Offensive Security Certified Professional

  2014-05-28


Intro

Try Harder! If received my OSCP exam in the mail today. Time to write a short review.

As I did not know what to expect from this certification I booked the 90 days lab access. Also, I wanted to finish all the exercises and compromise as many systems as possible. Up until I received the learning material and the VPN connection to the lab was established I only knew little what to expect.

The exercises were quite easy, as they try to establish a baseline knowledge of tools and methods. The later exercises go more into detail of security.

The Lab

The really interessting stuff was going on in the labs. There are about 50 boxes distributed in a few separate network segments. Every time I gained root access on a machine it felt like christmas. Every time I gained access to another subnet it felt like christmas, with all the new targets to attack. After the 90 days of lab access and a lot of hard work I was only missing access to 6 boxes. At this point, my lab report was about 50 pages. Luckily, I already had created a latex template, that I could also use for the exam. So I thought it was better to move on the actual exam.

The take aways from the lab was to Try Harder. With enough work and some thinking, most boxes can be rooted quite easily. There might also be other students working on the same machine. Compiling stand alone exploits and having them ready at hand is also quite handy sometimes. Also, it was important not to rely on one single exploit, but to try different ways of exploiting a system.

The Exam

The exam is limited to 24 hours of hacking. Subsequently, in 24 extra hours you have to hand in the exam report. All the details for the exam will land in your mailbox when the scheduled exam starts. Of course, you will have to take over a certain amount of machines. This hands on exam is what distinguishes the OSCP from other exams.

Conclusion

The Offensive Security Certified Professional is a great basis for anybody interested in information security. Your skill level does not play a big role. If you are new in this area there will be quite a steep learning curve. For the more advanced, the lab has ample opportunities to test and improve your security knowledge. The most important thing to bring along is a the motivation to learn and understand new things. I will Try Harder!

Try Harder!

Resurces