[OSCP]Suggestions on how to fulfill the prerequisites

Viewing 24 reply threads
  • Author
    Posts
    • #7949
      Nicolas.Bourbaki
      Participant

      Hello Guys,

      My name is Nicolas, I am 22 and I am writing from east part of Europe.

      I have worked for 2 years and half in a 2nd level technical support team (quite generic: Windows, Mac OS X, Networks, Office) and now I have 1 year contract with an American Telecommunications Company and I work as Network Specialist (2nd level Support).
      I remotely support the network infrastructures of some companies, and we have to provide technical support on Cisco devices (Routers and Switches), assure the continuity of the service and the network performance, implementing changes (configuration changes), and so on..

      The only certification I hold is the Cisco CCNA.

      On March 2013 my 1-year-contract will be expired, and what I want to do, is to go back to my home country, and be focused for 2/3months in a row on OSCP course and try to get the certification, in order to move my career towards a new position as penetration tester.

      Since September, I am also enrolled in a Bachelor of Science in Engineering, Distance Learning Program.

      From now to March, I would like to as much as possible to fulfill some prerequisities I think is nice to have before starting the OSCP class.

      At the moment I have the following IT skills:
      – Very good knowledge of Windows OS;
      – Good knowledge of Mac OS X OS;
      – Basic GNU/Linux knowledge;
      – Basic SQL and Programming languages knowledge(I am doing Java J2Se class this semester, at my Uni, and during my high school I have studied a bit C and C++);
      – Good knowledge of HTML and CSS;
      – Good Network knowledge (CCNA level, with some elements of CCNP switch).

      And I would like to gain this:
      – General Network Security;
      – GNU/Linux (Backtrack);
      – Python;

      About Python, I have bough the book “Think Python”
      http://www.amazon.co.uk/Think-Python-Allen-B-Downey/dp/144933072X/ref=tmm_pap_title_0?ie=UTF8&qid=1349784319&sr=1-8

      About the other 2 sections, I would like to receive some hints from you, if is possible.

      I would like to receive also some feedbacks/suggestions about my idea to gain the prerequisites needed and If I need something more/else in order to achieve the certification

      Thanks!
      Nicolas.

    • #50395
      prats84
      Participant

      As per the faq on the offsec webiste you need knowledge of TCP/IP, networking and linux skills.
      The course itself says you do not have to be a programmer.
      A bit of scripting/programming does make life easier.

    • #50396
      hayabusa
      Participant

      @prats84 wrote:

      As per the faq on the offsec webiste you need knowledge of TCP/IP, networking and linux skills.
      The course itself says you do not have to be a programmer.
      A bit of scripting/programming does make life easier.

      That’s pretty much it, for ‘required’ knowledge.  As I’ve told others, a little pre-requisite BASH / scripting knowledge won’t hurt, either.

      Good luck, and ask questions along the way, whether here, or on the offsec forums / irc channels.  If you don’t understand something, ask for help to understand it, but also know that you’ll be expected to learn and research a lot, for yourself, as well.

    • #50397
      shadowzero
      Participant

      Some of the older exploits are written in C and perl, so being able to read that is a plus. The course seems to prefer programming in python and bash, so it’s good to have that under your belt. No need to master it, but you should be able to do basic math, string manipulation, and sockets.

      You can also prepare for the course by challenging some of the vulnerable virtual machines available online ( http://boot2root.info/ ). They’re free, most of them already have solutions online, and they’re good practice. Try to solve them on your own – in the offsec labs you’ll be encouraged to do the same.

      Good luck!

    • #50398
      Nicolas.Bourbaki
      Participant

      First of all, thanks to both.

      Second of all: what do you think about my small roadmap before March?
      Grasp a bit of Python, Network Security in general and GNU/Linux knowledge?

      May you suggest any books for the security?
      Beside of Think Python, I thought might be interesting get this book as well:
      “The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy”
      (http://www.amazon.co.uk/Basics-Hacking-Penetration-Testing-Syngress/dp/1597496553/ref=sr_1_9?s=books&ie=UTF8&qid=1349786171&sr=1-9#reader_1597496553)

      Regarding GNU/Linux, I will start by download a backtrack image and I will put it in a VM on my Mac Air, it has 1GB of Ram, but I guess will be enough until march, to know at least a bit about moving file, directories management, assign rights to the user, change file permissions, create simple scripts and so on, it won`t take too much hopefully.

      So, I believe that in march/april I will be able to do about 30/40hours per week (I will not work as I said, I will have only college courses i guess) and have the following IT skills:
      Windows, GNU/Linux, Mac, routing, switching, TCP/IP, Python/Java/SQL (basic), probably enough to start.

      According to ShadowZero, I will try to get a bit of knowledge of C as well, I have the K&R at home and I can review it for a bit 😀

      Once I will be enrolled in the class, of course I will post my questions and my doubts, it will be really important to me also because I cannot take more than 3/4 month without a job, and hopefully with that I can start straight into the new career path!

    • #50399
      dynamik
      Participant

      You might find this thread to be useful. It was pretty good until it got derailed: http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,9115.0/

      Edit: 1GB is pretty lean for a system running VMs. You may find that to be limiting.

      Edit 2: Welcome to the forums!

    • #50400
      Nicolas.Bourbaki
      Participant

      @ajohnson wrote:

      You might find this thread to be useful. It was pretty good until it got derailed: http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,9115.0/

      Edit: 1GB is pretty lean for a system running VMs. You may find that to be limiting.

      Edit 2: Welcome to the forums!

      Thanks for the welcome Ajohnson!

      Yeah, I have gave a look already to that thread, but it gets messed up after some posts.

      About the Laptop, yeah, I know 1GB is gonna be probably not enough, but I think would be at least enough to discover and try some bash scripts and console/shell commands.

    • #50401
      Nicolas.Bourbaki
      Participant

      Finally I have placed my order on Amazon, and I have bought:
      – Learning Python;
      – bash Pocket Reference;
      (both published by O`Reilly)
      And
      – “The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy”
      (published by Syngress)

      Other books I have at home, which might be usefull are:
      – Cisco press certification guide for ICND1&ICDN2
      – Cisco press certification guide for CCNP (Routing and Switching)
      – Kernighan & Ritchie “The C Programmin Language”.

      As seen that I have already a good background in Networking, I will be just reviewing some topics time to time.
      Probably I won`t read to much about CCNP at the moment.

      What I will try to do, is to read and try some example of Python and get a brief overview of C as well.
      Do not need to become an hard coder, but understand the code, and being able to modify it and to know the reason why I am doing certain things instead of others, I guess will be enough.

      Now I just have to download a distro, probably I will go for Ubuntu (even if probably something lighter would be better according to my laptop esouce) and play a bit with the shell and know a bit about the system, maybe I can try to create easy shell script.

      The material should be delivered in around 4-10 business days, hope those books will be great!

    • #50402
      prats84
      Participant

      Once you read a little basic of python. You can enrol for Securitytube python scripting expert course.. its about $250 and the course starts from basic and goes advanced; course is aimed to target ethical hacking/networking aspects of python.

      http://securitytube-training.com/certifications/securitytube-python-scripting-expert/

    • #50403
      Nicolas.Bourbaki
      Participant

      I know the class, I think might be a really well program for me, but I guess will be less expensive reading the book and then go ahead with Violent Python, or a book like that, to grasp some new concepts, as seen I do not need to be fluent.

      Furthermore, I have to save 1000$ for the exams, and I guarantee you that in East of Europe this might take around 3/4 months, I cannot efford too many expenses.

    • #50404
      Nicolas.Bourbaki
      Participant

      I have decided to go for the SecuryTube Python certification in 2 weeks (when I will receive my salary :D)

      I think is a good way to reach an high-level of Python (and a nice-to-have certification) in a really rapid way.

      I will use all the next 5/10 days to read the book I have bough, just to grasp some basic concepts, then I will go ahead with the cert.

      Somebody has done it or is doing it?
      How long does it take approximately, by starting with a basic knowledge of programming language?

      Thanks guys!

    • #50405
      shadowzero
      Participant

      @Nicolas.Bourbaki wrote:

      I have decided to go for the SecuryTube Python certification in 2 weeks (when I will receive my salary :D)

      I think is a good way to reach an high-level of Python (and a nice-to-have certification) in a really rapid way.

      I will use all the next 5/10 days to read the book I have bough, just to grasp some basic concepts, then I will go ahead with the cert.

      Somebody has done it or is doing it?
      How long does it take approximately, by starting with a basic knowledge of programming language?

      Thanks guys!

      Depends on how fast you’re able to grasp the concepts and what programming background you might already have. You can’t learn programming just from reading though, you need practice and lots of it. It also helps if you can interact with other programmers (at work for instance, or friends) and share code with them.

    • #50406
      cd1zz
      Participant

      Best way in my opinion to learn, is to have a problem and solve it with python. Its such a fantastic language to learn simply because there is SO much community support and resources available.

    • #50407
      Nicolas.Bourbaki
      Participant

      I know Java J2SE a bit, because I have it into my PRG class at Uni.
      Furthermore I was developing simple stuff in Python around 4/5 years ago, like simple portscanner or stuff like this, obviously now I cannot remember almost anything.

      I do not know how much I can dedicate, but I pretty much can code 6/7/10 hours weekly, besides my job and besides my Uni courses.

      P.S: And how is the exam mode for that?

    • #50408
      Nicolas.Bourbaki
      Participant

      Sorry for another post.

      I have seen this cert. as well: eCPPT

      What do you suggest as starting point?
      OSCP or eCPPT?

      Or are “similar” and one of them is enough?

      Thanks!

    • #50409
      Shock
      Participant

      @Nicolas.Bourbaki wrote:

      Sorry for another post.

      I have seen this cert. as well: eCPPT

      What do you suggest as starting point?
      OSCP or eCPPT?

      Or are “similar” and one of them is enough?

      Thanks!

      If you don’t think you’re ready to take the OSCP, you can take the eCCPT. The cert is basically a stepping stone to taking the OSCP and is treated as such by most people here.

      If you think you’re ready to take the OSCP, then simply take it and don’t bother with the eCCPT.

    • #50410
      Nicolas.Bourbaki
      Participant

      Probably starting with eCPPT would be better, because I am coming from a Technical Support Field, mainly focused on Networking, and I do not have experience in the Security field.

      Next week I am probably planning to start the SecurityTube certification of Python, and I would say once got it, I`ll try to figure out what can I do, because until March I will be working and Studying (college), so not such big time, after that I will be unemployed due to the expiration of my contract and I can focus more.

      I would prefer cover my knowledge lack in this months, so mainly python, bash, GNU/Linux.

    • #50411
      m0wgli
      Participant

      I did the eCPPT with the intention of doing the OSCP after, although I haven’t started the OSCP yet (so I can’t really comment on the progression between the courses). However,  I found the eCPPT really useful and learned a lot from it.

      If you haven’t seen them, there are a couple of good reviews on the eCPPT here:

      http://www.ethicalhacker.net/content/view/420/2/
      http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,8818.0/

      Armando (Lead author of elearnSecurity courses) himself acknowledges that for many eCPPT > OSCP is considered a natural path.

      http://security.stackexchange.com/questions/2419/comparing-online-security-courses-elearnsecurity-vs-offensive-security

    • #50412
      Nicolas.Bourbaki
      Participant

      Thanks for the links, I had read them before.

      Next week, maximum in 2, I will start the SecurityTube Python class, and I hope to get the certification in a couple of Months maximum.

      In the meanwhile, I will start to see a bit of Linux and Bash scripting, in order to reach March with a solid knowledge of Python, a good command of Linux and Bash, TCP/IP&Network Knowledge and so on.

      According to my salary, do the 2 courses (eCPPT and OSCP) will be too expensive, so I think I will be go straight with OSCP, maybe will be more difficult but If I will be able to manage I will probably cover a best range in a deeper way.

      I would like to have, in July or August, the following cert:
      CCNA, SecurityTube Python, OSCP and try to look up for a new job in Scandinavia or in UK, according to the market.

    • #50413
      m0wgli
      Participant

      With regards to Linux and bash scripting I found the following to be a useful resource:

      http://www.amazon.co.uk/Linux-Command-Shell-Scripting-Bible/dp/047025128X

      Note: There is a second edition, my experience is based off of the first edition.

    • #50414
      Nicolas.Bourbaki
      Participant

      Great Man, I will give a look as soon as I will have the money!

    • #50415
      Nicolas.Bourbaki
      Participant

      Hello Guys,

      I have chosen to enroll into the SecurityTube Training for Pythong Scripting Expert.
      Later today or tomorrow I will pay the fee and I will start the class, I do not know how long it will take, according to my job and my classes at college, but i will try to do as much as possible, even if I am not in hurry, I have time before March.

      I hope anyway to reach a good level of coding in few months, maybe before January.

      Do you think the class is good for a novice?
      I know is ok because it starts from the beginning, but it refers only to the Python part.
      I do not know if I will understand all the theory (if there is theory) behind attacks and so on.

      But it does not seems pre-requisites so I think I will try anyway!

    • #50416
      hayabusa
      Participant

      I think vivek’s stuff will indoctrinate you, nicely.  I’ve been programming for years, and still want to go through that course, as well, to get the perspectives, and pick up on tricks and methods that others use.  But based solely on what I’ve seen from his other offerings, I think you’ll learn a lot, regardless of your current level.

    • #50417
      Nicolas.Bourbaki
      Participant

      I have enrolled right now, I will receive new informations tomorrow, according to their mail.

      I will keep track of my progress here: http://grrlz.tumblr.com/
      (Tomorrow or as soon as I will have time, I will add the comment and maybe change a bit the template).

    • #50418
      sh4d0wmanPP
      Participant

      I did face the same challenge as you and have just signup and started eCPPT.

      The reason for choosing this course is that my web-pentesting skills are weak. This course offers a good explanation, haven;t tried out their lab yet but will do it later on.

      I know most of the info I got but putting it in a clear order makes it more easy to put together. Will write up something after I went through all material and the exam so stay tuned haha.

      For OSCP preparations I recommend to read through their live training story: http://www.offensive-security.com/offsec/pwb-in-the-caribbean-part-1/

      It points out some of the PWB focus and you can research these items youself beforehand.

Viewing 24 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?