Hello,

I’ll probably take the oscp course this month but i have few questions about it.
About the report, do we have to make a report about the box we could pwn in the lab, or we only have to make a report about the final exam ? (I’m a little bit scared about the report)

How the lab is realistic ? (Is there some fake data, mails… that are transmitted through the differents networks and box that we have to reach, so we might have to sniff the network to steal some credentials… ?)


Thanks for your answers.

The lab is a ton of fun....

I know, right??  This is exactly my problem at the moment: trying to figure out which area I want to dive into.

I too am primarily a Windows guy, at least from my beginnings.  Now I use a Windows system as my main home desktop, a Mac as my laptop and many VMs on both running linux.  I have yet to jump to the level of using my main desktop as linux only because I have so much crap on it that migrating will take some time which I don't have.  Then again I run VMware Workstation/Fusion, so I can always run Linux on the desktop in Fullscreen dual monitor mode and set it up accordingly. 

But I figured I will get some python knowledge, get an understanding of Assembly and also sharpen the Linux skills.  And in my spare time, learn how to analyze malware. 

Windows itself doesn't hold much interest for me, installing it is brain dead easy as well as installing apps.  Securing it has become push button friendly for the basics.  There is a bit more challenge in the server end, but again lots of point/click.  The advanced stuff is a bit more fun, but I rarely come across a client who will be utilizing some of the more advanced security features (GPOs for TPM enabled systems, full certificate based authentication and such). 

Its all a puzzle and that is what makes it fun.