OSCP Certification: My Experience and some Concerning Trends

I did my OSCP certification back in 2013 and wanted to share my experience with that cert along with some industry trends that I am observing.

OSCP or Offensive Security Certified Professional is an awesome certification which pushes the cert challengers to think out of the box and align their concepts in real world applications. The most enjoyable part of my 29-day journey of OSCP was their labs. Their labs are designed in a way that will help your brain to run in the direction of a professional penetration tester. The machines in the lab are of  various flavours/configs/architecture.

OSCP - Offensive Security Certified Professional

One can take (or re-take) exam as per own's wish. It is a 24-hour practical exam in which users are required to gain root privileges on few machines.  The skills needed to crack the exam vary between enumeration, Linux/Windows privilege escalation, basic Windows exploit development, exploitation and vulnerability assessment.

Some advice for folks interested in taking this cert:
  • Choose the lab duration wisely: OSCP has 30/60/90 days lab option and one should choose the term based on their past experience/knowledge on this subject
  • Prepare beforehand: I decided to learn the required fundamental concepts before opting for this cert.  Like; understanding the concepts of Linux/Windows privilege escalation, collecting the Linux and Windows privilege escalation exploits, practicing exploitation using raw exploits, learning Metasploit, learning basic shell scripting, etc.
  • Enumeration is the key: Learn to use various enum tools like nmap, SNMP scanners, etc. and most of all GOOGLE
  • Document everything: I used keepnote tool to record everything in the labs/exam and created separate notes for each IP. This will help you to switch b/w IPs relatively quick w/o restarting from scratch
  • Don't use MSF & Vulnerability scanners: I would strongly advise against using Metasploit framework and vulnerability scanners (like nessus, nexus) during the labs. These tools aren't allowed to be utilized in the exam on almost all the machines. (Note: There may a small subset of machines in the lab which may not have exploits other than that in MSF)
  • Don't get stuck to a machine: If you are taking too long to progress to a single IP, move on! Don't get stuck with a machine else you may just get frustrated and waste time. Keep it in the backlog and revisit at a later stage. 
  • Before the exam:  Take rest and a long sound sleep. You may not be able to sleep next 24 hours ;-) (though I would advise taking small power naps during the exam too). Have all the scripts, exploits, reference material and tools handy in a folder. You may make an excel sheet with the name of the exploit and the condition under which it works (it will help a lot!)
  • During the exam: Just go for it. Don't get frustrated and TRY HARDER! :-)

P.S: If you flunk, don't get dishearten! Many of my friends cracked this cert in their 2nd or 3rd attempt :)

Now, moving on the next part of this blog post: Concerning Trends of OSCP 

Lately, I have seen that a lot of people started to crack this certification by CHEATING !! 

How?? Because, offensive-security folks do not change their exam questions frequently. It would be highly likely that the machines I got on my exam are the same you may get now! At least, this was the case till recently, and I would be more than glad to know that offsec folks have changed this thing. So, an exam taker may just directly ask for the solution from his certified friend and bingo; he/she is also now an OSCP. 

If OffSec does not improve on this, I am afraid that this cert will lose its charm. If you happen to know Offensive security people, please feel free to pass on this feedback to them and request them to fix this vulnerability. 

Thanks for reading this.

Related Posts
« Prev Post