Is The OSCP Certification Difficult? Advice From OSCP Cert Holders

Is The OSCP Certification Difficult? Advice From OSCP Cert Holders

Henry Dalziel | Information Security Certifications | January 18, 2017


What is this post about?

Time to read: 10 mins

We’ve been covering Cybersecurity training for many years now; but one certification has really caught our attention; and that’s the OSCP Certification. The Offensive Security Certified Professional (OSCP) course and certification is the sequential certification to a course called “Penetration Testing with Kali Linux”. The folks behind Kali Linux are responsible for the OSCP Course (as well as a bunch of other ones).

Here’s why we think the OSCP is the real deal and the bad-ass cybersecurity cert you can achieve: it tests the individual by assessing their penetration testing process and life-cycle through an arduous twenty-four (24) hour certification exam! That’s right. 24 Hours! Pretty awesome…

The end result is that the professional that has passed OSCP has clearly demonstrated their ability to be presented with an unknown network, enumerate the targets within their scope, exploit them, and clearly document their results in a penetration test report (which is also a requirement).

In this post we ask current Professional Penetration Testers and Cybersecurity Professionals how they trained for and passed the OSCP Certification.


If you’ve passed OSCP and have some advice and thoughts to share we’d love it if you could share it with us all!


Take Part In The Interview!

Grant Boudreau

[Taken from Grant’s LinkedIn Profile] Hard working, self-motivated, high achieving professional with over 8 years experience in the Information Technology industry, with extensive work with Kali and *nix operating systems. Excellent decision-making and problem-solving skills developed while meeting the challenge of a constantly changing industry. Quick learner, with outstanding performance. Strong commitment to customer service.

How many years experience do you have within InfoSec?
3 years.

Aside from OSCP, do you have other professional certs and if so what are they?
OSWP, Security+, Network+, A+, Server+, MCTS, OCSA

What was the most challenging aspect about passing OSCP?
Coming into it as a complete n00b. Didn’t know where to start or where to look other than what the course materials gave me. Took awhile for me to start, but through determination and persistence things started to get pwned. It took 8 long months to pwn every system in the lab but the amount of knowledge and skills that I’ve gained from pwning every machine was worth it. Things are tricky and you just need to keep going down the rabbit hole.

What would be your #1 bit of advice for someone attempting to pass OSCP?
Try to pwn every lab machine. There is a different skill gained from every machine. It helped me passing my exam as two machines were very similar to two of the lab machines.

Are you a proficient (Python) coder/ programmer and did it help?
No, but I can read code. This is what helped.


Yamal Patel

[Taken from Yamal’s LinkedIn Profile] Yamal is an insightful and result driven Information Security professional with areas of expertise as Web application & network vulnerability penetration testing and having hands-on experience on vulnerability exploitation tools. Currently working as Security Consultant at Cigital Asia Pvt Ltd., Bangalore..

How many years experience do you have within InfoSec?
3 1/2 years

Aside from OSCP, do you have other professional certs and if so what are they?
EC-CEH, CCNA

What was the most challenging aspect about passing OSCP?
Most challenging part in passing OSCP was the Buffer Overflow machine which require the attendee to have proficient knowledge of assembly language as well as PERL/ Python to generate exploit script.

What would be your #1 bit of advice for someone attempting to pass OSCP?
Try Hard. Try Harder. Hand On practice is must. Give dedicated time to exploit each machine in different Lab networks and increase your skill set to do Python scripting along with that. Don’t lose your concentration throughout the Lab period and stay focused.

Are you a proficient (Python) coder/ programmer and did it help?
No. I have intermediate level of Python knowledge. It helped a lot in exam. it would help a lot if you can create your own scripts to do basic scanning and reconnaissance.


Prem Kumar

Prem is a Senior Security Consultant at Mercedes-Benz Research and Development India.

How many years experience do you have within InfoSec?
5 years

Aside from OSCP, do you have other professional certs and if so what are they?
None

What was the most challenging aspect about passing OSCP?
Enumeration and Privilege Escilation

What would be your #1 bit of advice for someone attempting to pass OSCP?
Be through with your basics.

Are you a proficient (Python) coder/ programmer and did it help?
Yes, knowing Python helps. But, you can survive without Python as well.


Andres Amado

[Brief bio of Andres in his own words] I am a computer scientist with 5 years of experience and passionate about computer security. I’ve collaborated in the creation of security tools and in the analysis of malware.

How many years experience do you have within InfoSec?
Two years

Aside from OSCP, do you have other professional certs and if so what are they?
CEH

What was the most challenging aspect about passing OSCP?
Each step was challenging

What would be your #1 bit of advice for someone attempting to pass OSCP?
Perseverance and effort

Are you a proficient (Python) coder/ programmer and did it help?
Yes, but it is not necessary


Hamed Farid

Prem is a Senior Security Consultant at Mercedes-Benz Research and Development India. Hamed is a Senior Security Consultant at Kuwait Finance House and a Security researcher at Synack Red Team. He is also the OWASP Egypt/ Alexandria Chapter Lead. In his own words: I’m an Exam item writer for CEH exam; CEH, OSCP and ITIL Certified with more than 12 years of extensive software development and administration experience in many different languages Java, Python, C#,Assembly, C, C++ and others using different platforms windows: Linux and UNIX which gives me the ability to be an expert in network and web penetration testing.

How many years experience do you have within InfoSec?
5 years.

Aside from OSCP, do you have other professional certs and if so what are they?
CEH and ITIL.

What was the most challenging aspect about passing OSCP?
Research, try harder.

What would be your #1 bit of advice for someone attempting to pass OSCP?
Try harder.

Are you a proficient (Python) coder/ programmer and did it help?
Yes, yes it helps.


Luka Sikic

Luka is a Penetration tester and ethical hacker with an extensive background in web application security, web development and exploit development. Over 3 years of experience with penetration testing and information security.

How many years experience do you have within InfoSec?
3 years.

Aside from OSCP, do you have other professional certs and if so what are they?
None.

What was the most challenging aspect about passing OSCP?
Exam.

What would be your #1 bit of advice for someone attempting to pass OSCP?
Learn privilege escalation.

Are you a proficient (Python) coder/ programmer and did it help?
Yes I am and not really


Kaleem Shaik

Kaleem Shaik, a Senior Security Engineer with PricewaterhouseCoopers SDC-Bangalore, holds a master degree in computer sciences. He has a total of 4.8 years of experience on information security that includes experience in vulnerability assessment, penetration testing. His capabilities in information security include performing penetration testing of network infrastructure, web and mobile applications for numerous clients across a multitude of sectors. He has experience in using various vulnerability scanners and penetration testing tools. He has prepared secure guidelines and done secure design review.

How many years experience do you have within InfoSec?
5 years.

Aside from OSCP, do you have other professional certs and if so what are they?
None.

What was the most challenging aspect about passing OSCP?
Need to enumerate a lot.

What would be your #1 bit of advice for someone attempting to pass OSCP?
Learn buffer overflow and privilege escalation. Do labs well.

Are you a proficient (Python) coder/ programmer and did it help?
I have intermediate knowledge on Python


Brian Johnson

I’m an information security enthusiast with a passion for penetration testing and user awareness training. Relevant certifications include CISSP, OSCP and CEH. I love to take what I’m learning from my full-time job as a pentester and regurgitate it directly into blog, audio podcast or video form by way of my 7 Minute Security site. When I’m not trying to break into Web sites and networks, I sing and play guitar as part of a vocals-driven acoustic duo called Sweet Surrender (http://sweetsurrender.info).

How many years experience do you have within InfoSec?
3 years.

Aside from OSCP, do you have other professional certs and if so what are they?
CISSP, CEH, OSWP.

What was the most challenging aspect about passing OSCP?
Biggest challenge for me was making time to study, as I’ve got a wife and kids. As far as the test itself, the most challenging thing was the aggressive timeline (24 hours straight is intense!) and trying to balance how much work/rest/eating to do to stay sharp.

What would be your #1 bit of advice for someone attempting to pass OSCP?
Be VERY disciplined about time management. If you’ve got a family and a full-time job like I did, make sure your significant other, kids etc. are supportive of this effort as you’ll likely need to spend many red-eye hours studying and working through the labs. You’ll probably need to sacrifice personal/family time to succeed and obtaining the OSCP.

Are you a proficient (Python) coder/ programmer and did it help?
No. My biggest challenge was the coding exercises as I have very little programming experience. Some background knowledge in C and Python would come in very handy before starting OSCP.


Sparsh Owlak

Sparsh is an Information Security Analyst at Wipro

How many years experience do you have within InfoSec?
2 years and 7 months.

Aside from OSCP, do you have other professional certs and if so what are they?
CEH, ISO27001:2005, RHCE, Qualys VM, Network management.

What was the most challenging aspect about passing OSCP?
Every machine is different so only learn the approach.

What would be your #1 bit of advice for someone attempting to pass OSCP?
Do not underestimate or assume anything. More you’ll try, more you’ll learn.

Are you a proficient (Python) coder/ programmer and did it help?
No, I am not proficient. Only basic knowledge helped as we only have to modify the code.


Saravana Kumar

An Information Security analyst with 3.5 years experience in Vulnerability Assessment, Penetration Testing, Designing Secure Information Architectures, security audits, PC audits, Implemented security policies and Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP) and research on malware analysis in progress. I have a Master’s Degree in Software Systems. Have achieved professional certifications like Certified Ethical Hacker V8 (CEH V8), Information Security & Ethical Hacking (ISEH), Certified Elite Penetration Testing Professional (CEPP), OSCP (Offensive Security Certified Professional).

How many years experience do you have within InfoSec?
3 years.

Aside from OSCP, do you have other professional certs and if so what are they?
Certified Ethical Hacking (CEH-EC Council), Diploma in information Security and ethical hacking, Certified Elite Penetration Testing Professional, Enterprise Security Manager(SIEM) 9.4 Essentials Exam(Technical) and ITIL-Foundation.

What was the most challenging aspect about passing OSCP?
Getting local Shell.

What would be your #1 bit of advice for someone attempting to pass OSCP?
Try Harder ! And Enumeration is the Key.

Are you a proficient (Python) coder/ programmer and did it help?
I have basic knowledge in Python. Scripting language will help you to automate process.


Ahmed Mohamed

Ahmed us an IT Security Consultant at ING.

How many years experience do you have within InfoSec?
1 year at the time of doing OSCP. This 1 year wasn’t working experience.

Aside from OSCP, do you have other professional certs and if so what are they?
Yes, OSCE and OSWP certifications.

What was the most challenging aspect about passing OSCP?
Privilege Escalation; gaining admin/ system privileges. Also there are more than one way to compromise a machine, I wanted to know every single way for exploitation and privilege escalation. Also you almost don’t receive any useful help from the admins.

What would be your #1 bit of advice for someone attempting to pass OSCP?
Get yourself familiar by practicing on the machines at vulnhub.com. This place will arm you with more than the skills you need to pass OSCP.

Are you a proficient (Python) coder/ programmer and did it help?
I am a proficient coder but OSCP doesn’t involve any coding except some little Python for buffer overflows.


N Vivek

N Vivek is a Cyber Security Engineer at ABB.

How many years experience do you have within InfoSec?
3 1/2 years.

Aside from OSCP, do you have other professional certs and if so what are they?
None.

What was the most challenging aspect about passing OSCP?
Time Management and then logical skill to finish it on 24 hours. I cleared it on second attempt only.

What would be your #1 bit of advice for someone attempting to pass OSCP?
try to finish atleast 30 machines OSCP lab and then give a try. Then It will be more easier to pass OSCP on time.

Are you a proficient (Python) coder/ programmer and did it help?
Yes.


Ye Yint Min Thu Htut (OSCE, OSCP, CREST CRT)

Ye Yint is an experienced Information Security specialist with diverse industry experience in Government/ Non-Government Organizations. Strong Web application security experience with thorough understanding of application vulnerabilities, automated and manual testing, auditing and remediation techniques, application security guidelines/requirements from OWASP, WASC, OSSTMM. Competence in Internal & External Penetration Testing on Network Infrastructure (including Firewalls, Routers, etc). Enthusiast on Vulnerability Research & Exploit Development for Stack Overflows, Heap Overflow, Bypass Windows Memory Protection, Bypass safeSEH, Bypass SEHOP, Bypassing DEP & ASLR, Kernel Exploitation, Heap Spraying/ Browser Exploitation & Shell Coding

How many years experience do you have within InfoSec?
Almost 5 years

Aside from OSCP, do you have other professional certs and if so what are they?
OSCE, CREST Certified Register Pentester, CREST Practitioner Security Analyst.

What was the most challenging aspect about passing OSCP?
OSCP Lab is the most challenging part for me. It is not easy to reach final goal of the lab.

What would be your #1 bit of advice for someone attempting to pass OSCP?
Please do not be discouraged if you failed. Try Again, Try Harder and earn your OSCP Certification.

Are you a proficient (Python) coder/ programmer and did it help?
Yes, scripting skills are very helpful for lab and exam.


Choudhary Muhammad Osama

This is Choudhary Muhammad Osama. I am a highly accomplished Penetration Tester, Security Analyst and Linux Administration enthusiast, with extensive experience in implementing, maintaining, securing and pentesting web applications and networks. The security is probably the most important thing for a company to test before launching their website, I’ve been testing and breaking the securities of several companies and other tech giants. Experienced in industry-standard penetration testing tools and frameworks, including but not limited to: Nmap, Hydra, The Metasploit Framework, SET, SQLMap, OpenVAS, BurpSuite, OWASP, Wireshark. Familiar with OllyDbg, shellcode, customizing public exploits, and exploit development. Solid understanding of programming/scripting languages including PHP, SQL, Bash and C as well as web technologies such as HTML, Javascript. Ability to work efficiently under stress and manage time under strict deadlines. I want to work in such a congenial environment that utilizes my abilities at their best and where I can serve my knowledge in the steady progress of the organization and learn from my seniors.

How many years experience do you have within InfoSec?
3 years.

Aside from OSCP, do you have other professional certs and if so what are they?
A+, Network+, Linux+, Security+ and CEH.

What was the most challenging aspect about passing OSCP?
Everything was important. Sometimes a small mistake can be the important part which you try to find in a place where it doesn’t belong.

What would be your #1 bit of advice for someone attempting to pass OSCP?
Master yourself in privilege escalation and try to work on some vulnerable machines available at “VulnHub” to get the knowledge of privilege escalation.

Are you a proficient (Python) coder/ programmer and did it help?
No, but It’s really helpful to have some intermediate level of understanding of Python which will really helpful in automating some tasks during Lab and Exam.


Sandro Zaccarini

Sandro occasionally run vulnerability assessment on server networks and websites taking advantage of some automated (Nessus, OpenVAS, Retina), semi-automated or manual tools and code-review, pointing out vulnerabilities and proposing/implementing solutions. He hold different classes about OpenBSD OS, divulgative security, ethical hacking and product certification as a teacher and coordinator.

How many years experience do you have within InfoSec?
15 years.

Aside from OSCP, do you have other professional certs and if so what are they?
OSWP and OSCE (from offensive security) NACA (nexpose).

What was the most challenging aspect about passing OSCP?
The exam is challenging, but i think it’s way challenging the lab itself. you soon find yourself addicted to it and you can’t rest until you’re done with all the boxes. and when you are, you start again.

What would be your #1 bit of advice for someone attempting to pass OSCP?
Don’t overlook the enumeration phase: everything you need is just in front of you, no hint nor question just a good enumeration.

Are you a proficient (Python) coder/ programmer and did it help?
Sort of proficient, it helped of course.


Martin Voelk

19 years of IT and Network Security experience in the ISP-, Security-, Enterprise- world as well as in the Financial industry. Our company Cyber 51 provides Security Audits, Security Consulting Services such as Network & Web Application Penetration Testing, Vulnerability Assessments and any services related to Cyber security.

How many years experience do you have within InfoSec?
15 years.

Aside from OSCP, do you have other professional certs and if so what are they?
CEH, Cisco CCIE, Cisco CCNP Security

What was the most challenging aspect about passing OSCP?
The time you have in the exam. It is very challenging to get it all done on time. I am for a Network Security background, so Web Applications were tricky and I had to learn a lot.

What would be your #1 bit of advice for someone attempting to pass OSCP?
Hands on practice. Theoretical knowledge is not enough and the more lab time you can get the better. The OSCP labs are great.

Are you a proficient (Python) coder/ programmer and did it help?
No, but I learned a lot of python during my studies. My background is Firewalls and Network Security.


Muhammed Bassem

My career has been characterized by my ability to work well with diverse teams. I seek out opportunities to involve others in the decision-making process. This collaboration and communication is what has enabled me to achieve success in my department. People are the most valuable resource of any organization. I have achieved success in my career because I have been focused on the bottom line. I have always sought out innovative solutions to challenging problems to maximize profitability. Regardless of the task or challenge, I always established benchmarks of performance and standards of excellence.

How many years experience do you have within InfoSec?
5+ years.

Aside from OSCP, do you have other professional certs and if so what are they?
GSEC, and ISO27001LA

What was the most challenging aspect about passing OSCP?
To Keep Trying Harde!r

What would be your #1 bit of advice for someone attempting to pass OSCP?
You should master the Exploit development and privileges escalation techniques, follow the technical blogs for g0tmi1k, security-tube, fuzzysecurity, c0relan, offensivesecurity, Infosec Institute, SANS reading room, Blackhat/ DEFCON/ Hackinthebox Conferences youtube channels, opensecurity, theamazingking, samsclass, github resources and play CTF.

Are you a proficient (Python) coder/ programmer and did it help?
Yes, and Yes.


Malkit Singh

Malkit is a System Engineer at Infosys.

How many years experience do you have within InfoSec?
5 years.

Aside from OSCP, do you have other professional certs and if so what are they?
None.

What was the most challenging aspect about passing OSCP?
The most challenging was privilege escalation and Buffer Overflow.

What would be your #1 bit of advice for someone attempting to pass OSCP?
Try Harder, Try Harder till you succeed. Enumerate each bit of the machine to get the next hint. Obviously Hands on practice with Kali Linux is must and one should always think about “what next?”…

Are you a proficient (Python) coder/ programmer and did it help?
I have intermediate knowledge about python, which helped me a lot in the exam, especially for buffer overflows.


Ferdi Bak

Cyber Security Specialist at Virtual Hacking Labs

How many years experience do you have within InfoSec?
2 years.

Aside from OSCP, do you have other professional certs and if so what are they?
N/A

What was the most challenging aspect about passing OSCP?
The most challenging aspect was the exam. Especially the time limit of 24 hours was challenging.

What would be your #1 bit of advice for someone attempting to pass OSCP?
Strategy, Methodology & Time Management are key: Make up a strategy to avoid rabbit holes, plan your available exam time well and create a battle plan and stick to it.

Are you a proficient (Python) coder/ programmer and did it help?
I have professional experience as software engineer and worked with different programming languages but Python was not one of them. Personally I don’t think you need (great) programmer skills in order to read and modify exploits.


Ajay Choudhary

An enthusiastic and passionate Information Security Professional with more than 1.6 years professional experience across multiple information security domains.

As of the recent few years, my career has taken a path into Information Security, I see this as the best thing that happened to me as I was introduced to this interesting field at the very beginning of my career and getting the much-required exposure to this field which in return manifested my interests in the field of Information Security. I have rubbed shoulders with big-name clients such as National Stock Exchange of India, Kotak Mahindra Bank, Yes Bank, RBL, SVC Bank, FIS Global (Bandhan Bank), ICICI Bank, Reliance Jio, LIC, Other Government Agencies etc performed Vulnerability Assessments and Penetration Tests on various servers and also performed various application security audits for various applications. I enjoy liaising with clients and understand their needs to be able to work with them.

How many years experience do you have within InfoSec?
1 year.

Aside from OSCP, do you have other professional certs and if so what are they?
CEH.

What was the most challenging aspect about passing OSCP?
Enumeration.

What would be your #1 bit of advice for someone attempting to pass OSCP?
Keep an Eye on Enumeration.

Are you a proficient (Python) coder/ programmer and did it help?
Nope.



Nikhil Kumar

Hacking & Security is my speciality. I enjoy challenges in Security implementations, Enterprise Management and reviewing existing network and web application architecture to implement better security.

How many years experience do you have within InfoSec?
I have 4 years experience.

Aside from OSCP, do you have other professional certs and if so what are they?
Certified Ethical Hacker (EC-Council), Offensive Security WiFi Professional (OSWP)

What was the most challenging aspect about passing OSCP?
Privilege Escalation and Buffer Overflow.

What would be your #1 bit of advice for someone attempting to pass OSCP?
Complete at least 30 machines in lab before trying to tackle the exam. Learn buffer overflow before exam: Vivek Ramachandran buffer overflow videos were very helpful for me.

Are you a proficient (Python) coder/ programmer and did it help?
I have intermediate knowledge on Python.

Leave a comment or reply below...thanks!