.

Pass OSCP

<<

uid0

Newbie
Newbie

Posts: 6

Joined: Tue Dec 27, 2011 7:53 am

Post Tue Dec 27, 2011 8:41 am

Pass OSCP

Greetings white hats and hackers!

I decided to take the OSCP but first of all I'd have some questions about this exam.

First: If I learn and understand the course, I will be able to pass?
I have no programming skills.

I'm a 2 years experienced sysadmin with RHCE and CCNA Security as additional certs.

Thanks a lot!

PS: What's the pass procent rate at first attempt?
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Tue Dec 27, 2011 8:50 am

Re: Pass OSCP

Welcome to the forums :)

I think having that level of Linux knowledge is going to help out a lot. You don't need to be an expert programmer, but it would help to start playing around with Python and getting the basics down.

Google has a free two-day course: http://code.google.com/edu/languages/go ... hon-class/ and there are plenty of other Python resources mentioned regularly if you search around the forums a bit.

I don't think they publish pass percentages, but this is a fairly difficult exam. Unlike most others, technical knowledge alone won't get you through this. You really need to have the right mindset and be good at solving puzzles, organizing and correlating information, etc.
The day you stop learning is the day you start becoming obsolete.
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Tue Dec 27, 2011 9:37 am

Re: Pass OSCP

The course and course syllabus are merely a suggestion or a way to "point you in the right direction." There is quite a bit of outside research that you'll go through on your own. Don't get me wrong, the course materials are very valuable but its not a typical course/exam like you're probably used to.
<<

Solinus

Newbie
Newbie

Posts: 31

Joined: Mon Sep 03, 2007 6:33 pm

Location: Cape Cod

Post Tue Dec 27, 2011 11:36 am

Re: Pass OSCP

This is a great course to aim for, but you need to have something to stand on when you get there. There are plenty of great sites out there with all kinds of hacking challenges as well as vulnerable VM's that you can download and test yourself on. This site as well as others have exercises to try as well. This is not like sitting and writing in memorized answers, it is a practical and will take more work to get ready for.
Kerry
MCITP:EA | MCTS(x5) | MCSA+ | MCSE+ | Security + | CCNA | WCSP |
DSCE | PCT |CIW Security Analyst | CSSA
<<

Florin

Newbie
Newbie

Posts: 29

Joined: Thu May 03, 2007 8:57 am

Post Tue Dec 27, 2011 4:16 pm

Re: Pass OSCP

If you learn and understand the course and spend some time (meaning hacking) in the lab then you will be ok.
Advanced programming skills are not really needed, just basic bash/python scripting is needed.
Security+, OSCP, CISM, CISSP
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Tue Dec 27, 2011 5:50 pm

Re: Pass OSCP

Hello uid0,

Welcome aboard ! The exam is pretty hardcore I thought but if you understand all the concepts enough and practice in the VPN labs, you should be able to get a passing score. It sounds like you have solid linux and networking experience, but PWB is a highly Offensive Attacking course. How are you pen testing skills? Have you used Metasploit, are you familiar with nmap, do you know how to perform Web App attacks, privilege escalation? Though the course will teach most of these, it's best to have experience doing/using these prior to walking in just to make sure your comfortable. What I listed off was of course a minor subset of the topics you'll cover.

I would even say just practicing as much as you can that is inside the PWB syllabus with VMs for a little bit would help you out. Lab time is so precious in the course. Being unfamiliar with some tools may take away from lab time when your having to research them. I would highly recommend going with the 90 days lab access just to make sure your fully prepped for the examination.

You don't need to be a good coder but even understanding the basics helps out. Dynamik's link is great to get you started with python, there's also this useful thread. Another great resource for you would be the OSCP Section here on the forum. This is great because there's 4 pages of information of folks who have taken the course, are getting ready for it, and have wanted similar suggestions like yourself. Here is my PWB v3 Review - I think it's a great read because I listed off some of my background prior to going in. Cd1zz's Review is also great.

Ultimately my main advice is although you fit the pre-reqs, I would get well familiar with the syllabus before officially signing up. Setup your own lab and practice in it! Learn some python. Purchase the 90 days just be make sure you'll be well prepped, and prepare for some pain (:
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

uid0

Newbie
Newbie

Posts: 6

Joined: Tue Dec 27, 2011 7:53 am

Post Wed Dec 28, 2011 8:03 am

Re: Pass OSCP

Hi everyone,

Thank you for being so kind.

@xXxKrisxXx I'm familiar with tools such sniffers/scanners linke tcpdump or nmap.

I dont't know what metasploit is, never used it. Google it but I'm not sure what should I do.

Also, syllabus = prereqs?

I would estimate my networking/*NIX skills as being high but only on the whitehat side. That's why I'm emotive about this exam.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed Dec 28, 2011 9:30 am

Re: Pass OSCP

@uid0 - see the following, RE: Metasploit:

http://www.offensive-security.com/metas ... y_Training

This is where, as noted, you'll have to be prepared to do a lot of Googling and outside research.  OSCP teaches a lot, but they also rely on your abilities to dig and research (just as you would in a real pentest, in real-life.)

As for the syllabus, it'll give you an idea of what will be covered in the class, so that YOU can decide for yourself, whether or not you're ready, or you feel you need to brush up on some areas, before taking the class.

Good luck, and if more questions, ask away!
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Wed Dec 28, 2011 9:37 am

Re: Pass OSCP

If you consider yourself to be strong with *nix and networking, I honestly think you're in better shape than a lot of people when they start this one.

I wouldn't consider the syllabus to be prereqs (the course will teach you a lot along the way ;)), but if you see something on there where you feel like you're totally clueless, you should probably brush-up on that a bit before trying the course. You want to get the most out of the lab time you pay for, so you don't want to squander that learning how to perform basic activities. Aside from that, there aren't any time constraints, so if you get stuck, you can always branch out and study that item, and then return to the course at a later date. You may want to start with only 30 days lab time to get a taste of what it's like, and then add more whenever you feel ready. It'll be slightly more expensive if you go that route, but that might be better than having more time available before you're ready for it.

Here're some Metasploit resources to get you started:
http://www.offensive-security.com/metas ... y_Training

http://www.amazon.com/Metasploit-Penetr ... 159327288X

Metasploit can be kind of intimidating at first since it's probably unlike anything you've used in the past. However, it's really not bad at all once you get into it.

If you want to get started, just download BackTrack and load it up in a VM (Virtual Box, VMware Player or Workstation) along with a vulnerable distro (Metasploitable, Damn Vulnerable Linux) and start playing around.

Edit: I'm too slow for Hayabusa :(
Last edited by dynamik on Wed Dec 28, 2011 9:40 am, edited 1 time in total.
The day you stop learning is the day you start becoming obsolete.
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Wed Dec 28, 2011 9:54 am

Re: Pass OSCP

I'd say the same as dynamik said. If you are already that familiar with linux and networking, you shouldn't have too much troubles to get through it.

If you don't have any programming experience and don't know the very basic concepts such as loops etc. at all, you might want to spend some time on it prior of starting the course. This way you won't spend too much of your lab time to go through with such basic things and you can concentrate on the main topics. Otherwise it shouldn't be too hard to pick up those things during the course. Although programming is involved and it certainly helps if you can read some easy assembly instructions and adjust existing exploits to your needs (which is also covered in the course materials), it shouldn't be a problem to go through the course materials and eventually pass the exam.
<<

uid0

Newbie
Newbie

Posts: 6

Joined: Tue Dec 27, 2011 7:53 am

Post Wed Dec 28, 2011 11:37 am

Re: Pass OSCP

Two additional questions please:

- about the 30 days, they count the VPN connection time or the calendar entries?

- If I fail, can I retake the exam only without any additional fees like VPN?

Thank you!

@dynamik ??????? damn vulnerable linux ????? Never heard of it but I'll try it for sure!!! Haha this is gonna be fun.
Last edited by uid0 on Wed Dec 28, 2011 11:39 am, edited 1 time in total.
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Wed Dec 28, 2011 11:49 am

Re: Pass OSCP

You get 30/60/whatever calendar days. The clock unfortunately starts immediately with the course. I personally wish you could choose when to start it, so you could get a bit more familiar with the material first, but that was not an option the last time I checked.

I believe you'll need to pay for a retake, but I can't recall what the price is.

There are a lot of vulnerable systems available: http://g0tmi1k.blogspot.com/2011/03/vul ... esign.html That should keep you busy :o

Also, just installing vanilla client/server versions of Windows with no patches and a few services running will work as well.
The day you stop learning is the day you start becoming obsolete.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed Dec 28, 2011 1:12 pm

Re: Pass OSCP

dynamik wrote:Edit: I'm too slow for Hayabusa :(


BWAHAHAHAHA!!!!  <kidding>

dynamik often beats me to the punch, as I'm tied up with other things.  But I got him this time!

Edit: BTW, the other book dynamik posted about is great, also.  It's sitting on my desk, as we speak.
Last edited by hayabusa on Wed Dec 28, 2011 1:17 pm, edited 1 time in total.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

uid0

Newbie
Newbie

Posts: 6

Joined: Tue Dec 27, 2011 7:53 am

Post Fri Dec 30, 2011 2:47 am

Re: Pass OSCP

Guys,

This guy claims:
The course / test challenge packages start at $750 US with cert retakes available for $60 if you don't succeed on your first attempt.


http://netsecurity.about.com/b/2011/07/ ... t-cred.htm


So the retake isn't a full $750+$60?
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Fri Dec 30, 2011 5:06 am

Re: Pass OSCP

Yes, the retake will cost you only $60. No need to buy a lab extension. Although if you haven't got all machines in the lab and failed the exam, it might be worth to extend your lab time for 15 or 30 days.
Next

Return to OSCP - Offensive Security Certified Professional

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software