OSCP is one of the most recognized and respected Cybersecurity Certifications out there. We ask advice from those people that have passed the OSCP!
If You've Passed We'd Love To Share Your Wisdom
Posted by Henry Dalziel | December 16, 2019 | Questions / Comments 6
Regularly updated | Submit your experience!
The point of this resource is to discover and establish just how difficult the OSCP, and we ask those that have passed it.
We’ve been covering Cybersecurity training for many years now and ever since it was launched, we’ve been really fascinated by the OSCP Certification.
The Offensive Security Certified Professional (OSCP) course and certification is the sequential certification to a course called “Penetration Testing with Kali Linux”.
The folks behind Kali Linux are responsible for the OSCP Course (as well as a bunch of other ones).
Here’s why we think the OSCP is the real deal and the bad-ass cybersecurity cert you can achieve: it tests the individual by assessing their penetration testing process and life-cycle through an arduous twenty-four (24) hour certification exam! That’s right. 24 Hours! Pretty awesome!
The end result is that the professional that has passed OSCP has clearly demonstrated their ability to be presented with an unknown network, enumerate the targets within their scope, exploit them, and clearly document their results in a penetration test report (which is also a requirement).
In this post, we ask current Professional Penetration Testers and Cybersecurity Professionals how they trained for and passed the OSCP Certification.
Certifications we've asked for advice from professionals that passed them include:
The cost of the OSCP certification is (at the time of writing in 2020) $800.
The price of OSCP includes lab access and an exam voucher.
At the time of writing, you get 30 days of lab access and you’ll have to sit the 24-hour exam within that time frame. Now, of course, you’d be wise to practice on other free labs which you can install on VirtualBox and that’s absolutely something we advise that you.
The answer is simple.
I passed CEH in 2018 and found it relatively easy but I did do a ton of work before but I haven’t passed the OSCP or CISSP so I can’t accurately compare them. What I can say, however, is that CEH and OSCP have a lot in common in the sense that they are both offensive certifications whilst CISSP is really more of a 360 view aimed at Senior Management.
CEH and CISSP are both multiple-choice based exams. CEH is three hours long whilst CISSP I believe is five hours.
OSCP is practical.
The OSCP certification is awarded on being able to successfully crack five machines in 24 hours.
One machine (‘box’) will be the most difficult and will hold the maximum points, while the others will address your skills in being able to hack boxes using enumeration, exploitation, and post-exploitation techniques.
The vulnerable boxes are a mix of Linux and Windows systems.
Being OSCP certified helps your career if you’re interested in becoming a Penetration Tester or Ethical Hacker. The fact that you can pwn machines under a strict time limit shows that you have the necessary knowledge and skills to hack into machines and systems.
Furthermore, another major benefit of passing the OSCP is that increasingly recruiters are requesting that candidates pass or have the OSCP cert, especially for roles that are aimed at Penetration Testing.
We’d absolutely encourage you to take this InfoSec cert if you’re serious about a career in Cybersecurity.
* We put the interesting replies and comments in orange…
Find this useful? Please share! Thanks!
Spending endless hours trying to break into certain machines with no success.
Stick to the easier machines first – if a challenge seems too hard for you for a while despite your best efforts, it probably is. Don’t lie to yourself and be overconfident. Also, gather as much information as possible. Don’t take shots in the dark unless absolutely necessary. In my opinion, the buffer overflow machines are easiest. Less luck, more logic 🙂
I also consider myself a decent Python, C, and PHP programmer, though there always is more to learn. Python definitely helped with the exploit development part of the course.
Security Consultant at Maticmind S.p.A.
Don’t overlook the enumeration phase: everything you need is just in front of you, no hint nor question just a good enumeration.
Ethical Hacker (Infosys)
Try Harder, Try Harder till you succeed. Enumerate each bit of the machine to get the next hint. Obviously hands-on practice with Kali Linux is a must and one should always think about “what next?”…
Senior Security Engineer at Crypto
Try Harder! And Enumeration is the Key.
Security Engineer & Podcaster
Be VERY disciplined about time management. If you’ve got a family and a full-time job like I did, make sure your significant other, kids etc. are supportive of this effort as you’ll likely need to spend many red-eye hours studying and working through the labs. You’ll probably need to sacrifice personal/family time to succeed and obtaining the OSCP.
Security Engineer at Klarna
You should master the exploit development and privileges escalation techniques, follow the technical blogs for g0tmi1k, security-tube, fuzzysecurity, c0relan, offensivesecurity, Infosec Institute, SANS reading room, Blackhat/ DEFCON/ Hackinthebox Conferences youtube channels, opensecurity, theamazingking, samsclass, github resources and play CTF.
Chief Information Security Officer (CISO) at GigIT, Inc.
Hands on practice. Theoretical knowledge is not enough and the more lab time you can get the better. The OSCP labs are great.
Consultant, Cyber Security at MNP
Try to pwn every lab machine. There is a different skill gained from every machine. It helped me pass my OSCP exam as two machines were very similar to two of the lab machines.
Senior Security Consultant & Team Lead at Synopsys Inc
Try Hard. Try Harder. Hand On practice is a must. Give dedicated time to exploit each machine in different Lab networks and increase your skill set to do Python scripting along with that. Don’t lose your concentration throughout the Lab period and stay focused.
Pentester & Security Analyst
Perseverance and effort!
Senior Penetration Testing
Learn privilege escalation.
Senior Security Assurance Analyst at Emirates
Learn buffer overflow and privilege escalation. Do labs well.
Senior Consultant at EY
Do not underestimate or assume anything. More you’ll try, more you’ll learn.
Vulnerability Analyst at Booking.com
Be through with your basics.
Enterprise Information Security Consultant at Canon
Get yourself familiar by practicing on the machines at vulnhub.com where you will arm yourself with more than the skills you need to pass OSCP.
Penetration tester at Schneider Electric
Try to finish at least 30 machines OSCP lab and then give a try. Then it will be easier to pass OSCP on time.
Offensive Security Engineer | OSCP, OSWP, OSCE, eCPTX, CED, Crest CRT Pen
Please do not be discouraged if you failed. Try Again, Try Harder and earn your OSCP Certification.
Penetration Tester and Application Security Researcher
Master yourself in privilege escalation and try to work on some vulnerable machines available at “VulnHub” to get the knowledge of privilege escalation.
Keep an Eye on Enumeration.
Cyber Security Professional at VHL IT Security Training BV
Strategy, Methodology and Time Management are key. Make up a strategy to avoid rabbit holes, plan your available exam time well and create a battle plan and stick to it.
Information Security Team Lead
Complete at least 30 machines in the lab before trying to tackle the exam. Learn buffer overflow before the exam: Vivek Ramachandran buffer overflow videos were very helpful for me.
Senior Penetration Tester at BAE Systems
Sticking with it and putting in the time to get it done. Also, you need to enumerate, enumerate, and enumerate some more!
Cyber Security Threat Hunter
Know your target and time management.
Passion is the most important thing to pass the OSCP exam.
Penetration testing is the only thing you are doing when you have nothing to do. If you are a proficient (Python and C) programmer, it would help you a lot. Unfortunately, you cannot expect to pass the OSCP exam only with Python skill. You also need to know networking protocols and how are they working.