We’ve been covering Cybersecurity training for many years now, but one certification has really caught our attention; and that’s the OSCP Certification. The Offensive Security Certified Professional (OSCP) course and certification is the sequential certification to a course called “Penetration Testing with Kali Linux”. The folks behind Kali Linux are responsible for the OSCP Course (as well as a bunch of other ones).
Here’s why we think the OSCP is the real deal and the bad-ass cybersecurity cert you can achieve: it tests the individual by assessing their penetration testing process and life-cycle through an arduous twenty-four (24) hour certification exam! That’s right. 24 Hours! Pretty awesome…
The end result is that the professional that has passed OSCP has clearly demonstrated their ability to be presented with an unknown network, enumerate the targets within their scope, exploit them, and clearly document their results in a penetration test report (which is also a requirement).
In this post we ask current Professional Penetration Testers and Cybersecurity Professionals how they trained for and passed the OSCP Certification.
Try Harder ! And Enumeration is the Key.
Keep an Eye on Enumeration.
Be VERY disciplined about time management. If you’ve got a family and a full-time job like I did, make sure your significant other, kids etc. are supportive of this effort as you’ll likely need to spend many red-eye hours studying and working through the labs. You’ll probably need to sacrifice personal/family time to succeed and obtaining the OSCP.
You should master the Exploit development and privileges escalation techniques, follow the technical blogs for g0tmi1k, security-tube, fuzzysecurity, c0relan, offensivesecurity, Infosec Institute, SANS reading room, Blackhat/ DEFCON/ Hackinthebox Conferences youtube channels, opensecurity, theamazingking, samsclass, github resources and play CTF.
Hands on practice. Theoretical knowledge is not enough and the more lab time you can get the better. The OSCP labs are great.
Don’t overlook the enumeration phase: everything you need is just in front of you, no hint nor question just a good enumeration.
Try to pwn every lab machine. There is a different skill gained from every machine. It helped me passing my exam as two machines were very similar to two of the lab machines.
Try Hard. Try Harder. Hand On practice is must. Give dedicated time to exploit each machine in different Lab networks and increase your skill set to do Python scripting along with that. Don’t lose your concentration throughout the Lab period and stay focused.
Perseverance and effort
Learn privilege escalation.
Learn buffer overflow and privilege escalation. Do labs well.
Do not underestimate or assume anything. More you’ll try, more you’ll learn.
Be through with your basics.
Get yourself familiar by practicing on the machines at vulnhub.com. This place will arm you with more than the skills you need to pass OSCP.
Try to finish at least 30 machines OSCP lab and then give a try. Then It will be more easier to pass OSCP on time.
Please do not be discouraged if you failed. Try Again, Try Harder and earn your OSCP Certification.
Master yourself in privilege escalation and try to work on some vulnerable machines available at “VulnHub” to get the knowledge of privilege escalation.
Try Harder, Try Harder till you succeed. Enumerate each bit of the machine to get the next hint. Obviously Hands on practice with Kali Linux is must and one should always think about “what next?”…
Strategy, Methodology & Time Management are key: Make up a strategy to avoid rabbit holes, plan your available exam time well and create a battle plan and stick to it.
Complete at least 30 machines in lab before trying to tackle the exam. Learn buffer overflow before exam: Vivek Ramachandran buffer overflow videos were very helpful for me.