What is OSCP?
OSCP is a penetration testing training provided by Offensive Security.
Upon successful exam, you receive the OSCP cert, what is pretty valuable in IT security nowdays.
Your training begins with a lab access, where real-life like server infrastructure is provided for you, and you can sharpen your pentesting skills.
There are 3 types of packages available, if you want to start your learning:
PWK course + 30 days lab access + OSCP exam certification costs $999
PWK course + 60 days lab access + OSCP exam certification costs $1199
PWK course + 90 days lab access + OSCP exam certification costs $1349
During the lab access you can schedule your exam date.
In the lab, you will be able to learn the topics mentioned in this PDF https://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf
After exceeding the lab time, you will take the exam.
During the exam there are two phases:
Phase1: Penetration
Phase2: Documentation
Both of the phases are 24 hours long, so your exam will take 2 days from your life.
My experience
I started the course in 2018’s autumn. First, I purchased 60 days of lab access, and went through all the provided course materials. I was very determined about the hacking whole time.
I was working from 9am to 6am, and after finishing my work, I instantly launched the openvpn session, and started the lab. I spent several nights at the office. Once I forgot to go home, so it was pretty unfonfortable on the next day, but I think this is the point!
The whole infrastructure and atmosphere was really catchy. I started to cooperate with one of my colleague, and we were fighting against the lab boxes together. It was very exhausting, but I don’t remember any point, when I felt bored durin this time.
After several nights and few hours of sleep, my exam arrived. I grab coffee and snacks, and started the exam. Got the 10 point machine in 2 hours. I was very happy, and also called my friend, that its going pretty well.
When I spent 5 hours with the same box’s initial foothold, i felt myself really disappointed. Again 1 hour for testing, but still nothing. Finally I was able to get access to the box. The username and the password was the same at ssh.
I was totally broken, because it took at least 7 hours to get this easy flag. I got the feeling that I was failed. That feeling was right. I couldn’t manage to get any more points on the boxes. I completed the 25 point BOF task, and wrote the documentation, and went home for a sleep.
In a few days, I received the email, that I did not pass the exam.
It’s a bit strange, but I was pretty happy, to be able to continue the lab.
I took other 30 days of lab, and I was more determined than last time.
My tactic was to complete the BOF task first, under 1 hour, so I made BOF tasks as much as i can. Also I tried to exploit more and more boxes in the lab. I was getting quicker and quicker in enumeration. I was feeling the progress on my performance.
The next exam was schedulet at easter’s monday. It was pretty strange, that everyone is having some nap after the eggs, and I’m the only one, who is taking an exam.
I started the BOF example, but I screwed it up, because i generated a python payload with msfvenom, instead of c. I re-started the whole BOF process, and in the end, I noticed the error in my bash history. No worries, I completed in 90 minutes, so it wasn’t as bad.
After midnight I took a 3 hours sleep, and got a coffee and sit back to the exam.
The boxes were pretty straightforwards, and I had only 1 root flag missing in the last 5 hours. I was very happy, and I had the feeling, that I’m going to be successful, and nothing happens, If I don’t complete the last root flag. But at this point, I turned on my tv, and played the “Offsec OSCP song Try Harder” music, and I was boosted as hell. I found out the method of gaining root, but could not execute it successfully. I received the message that my exam access is over.
I headed for the documentation. It was pretty easy, because I had good screenshots, and I also started the document during the test.
In 3 workdays, I received the information, that I passed the exam, and now I’m OSCP cerified.
One of the most important lesson is not a technical stuff. Don’t be afraid of the failure. Upon my failed exam, I learn much more than during the original lab time.
Feel free to drop me a mail, if you have any questions about the OSCP exam or lab!
