From the people who bring you BackTrack, there is a great online training and certification program.
I finished all the modules that are covered in the videos and skipped in a fast pace through the last ones in the lab guide. Some topics were complete new for me like ARP spoofing, buffer overflows and client side attacks. Thanks to the good and simple explanation that takes you step by step through the process i managed to get through them with succes. The further i got in the course, the more i was amazed of the knowledge that the course comprehends (and i lack).ou I want to give massive kudo's to the Offensive Security team for this course. You know you are watching/learning from true professionals when they master the difficulty of the art, but make it look easy. This is exactly what they do.
After finishing the modules i started to review the information gathered about the labs you collect through the exercises. The reconnaissance part gives you heaps of info about the targets in the labs, but found out quick enough that i had to start documenting properly. I started with putting all the important information i gathered in the sample test report you receive at the start of the course. This helps in getting that overview of the target and lets you set that aim for your first targets. I tried to spend a full day in the week on this course doing exercises and practicing, and an hour a day to read/watch the material. At this point i am halfway through the 60 days i have, so i recommend everybody to take the 60 day course.
Now we got that out of the way it is time for the interesting part: The lab machines! At this point i only spend a few hours in the lab, which comes to about the 24h you need for the exam. At this point i targeted about three machines. results? Nothing! Remember that feeling i talked about earlier that you can hack the planet? This gets shot into a thousand pieces when you actually start on the lab. At first this got (and still does a little) me really frustrated and insecure about my freshly aquired knowledge, but then again, if it would be a walk in the park everybody would be OSCP certified.
At this point i can identify most of the vulnerabilities that the machines have, and theoretically explain how to exploit them, but when i try the exploits that are discussed in the material in practice i always seem to find a little twist that makes it not work the way it supposed to. The frustration feeling i got with this experience quickly turned into motivation to try harder and get as far as possible in the labs. I got this feeling that once you have hacked your first one, the next few will come within no time, and guess what: i was right! After spending another few hours in the lab i managed to get into a few machines! I see that the difficulty of the machines varies from 1 click hacks to almost impossible. All i can think of now is that this is more challenging and most important, more fun then i could imagine! This is like playing around in the biggest playground there is, and get certified at the same time. Once you have experienced this you will never want to take a normal certification course again!
Users browsing this forum: No registered users and 2 guests