@jjlipp56: Like dynamik said, check out the syllabus pdf. Depending on the reasons you are planning to do this certification, I would recommend being at least a bit familiar with each of the topics before starting the labs. That way you will spend most of the lab time hacking boxes instead of spending that time studying the course materials. If you want to pass the OSCP challenge one of the best preparations is hacking all the lab boxes and therefore starting with 30 days may not enough (and it will be more expensive extending rather than starting with more lab time). Having said that, everyone is different.
Since my last post (30 days into the labs) a lot has happened so for completeness sake I'll post my experience here.
I had taken the 90 days option and close to day 60 I had owned all the labs boxes which left me a lot of time to finish writing the lab report, do the course exercises and prepare for the exam. Some of the boxes were very challenging and in general those were the ones that taught me the most valuable lessons.
Last Saturday I took the OSCP exam and although the results haven't come in yet, I am confident I have passed!
About 6h in I already had the necessary points to pass, 12h in I hacked another box and the last 12h were a waste of time as I didn't get the last (least valuable) box. The exam is challenging and once again you need to prove that you master your skills as well as the ability to think outside of the box. "Try Harder" is what describes this exam best as some boxes may well test the limits of your abilities.
Without saying anything about the exam here are the last tips about this certification.
- During the labs, create cheatsheets with all the commands you use - especially those you don't use that often. Since I started pentesting I've been adding stuff to my cheatsheet and that is a huge time saver. It is definitely the most important weapon in my arsenal.
- Hack all the lab boxes if you can. It's the best way to prepare for the final challenge.
- Write the report as you hack the lab boxes (ideally add to it after you pwn each box). You will thank yourself in the end. Apart from this, use a note taking application to keep track of what you did for each box.
- During the labs, keep a collection of local exploits and enumeration scripts you've used as they can be helpful for other boxes. This will also save you time.
- Take breaks during the exam as your brain will inevitably start melting at some point and you don't want to be making stupid mistakes.
- Like many others have advised before me, automate as much as you can. This not only saves precious time but also ensure you don't miss out on the enumeration phase. I wrote a tool with a colleague of mine which automated most of the enumeration tasks and it proved very helpful during the challenge. I'll take the opportunity to mention that we'll be releasing it soon and all feedback will be very helpful. Sneak preview here: http://www.secforce.com/blog/2014/03/sp ... ting-tool/
That's all folks!
Good luck to anyone doing this certification and don't forget to try harder.