August 17, 2015 at 2:07 am #8835k0rpr1t_z0mb1eParticipant
New to the boards, but been lurking for a bit. I’ve been a professional in info sec as a pen tester and red teamer for about 3 years now. I’ve been wanting to take the OSCP for quite some time but was a bit chicken. I opted for eCPPT and eWPT and crushed those two years ago. Now, i’m taking the plunge with off sec.
I had planned to start today, but was unaware of the wait time 🙁 so now i have two weeks to wait anxiously.
Would anyone have suggestions for prep materials? I’m starting the corelancoder tutorials, but that looks to be more applicable to the OSCE.
Any suggestions/input/advice is welcome 🙂
I started up a new blog since i have a lot of downtime at the moment. And will be tracking my progress both here and on my site.
Feel free to drop me a line in either location, and/or flip me a little sh!t 😉
February 25, 2016 at 11:56 am #54216exifernParticipant
There are no serious prerequisites for such certification.However you need to have a solid understading of network protocols,Kali Linux commands and bash scripting.I would recommend you went for the 3 month course which is enough time to practice on their network and read their instructions (pdf and videos).So where to start?
First of all everything you need is in the course material.Before you sign up I would recommend you watch some videos about ethical hacking.The following ones are very helpful for the course
Also there are some books which can also help you during the course which are: Hackers Playbook 2,Metasploit Unleashed,Penetration Testing:Hands on (by Georgia Weidman). When you believe you are ready to root some machines you can find and download many of them at http://www.vulnhub.com (you download a vulnerable machine and you run it on virtualbox simultaneously with your kali linux).This way you can prepare yourself for the final exam which is quite the same (involves vulnerable machines to be rooted).You can also connect to VPN networks like those which are totally for practice:
For exploits try the Exploit Database from Offensive Security.If you don’t have time for this be sure to watch the videos from Cybrary and practice on vulnhub with the vulnerable machines.You can also find additional help and guidance from Google by typing : OSCP reviews – You will find a lot of help from other students.
Also take a look at those websites about privilege escalations.They will help. http://www.fuzzysecurity.com/tutorials/16.html
And sometimes you may have difficulties finding the correct exploit so download and try those small tools written in python.
Python programming is not essential for the course,although there are some extra exercises in the course about it.However you should try writing some simple scripts.Try to use metasploit as little as possible because in the final exam it is prohibited and you may lose points using it.I suggest you go through the videos first and follow the instructor step by step.When you finish the exam you’ll be required to write a report just a like you would do on a professional pen-test.You are given another 24 hours to write but it should not take more than 4-5.I read about someone writing a 400 page report :-X .There is no need to write a book 😛 .Your report must be around 50 pages.Don’t be frightened by the exam time,it may be 24 hours,but it should take around 10 including a 2-3 hour sleep to refresh.I wish you luck with your exam.The OSCP is clearly the only cert that makes you technically and psychologically ready to perform a pen-test on a clients network.You will be able to get into unknown territories with complete confidence.At least that’s how I felt 😀
The are numerous certs out there about ethical hacking including CEH,LPT,GPEN,eLearn and also security-oriented certs like CISSP,CCNA Sec,Sec+,CISM all of them demanding renewal every 3-4 years (overpriced) and they don’t even teach you how to break stuff,it’s all about theory and multiple choice questions in the end.You can even go for a Msc degree in InfoSec neither that will teach you how to pen-test.It is totally fine if you want to become a security specialist/consultant/teacher but If you want to get into a pen-testing job especially without experience you go for OSCP.Even with the 3 month program it costs about 1100$ which is a very reasonable price for the skills you gain and the time (90 days) to educate yourself. Good Luck
- You must be logged in to reply to this topic.