[OSCP]Suggestions on how to fulfill the prerequisites

[Nicolas.Bourbaki]

Hello Guys,

My name is Nicolas, I am 22 and I am writing from east part of Europe.

I have worked for 2 years and half in a 2nd level technical support team (quite generic: Windows, Mac OS X, Networks, Office) and now I have 1 year contract with an American Telecommunications Company and I work as Network Specialist (2nd level Support).
I remotely support the network infrastructures of some companies, and we have to provide technical support on Cisco devices (Routers and Switches), assure the continuity of the service and the network performance, implementing changes (configuration changes), and so on..

The only certification I hold is the Cisco CCNA.

On March 2013 my 1-year-contract will be expired, and what I want to do, is to go back to my home country, and be focused for 2/3months in a row on OSCP course and try to get the certification, in order to move my career towards a new position as penetration tester.

Since September, I am also enrolled in a Bachelor of Science in Engineering, Distance Learning Program.

From now to March, I would like to as much as possible to fulfill some prerequisities I think is nice to have before starting the OSCP class.

At the moment I have the following IT skills:
- Very good knowledge of Windows OS;
- Good knowledge of Mac OS X OS;
- Basic GNU/Linux knowledge;
- Basic SQL and Programming languages knowledge(I am doing Java J2Se class this semester, at my Uni, and during my high school I have studied a bit C and C++);
- Good knowledge of HTML and CSS;
- Good Network knowledge (CCNA level, with some elements of CCNP switch).

And I would like to gain this:
- General Network Security;
- GNU/Linux (Backtrack);
- Python;

About Python, I have bough the book "Think Python"
http://www.amazon.co.uk/Think-Python-Allen-B-Downey/dp/144933072X/ref=tmm_pap_title_0?ie=UTF8&qid=1349784319&sr=1-8

About the other 2 sections, I would like to receive some hints from you, if is possible.

I would like to receive also some feedbacks/suggestions about my idea to gain the prerequisites needed and If I need something more/else in order to achieve the certification

Thanks!
Nicolas.

[prats84]

As per the faq on the offsec webiste you need knowledge of TCP/IP, networking and linux skills.
The course itself says you do not have to be a programmer.
A bit of scripting/programming does make life easier.

[hayabusa]

As per the faq on the offsec webiste you need knowledge of TCP/IP, networking and linux skills.
The course itself says you do not have to be a programmer.
A bit of scripting/programming does make life easier.

That's pretty much it, for 'required' knowledge.  As I've told others, a little pre-requisite BASH / scripting knowledge won't hurt, either.

Good luck, and ask questions along the way, whether here, or on the offsec forums / irc channels.  If you don't understand something, ask for help to understand it, but also know that you'll be expected to learn and research a lot, for yourself, as well.

[shadowzero]

Some of the older exploits are written in C and perl, so being able to read that is a plus. The course seems to prefer programming in python and bash, so it's good to have that under your belt. No need to master it, but you should be able to do basic math, string manipulation, and sockets.

You can also prepare for the course by challenging some of the vulnerable virtual machines available online ( http://boot2root.info/ ). They're free, most of them already have solutions online, and they're good practice. Try to solve them on your own - in the offsec labs you'll be encouraged to do the same.

Good luck!

[Nicolas.Bourbaki]

First of all, thanks to both.

Second of all: what do you think about my small roadmap before March?
Grasp a bit of Python, Network Security in general and GNU/Linux knowledge?

May you suggest any books for the security?
Beside of Think Python, I thought might be interesting get this book as well:
"The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy"
(http://www.amazon.co.uk/Basics-Hacking-Penetration-Testing-Syngress/dp/1597496553/ref=sr_1_9?s=books&ie=UTF8&qid=1349786171&sr=1-9#reader_1597496553)

Regarding GNU/Linux, I will start by download a backtrack image and I will put it in a VM on my Mac Air, it has 1GB of Ram, but I guess will be enough until march, to know at least a bit about moving file, directories management, assign rights to the user, change file permissions, create simple scripts and so on, it won`t take too much hopefully.

So, I believe that in march/april I will be able to do about 30/40hours per week (I will not work as I said, I will have only college courses i guess) and have the following IT skills:
Windows, GNU/Linux, Mac, routing, switching, TCP/IP, Python/Java/SQL (basic), probably enough to start.

According to ShadowZero, I will try to get a bit of knowledge of C as well, I have the K&R at home and I can review it for a bit

Once I will be enrolled in the class, of course I will post my questions and my doubts, it will be really important to me also because I cannot take more than 3/4 month without a job, and hopefully with that I can start straight into the new career path!

[ajohnson]

You might find this thread to be useful. It was pretty good until it got derailed: http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,9115.0/

Edit: 1GB is pretty lean for a system running VMs. You may find that to be limiting.

Edit 2: Welcome to the forums!

[Nicolas.Bourbaki]

You might find this thread to be useful. It was pretty good until it got derailed: http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,9115.0/

Edit: 1GB is pretty lean for a system running VMs. You may find that to be limiting.

Edit 2: Welcome to the forums!

Thanks for the welcome Ajohnson!

Yeah, I have gave a look already to that thread, but it gets messed up after some posts.

About the Laptop, yeah, I know 1GB is gonna be probably not enough, but I think would be at least enough to discover and try some bash scripts and console/shell commands.

[Nicolas.Bourbaki]

Finally I have placed my order on Amazon, and I have bought:
- Learning Python;
- bash Pocket Reference;
(both published by O`Reilly)
And
- "The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy"
(published by Syngress)

Other books I have at home, which might be usefull are:
- Cisco press certification guide for ICND1&ICDN2
- Cisco press certification guide for CCNP (Routing and Switching)
- Kernighan & Ritchie "The C Programmin Language".

As seen that I have already a good background in Networking, I will be just reviewing some topics time to time.
Probably I won`t read to much about CCNP at the moment.

What I will try to do, is to read and try some example of Python and get a brief overview of C as well.
Do not need to become an hard coder, but understand the code, and being able to modify it and to know the reason why I am doing certain things instead of others, I guess will be enough.

Now I just have to download a distro, probably I will go for Ubuntu (even if probably something lighter would be better according to my laptop esouce) and play a bit with the shell and know a bit about the system, maybe I can try to create easy shell script.

The material should be delivered in around 4-10 business days, hope those books will be great!

[prats84]

Once you read a little basic of python. You can enrol for Securitytube python scripting expert course.. its about $250 and the course starts from basic and goes advanced; course is aimed to target ethical hacking/networking aspects of python.


http://securitytube-training.com/certifications/securitytube-python-scripting-expert/

[Nicolas.Bourbaki]

I know the class, I think might be a really well program for me, but I guess will be less expensive reading the book and then go ahead with Violent Python, or a book like that, to grasp some new concepts, as seen I do not need to be fluent.

Furthermore, I have to save 1000$ for the exams, and I guarantee you that in East of Europe this might take around 3/4 months, I cannot efford too many expenses.

[Nicolas.Bourbaki]

I have decided to go for the SecuryTube Python certification in 2 weeks (when I will receive my salary )

I think is a good way to reach an high-level of Python (and a nice-to-have certification) in a really rapid way.

I will use all the next 5/10 days to read the book I have bough, just to grasp some basic concepts, then I will go ahead with the cert.

Somebody has done it or is doing it?
How long does it take approximately, by starting with a basic knowledge of programming language?

Thanks guys!

[shadowzero]

I have decided to go for the SecuryTube Python certification in 2 weeks (when I will receive my salary )

I think is a good way to reach an high-level of Python (and a nice-to-have certification) in a really rapid way.

I will use all the next 5/10 days to read the book I have bough, just to grasp some basic concepts, then I will go ahead with the cert.

Somebody has done it or is doing it?
How long does it take approximately, by starting with a basic knowledge of programming language?

Thanks guys!

Depends on how fast you're able to grasp the concepts and what programming background you might already have. You can't learn programming just from reading though, you need practice and lots of it. It also helps if you can interact with other programmers (at work for instance, or friends) and share code with them.

[cd1zz]

Best way in my opinion to learn, is to have a problem and solve it with python. Its such a fantastic language to learn simply because there is SO much community support and resources available.

[Nicolas.Bourbaki]

I know Java J2SE a bit, because I have it into my PRG class at Uni.
Furthermore I was developing simple stuff in Python around 4/5 years ago, like simple portscanner or stuff like this, obviously now I cannot remember almost anything.

I do not know how much I can dedicate, but I pretty much can code 6/7/10 hours weekly, besides my job and besides my Uni courses.

P.S: And how is the exam mode for that?

[Nicolas.Bourbaki]

Sorry for another post.

I have seen this cert. as well: eCPPT

What do you suggest as starting point?
OSCP or eCPPT?

Or are "similar" and one of them is enough?

Thanks!