My OSCP Experience
Wanting to break into the Cyber Security industry I had asked around about certificates I could use to get me in. I had actually gone to college for advertising and didn't ever get my degree in the end, I needed a certificate that would help me get a foot in the door. Research led me to find the OSCP.
Though there's a few certifications out there for cyber security and penetration testing, what intrigued me the most about PWK and the OSCP was the live lab environment. Not only would I know of these concepts, but I'd actually get my own student version of kali that I could use to break this lab environment. Enticing to say the least.
Are you ready?
A question everyone always seems to ask themselves before taking the OSCP is "Am I really ready? Will I really be able to do this?". Almost anyone will tell you the PWK materials are quite thorough and along with Google, it really is all you'll need. But Google will be your best friend here, and getting into a research mindset helps. When you get stuck, you will be surprised how much the right Google search can reveal. Other than that, Offsec reccommends at least 1 year of linux experience, you will get a warning that says this when first signing up!
I should say maybe I'm the exception, or maybe the fact I've played with computers since I was a child helped me out, but shamefully and regretfully I actually only had started REALLY getting deep into linux and playing with it for about 2 months before I signed up for the OSCP. I figured, I'll just try hard and Google as well as I can. Thankfully, it paid off! Though I don't reccommend this for everybody, it's probably good to know CMD, Powershell, and Bash before coming in.
Be prepared to wait about a month to be able to enter the labs after signup. I didn't actually know how busy they were lately so both signing up for the exam and the labs resulted in about a 1 month waittime. Waiting felt like the hardest part at the time.
When I finally recieved my materials I was quite excited, but I decided at first to hold myself back and go through all the videos at minimum before attempting anything in the labs. I decided I didn't want to be stuck on any machines because of anything I may have missed in the documentations.
The materials are quite thorough. The basics are all in there but it's up to you to get creative when required! You can find the syllabus here: https://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf. The best part about the materials for me was the simulated pentest they walk you through at the end, so you don't just have to jump into the labs guessing or scared out of your mind if you can really apply all this.
By the time I had broken into the labs I felt ready to start busting into some machines! At first, just by remembering and constantly referencing my lessons I had easily broken into about 10 different machines! They were fortunate enough to leave you a few low hanging fruits, but after that things started slowing down for me a bit. By the end of my first month I was 24 machines deep.
Conquering these machines required creativity, thoughtful analysis, and patience. I didn't know patience until I met the OSCP, some of the more difficult machines such as Humble or Sufferance would later take me a week or longer to conquer. At times I would wake up some mornings and run to my computer with a flurry of ideas that would either turn into nothing, or turn into root!
A good bit of advice everyone will give you, if you get stuck move on for a bit. Take a nap, watch a movie, do a new machine. Coming back with a fresh mindset can give you a new set of ideas on where you can tackle the machine.
I knew to expect something difficult. I thought I may not pass my first try, I was prepared to expect failure but to try my best regardless. I thought I was gonna be ready, I thought "enumerate enumerate enumerate and you'll be fine!". You just cant anticipate what these exams throw at you until you actually get that VPN pack, sit down, and realize the clock is ticking and you have only 24 hours to get as many points as possible.
The pressure was on! I enumerated every machine with a few initial scans, documented EVERYTHING to make sure I never had to go back again and waste time, and then went after what seemed like the lowest hanging fruit. 4 Hours in and I already had 55 points! I felt like I was a shoe in to pass! And then I went about 16 hours of no sleep without any progress......
No matter how far you get how quickly, DON'T GET ARROGANT. This was my biggest mistake and made me throw 16 hours away. In the end I finally got another machine, and threw together both my exam documentation and lab documentation last minute for some extra points as well just in case.
By the end of the week, I got the great news!
The OSCP has by far been the greatest experience in my life. I started out barely knowing anything about pentesting to feeling quite confident in my ability to break and document bugs in webapps. The best part is it's quite an affordable class as well!
If you have $800 to spare I highly reccommend this course and certification.