Beginners questions to OSCP

This topic contains 6 replies, has 4 voices, and was last updated by  bahr 4 years, 11 months ago.

  • Author
    Posts
  • #8749
     bahr 
    Participant

    Hi there,

    I’m working as a fulltime developer, and want to make my career change into penetration testing and security. Now the last 6 months, I’ve read mostly about networking and tcp/ip etc. to get a refresher on these things. I’ve decided that I want to do the OSCP, to get some hands on experience and introduction into penetration testing, hopefully something that could kickstart my career as a penetration tester.

    My background info is like:
    – Programming experience about 4 years fulltime, mostly .NET, Javscript, and some basic Python
    – Working knowledge of TCP/IP, I’ve been reading up on HTTP, DNS, packet sniffing, sockets etc.
    – Used Linux/Ubuntu on/off for several years, so I know my way around in a shell, but I’m not like an expert in system administration on linux.
    – Know basic use of wireshark, tcpdump, nmap to some degree.

    So my plan is to go ahead with OSCP, to get myself a systematic, structured and hands-on introduction to penetration testing. Realistically I would probably have like 2 hours / day in weekdays to study + the entire weekends. Since I don’t have any experience, I have a lot to learn, so I’m wondering whether 90 days at all will be enough.

    Therefore I plan to only signup for 30 days of lab time, to get the course material and videos, and study it (and in that time, I probably won’t use the labs that much, since I’m reading I guess?), and then when I feel ready to give the labs a shot, I plan to repeatedly extend with 30 days until I feel I’m ready to take the exam.

    Do you think this a reasonable approach in my case? Or would I better of signing up for full 90 days of lab time to begin with? Or should I try out playing with my own labs first like metasploitable, or something different before taking the course?

  • #53958
     m0wgli 
    Participant

    @bahr wrote:

    Therefore I plan to only signup for 30 days of lab time, to get the course material and videos, and study it (and in that time, I probably won’t use the labs that much, since I’m reading I guess?), and then when I feel ready to give the labs a shot, I plan to repeatedly extend with 30 days until I feel I’m ready to take the exam.

    Do you think this a reasonable approach in my case? Or would I better of signing up for full 90 days of lab time to begin with?…

    I’d personally start with the 30 day option, and then make a decision regarding any extension periods after your experience with the course materials and labs.

    You’re only looking at a $100 difference between going with 30 days lab access and then adding another 60 days, as opposed to purchasing 90 days outright.

  • #53959
     bahr 
    Participant

    Thank you for your answer πŸ™‚

    Do you think,that I would be ready to take the OSCP now with my current background?

    I’ve read most of the reviews, and some say that OSCP is a great introduction course to PT, where others seem to struggle even though they had some experience with PT.

    I have no experience in PT. I consider myself a quick learner, but I’m really lost in regards to whether I should signup now or if I should do some further studying before I signup.

  • #53960
     UNIX 
    Participant

    I think your background is better than as of many others who have taken the course, so I wouldn’t worry too much about it. Like m0wgli, I too would sign up initially for 30 days and see how it goes. If you are in no hurry, you could try a couple vulnerable vms (for example, see vulnhub.com) before enrolling in the course, but based on your description I’d say you could start any time.

  • #53961
     m0wgli 
    Participant

    I agree with UNIX, based on your description you should be able to start any time you want.

    Regarding vulnerable VM’s, take a look at the lower levels for De-Ice and Kioptrix , as well as the Metasploitable VM’s to start with.

  • #53962
     KrisTeason 
    Participant

    Hey bahr,

    Great to see another programmer on here interested in penetration testing. While everyone is saying go for it, I was looking at your background along with how much time you have to study throughout the week. 2 hours each day throughout the week is going to be hard to progress in the lab environment.

    I don’t look at PWK as an introductory course. It’d be best if you had some hands-on experience before going through the course. Start with vulnerable VMs, and practice with a bit with Metasploit and Nmap a bit before walking in. You don’t want to be completely lost while going through the content. The course lab days are very valuable because they are not only what your paying for but they are how you get your hands-on experience throughout PWK.

    Purchasing 30 days lab access is a good way to get your hands on the content. Eventually your going to reach a point after watching the videos and going through the accompanying pdf guide that you’re going to want to apply it in the lab environment. The only negative about purchasing time in 30 day increments: it’s cheaper to go purchase the days in bulk.

    Your background is fine enough to start the course, because you know your way around a shell and have the basic working knowledge of tcp/ip but it’s geared toward hands-on attacking. The only way you’re going to get this is by studying on your own and practicing in the lab. I recommend self-studying up before officially walking into the course. You’ll save money and stress in the long run if you have the basics down before walking into the course.

  • #53963
     bahr 
    Participant

    Thank you for all your answers!

    I think I will give myself a month more in prepartion playing with some vulnerable VM’s, metasploit and nmap, and then begin the course πŸ™‚

You must be logged in to reply to this topic.

Copyright Β©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?