens. The Lab environment is the place where a student can test and sharpen his/her penetration testing skills. It consists of diverse systems including Windows, Linux, Solaris, FreeBSD, etc. which makes it more challenging.
Below is the simplified diagram of the Lab network. Additional networks can be unlocked as the student progresses doing the course.
Tunneling and pivoting techniques must be used in order to access different networks.
My personal goal is to exploit the top-tier machines – Pain, Humble and Sufferance and unlock all networks (which I did). During the labs, I have managed to exploit over 24 machines including the hardest/toughest (top tier) machines namely Pain, Humble and Sufferance.
I also did manage to unlock and gain access to all the networks which includes the Development Network, I.T. Department and Administrative Department.
One strategy that I have implemented in doing the Labs is to get the low hanging fruit first then take on the top tier machines. Doing this method build up my knowledge on finding vulnerabilities and exploits plus knowing what penetration tools to use – these skills then progressively increased – which I have used to take down the top tier machines.
I also did learn how to develop my own set of scripts/tools that can assist me in finding vulnerabilities and exploits.
Overall the Lab did provide a great learning experience as I was able to learn and test different attack vectors.
Taking the Exam
I scheduled the exam just before my Lab time was about to end.
Take note that this exam is way different from other theory-based/memorize type of exam (where you can potentially just need to memorize answers from dumps). In this exam, you actually need to prove that you can actually conduct penetration tests plus have the skills to hack and exploit the exam machines.
During the exam, a student is given 24 hours to hack 5 machines. Each of the machines has its own number of points (depending on the specific set of objectives). Total exam score is 100 points and a minimum score of 70 points is needed to be able to pass the exam. Usage of automatic exploitation tools (SQLmap, SQLninja, etc.) and mass vulnerability scanners (Nessus, OpenVas, etc.) are restricted in the exam – and Metasploit is only allowed on only one target of choice. Another 24 hours (after exam period) is given to complete the penetration testing report on the exam machines.
Honestly, the exam was tough and intense. It made me push my way of thinking to the extreme.
I did manage to stick to my plan – to first gain root shell/administrative access on the machines that give the highest possible points. This means no quitting (keep on focusing/working) until the machine is completely successfully exploited. Using this strategy, I was able to acquire points needed to pass the exam.
Tips and Tricks
I want to list couple of things that helped me prepare on the Labs and eventually pass the exam.
- Practice, practice and practice. Keep practicing exploiting machines in the Lab. Practicing exploiting lab machines will increase your perception on finding vulnerabilities and exploits. Eventually you will get an “eye” which will help you know what specific exploit or vulnerability to use on a particular system.
- Enumerate, enumerate and enumerate. You need to know your target and find out as much as you can about it.
- Document, document and document. Keep good notes and try to document steps you have taken to exploit a machine.
- Take a good sleep before the exam. (Exam is 24 hours long – you won’t be getting much of it.)
- Have a back-up Internet connection ready when taking the exam. Internet connectivity is quite crucial during the exam and it is wise to be ready in cases where your primary Internet connection fails. For me I have my reserved Pocket WiFi ready, just in case that my Internet connection drops (I’m also ready even when there is power outage – if ever that happened during the exam, I can manage to continue working/answering for at least 3 to 5 hours using laptop/backup battery/Pocket WiFi/Power Bank). I live in the Philippines and there are cases when the Internet connection just fails (especially now it’s rainy season in here) (though I’m quite happy that my Internet connection didn’t failed on me during the exam). Losing Internet connection when taking the exam means losing time to answer the exam.
Conclusion
The OSCP exam and course is really amazing. It provides great value for money plus what you will learn is top-notch. The course was really tough and made me question my abilities. You will be trained to think for yourself (hence the Try Harder motto) and push your problem solving skills to a different level.
In this certification, you really need to work hard (really hard) and be dedicated in learning – which made me highly-respect people who obtained the cert (having a first-hand experience, I know how difficult it was).
I recommend this course for those who are interested in I.T. Security (especially penetration testers) and those who are currently looking for a more challenging I.T. Security certification to obtain.
Achieving Offensive Security Certified Professional (OSCP) certification has been a great learning and fulfilling experience.
I’m inspired with your success story its such an honorable career, may i know where you had your training? did you enroll in a training center , i am also aspiring in i.t security career. i am an i.t technician but i want to take my career to another level,
Before taking the course, I’ve only had training/self-study at home. Of course past experiences/knowledge really helped. I setup my own lab test network environment and from there study how exploits and vulnerabilities worked. For the PwK, you can directly register on Offensive Security and avail the online course. You can do it. 🙂
This is quite inspiring. I have CEH and I am working towards achieving OSCP. Thanks for sharing your experiences Ameer. This is quite helpful!!
Hey Men !, Congrat. very good experience and sharing.
I have strong networking knowledge and good at linux, windows, and common security concepts. I am meaning to take this course and exam. but a few questions before taking it,
-need for python , ruby, or other?
-need for assembly?
-need for web application pen test concepts?
-lab works are enough to prepare lab test?
thanks a bunch in advance
best
Hi, sorry for the super late reply as I haven’t touched my site these past few months. However, regarding your questions. I have answered it below:
-need for python , ruby, or other? => Yes. (Ruby is used for creating exploits for Metasploit. So it is also good if you can understand it.)
-need for assembly? => Yes.
-need for web application pen test concepts? => Yes.
-lab works are enough to prepare lab test? => Yes. (though depends on how you setup your own lab. I recommend trying or adding vulnhubs on your lab network.)
Regarding the level of knowledge on the programming areas, it could be really helpful if you are but you do not need to be an expert level in it. From my perspective, just understanding how code works and knowing how to modify or tweak it will suffice.
Hope this helps.
Hi Ameer
I am also of intention to enter the IT security field. I have a few year of being a “self taught” technician. Ive done some programming during my studies in the late 90’s and early 2000’s but haven’t done any programming for the past 12years.
I would appreciate if you could give me any advise as to where a good place to start to get into the IT Security will be.
Im living in South Africa.
Good place to start in getting into IT security is having knowledge on networks and operating systems. Basically, how they works and how can they be “broken”. Try using different operating systems (i.e. Windows desktops and servers, Linux, Unix) and be comfortable with it. After that, you can try learning more about other areas like web, software/binaries, mobile, IoT, etc. Good thing about IT security is that there is always more to learn.
Hello Ameer,
This was a very interesting post on your OSCP experience. I also only did self-study just like you. Inspired by this post, I’ve written my own OSCP review of the lab and exam. Hope it helps someone!
https://theslickgeek.com/oscp/
Nice man, congrats. I have a lot of respect on people with this cert, as I personally have first hand experience (hence this post) on how hard it is. 🙂
Hi Ammer.
I loved this review and Im currently training for OSCP but I have questions about the tools I can use, like is the a list somewhere I can rely on to know which ones are allowed or prohibited?
Thanks for all the informations you got here.
If I remember correctly info regarding the exam restrictions and guidelines will be sent to you. For the exam, I believe that usage of automatic exploitation tools (SQLmap, SQLninja, etc.) and mass vulnerability scanners (Nessus, OpenVas, etc.) are restricted. Good luck. 🙂
Hi Ameer,
very motivating experience.
I am working in the IT security field for 10+ years and having background of network and end point security . what are the areas i need to improve to move ahead on the OSCP .
Do you think preparing my own labs at home on laptop will suffix the LAB requirement.
Basically i am looking for guidelines where to start considering my network and end point security background.
What should be my starting point and how much time should i forecast to get at the peak.
Thanks ,
SachinS
Hi SachinS,
I do think preparing your own labs at home will suffice, but if you can get the labs in the OSCP then it would be better, as it was designed to be more like a corporate network. For guidelines on starting, it depends actually on your background, and since you’ve mentioned you have background on endpoint security – have you tried “breaking” or bypassing your endpoint security? Regarding how much time to get at the peak, I honestly do not know as security is always evolving and changing. As for me I always feel I’m a newbie as there is so much to learn. 🙂 Right now I’m into reverse engineering and exploitation or pwning of software/binaries, basically more on assembly language, currently learning developing own exploits. Hopefully one day get to report 0-day exploit findings. 🙂
Dear Mr. Pornillos,
Thanks for sharing you experience with the community.
I would like to ask you a little bit about your setup:
What was your technical setup for doing the exam?
Virtual machines, host machines etc…
many thanks,
Mob Barley
Hi Mob,
During the exam, I just used a laptop running Kali as a VM.
Hope that helps. 🙂
Hi Ameer,
First of, thank you for the post. Apart from python what languages we should learn to crack OSCP and to how much extent we should be familiar, can the level of expertise be compared to developer or working knowledge of code is enough?. And also what are the areas to look in to after OSCP?
Hi Snth32,
OSCP is more on TCP/IP networking and penetration testing using Kali Linux, as well as working with different operating systems (especially Linux). Though knowing how to develop own programs from scratch would be good, I believe working knowledge (as well as tweaking/modifying or being able to optimize it to run as you want it to run) of code is enough. Security is really a huge area, and OSCP just shows you know your way around penetration testing and you “tried harder”, so there is actually so many different areas to look in after it. You can try focusing on advanced web application exploits, bug bounty hunting, binary exploitation, wireless networking security, developing/researching 0-day exploits and more.
Hi Ameer
Thank you for sharing your achievement.
Mabuhay kabayan..
I’am Inspired on this Blog post I will try to achieve this as my on my entire life.
I’am a complete Beginner on IT Security..
may you please give some advice where to start.
I have may Intermediate Knowledge on
OSServer
Network
and Basic Python
Do I need to master all of this path for me to be able to be a pentester?
Or should I take lower Certifications first?
Kapatid really need you advice security is my passion and I want to build my stepping stone to pursue this career
Hi Micko, my advice is that you can try downloading vulnerable machines and try to “break” it. Mastering is a different thing as security has a very huge area, as well as pentesting. Newer exploits and vulnerabilities appear each day. For example, information on KRACK attack for WPA2 has just been made available recently. I myself consider myself only as a beginner/newbie/noob, especially every time trying to study or face with new exploit and vulnerability. 🙂
Ameer,
Really impressed by your blog and success. I am trying to get into pentesting also. I have over 8 years experience in security, but I still consider myself a noob. I am still learning, as you said there are new vulnerabilities each day. I am trying to start (well as long as I get rid of my manyana habit lol..) preparing myself in OSCP, not ready for the grueling challenge but I hope so in a few months. My feet are already wet, got a lab setup, retouching on my programming skills (like riding a bike diba, I hope anyways) but I still have a long journey to go. Kudos and nice prep guide..
Good luck on your journey. Sorry super late reply, been really busy. Hope you are doing well. 🙂
Muito obrigado por compartilhar as suas ablidades, vou fazer o mesmo que você fez mano estou muito grato por isso.
Obrigado pelos comentários agradáveis. Boa sorte.
Hi. Great post. I am doing a Cybersecurity degree. I don’t have any work experience in the IT field. am I eligible to take the exam?
Hi Mohan,
Yes. Anyone can take the exam. 🙂 But (as taken from Offensive Security FAQ) still requires students to have certain knowledge like understanding of TCP/IP, networking, and reasonable Linux skills are required. Familiarity with Bash scripting along with basic Perl or Python is considered a plus.