My whole career, I’ve always wanted to gear it towards information security. I’m always looking for ways to improve my skills in penetration testing. My hunger for knowledge and my odd craving for challenges that push me to my limits have remained insatiable. Proving something to me is important, as are establishing my InfoSec credentials.. Those are probably a few of the top reasons I took the OSCP exam.
Offensive Security Certified Professional (OSCP) is a certification program that focuses on hands-on offensive information security skills. It consists of two parts: a nearly 24-hour pen testing exam, and a documentation report due 24 hours after it. OSCP is a very hands-on exam.
Before you can take the OSCP exam, you are required to take the Penetration Testing with Kali (PWK) course. Taking the course is mandatory for you to become eligible to take the OSCP. In addition to the knowledge you gain from the course, it opens doors to several career opportunities in information security. Of course, those who pass get bragging rights too.
If you ask OSCP-takers about the difficulty level of the exam, you will get varied answers but most people say that it's the most difficult exam they've taken in their lives. This is why it is critical to prepare well for it.
The PWK course doesn’t teach you everything, but the materials are enough to get you started. I cannot emphasize enough the importance of preparing prior to the course. Here’s a list of the things you need to learn to get prepared for OSCP:
- Linux and Windows Environment - You need to be familiar with both. These will help you spot clues for privilege escalation. I’m a Windows guy and during the labs I learned Linux the hard way.
- Linux and Windows Commands - Knowing Linux and Windows commands helps a lot. Brush up on them!
- Basic Programming Skills - Expect to debug and rewrite exploits, so know Bash Scripting. This will help you to automate redundant tasks.
- Web application attacks (SQLi, XSS, Local File Inclusion, Remote File Inclusion and Command Execution) - Expect a lot of web application content in the labs. Also practice bypassing web security filters for injection attacks.
- Metasploit Framework – Brush up on creating payloads with different formats, using multi handlers, and using staged vs non-staged payloads. Knowing these things will save you some time during your exam.
- Nmap - Different scanning techniques and Nmap NSE Scripts will help you a lot during your lab or exam.
- Netcat and Ncat - You’ll be using these a lot during the OSCP.
- Wireshark and tcpdump - Those are important because you’ll be using Wireshark to debug your exploit - or tcpdump, when machines don’t have a GUI.
- Windows and Linux Privilege Escalation - Aside from using kernel exploits, brush up on misconfigurations like weak service/file permissions and NFS/Shares.
- Escaping restricted shells and spawning shells - You’ll encounter these a lot during your OSCP.
- File transfer - It is important that you know the different techniques to transfer files to a target machine.
Aside from those topics, these books will also come in handy:
- Kali Linux Revealed - To freshen up your Linux Fundamentals.
- Penetration Testing: A Hands-on Introduction to Hacking - One of my favorite books. This book covers almost all the aspects of what the OSCP entails.
- Web Application Hackers Handbook - I highly suggest reading this book, especially if you’re new to web application penetration testing. The book covers web application attacks from attacking access controls, application logic, and application servers.
- Rtfm: Red Team Field Manual - This is a great cheat sheet for pen testers.
- Hacking: The Art of Exploitation 2nd Edition - This book covers deeper knowledge about penetration testing.
Time to get your hands dirty! After reading up and reviewing on the topics above, you can apply the things you learned with these:
- OSCP Like vulnerable machines list by abatchy
- Exploit-exercises.com - They provide Linux virtual machines that can be used to practice privilege escalations, reverse engineering and exploit development.
- Over The Wire: Natas - It focuses on web application challenges.
- Hackthebox.eu - They have several Windows boxes so if you want to focus on Windows I highly suggest this.
I hope my suggestions will help you in your OSCP journey. If you want to know more about my experience, you can check out my blog for cheat sheets and methodologies I’ll be uploading it soon. If you have questions or need any help you can reach me via Twitter @blad3ism.