I’ve had the OSCP now since September of 2015 and I’ve had a lot of time to think about how I got there, what I did wrong when working with the lab and how I should of gotten this certification years ago. My original review is here http://disillusion.us/?p=439 and it’s an incoherent mess I wrote immediately after attempting the exam. This post covers the PWK course portion of the OSCP, the next will cover the exam.
PW* has been around for a really, really long time. I tried to look for some sort of authoritative history of the course and the exam, but I couldn’t find one. I started looking into it back in 2008ish and I’ve wanted to take this course and get the certification for just as long. Hell, I even delayed getting more ink done on my tattoo until I got this cert. After almost 8 years I finally took the course and passed the exam. The upcoming 30th anniversary of my birth is what finally pushed me to get it done.
The course itself is really, really in depth. That being said, I’ve had a lot of time to think about the course portion and I realized that it wasn’t made for someone like me. I have taken the PWK once before, PWB (Pentesting with BackTrack if you are unfamiliar) once before and I was already familiar with the material being taught from extra curricular activities. The important thing to know about taking the course is that you need a lot of time to really cover everything. In my previous attempts, I never really had time to focus on the lab or the exercises for each section. When I took the PWB course, I was servicing 200+ clients in the US as an ASV pretty much by myself. Often times after 5pm Eastern, I’d have to work with clients in Pacific time zone. This was my first job in Infosec, and while it wasn’t conducive to successfully completing the PWB, it was very conducive for learning the ins and outs of the industry. On my second try, I was working someplace I had to commute about an hour and a half round trip every day. I was also assured that I’d have time to self study during the work week. Yep… My third attempt, I was still working full time, but I was embedded at a client for 40 hours a week and I really felt like I needed to get it done.
The point of explaining the different scenarios I went through is to show that if you feel like you’ve made enough time for the PWK, actually make sure you have enough time for the PWK. Little things here and there get in the way and often your loved ones would you like you to spend time with them. (Which is important) Seek approval from the people in your life to do the course and to give you space/time to work on it. I met a guy a few weeks ago that would work on his course after his kid went to bed and he and his wife shared a quick meal.
On the last run through of the course, I only managed to get 12 machines hacked and pivoted into one other network. That’s all I really had time for. I’m not sure how much I can say that will give it away, but a lot of these machines require an large amount of time or a fairly large inconvenience factor. Being where I was, experience wise, I opted to do what I can in the labs and not renew lab time any more than I already had. My advice to you here is to get through the material as quickly as possible and jump into the labs as soon as you can. Most people taking the course have used nmap, netcat and other similar tools so it may help to just skim or skip those sections if you feel comfortable. There is this kind of self-made obligation to do as much as possible because of how hard you’ve heard the exam is. The lab is way more important than the material if you understand most of the material. A neat thing a friend did (we took the course at the same time) was build a framework from each section of the course. Every section, he added what he learned in that framework and was able to end the whole thing with a tool he can use later for his job. Automation is great once you learn the core concepts!
The lab is very fun and is very well built. Just the infrastructure to support however many students are using it and resetting machines left and right is kind of impressive. It kind of polices itself. If a machine is acting up, reset it, if you break it, reset it. The base network in the lab is fairly simple for the most part, the complicated machines live on it, but if you are looking for easy wins to boost confidence, you’ll find them there. Really pay attention to the portions of the material about pivoting if you are unfamiliar with how that works and the different techniques you can use. Fingerprint the hell out of each machine, really get to know it before you send your first malicious packet to it. Since I didn’t do a whole lot of lab machines, I don’t have much advice, except to document everything you do meticulously.
I’ve been told that support has improved since I took the exam, but the moderators can be harsh when you ask un-researched questions. Make sure that you’ve done your due diligence before asking a staff member for help. “Try Harder” isn’t just their motto for giggles.
To wrap up the PWK portion, the course is great… if you have time and aren’t as experienced as I was walking into it. This really is a course for people who have a little experience. The gold is in the labs and the difficulty factor in a lot of it is what really teaches you. Actually hacking machines in the lab is easy, but learning how to look at each machine, spot it’s weaknesses and bash your head against it is where you learn. I really wish I made more time for the labs, but life sort of gets in your way. Had I taken it when I was younger and less involved with work and relationships (I love you honey!) this would have been perfect.
Jess and Ian are currently taking the PWK, so when they are finished we’ll have two more people’s opinions on the course/exam!
If you’d like to know more information about PWK or if you’d like to sign up for it, visit https://www.offensive-security.com/information-security-training/penetration-testing-training-kali-linux/