Ever since the start of my career, one of my personal goal was to secure “OSCP” – Offensive Security Certified Professional. It has always been considered the de facto “Ethical Hacker” course and certification… Why? There has never been anything like this course. It provides one of the most realistic lab and an exam that challenges a student with a 100% practical and no MCQ. The only way to achieve an OSCP is to perform a pen test, crack at least 80% of the systems provided within 24 hours on a VPN, document evidences, provide trophies achieved as proof of access/compromise and suggest fixes to secure/patch the identified problems by the next 24 hours!.
I decided to take up this exam as it was recently branded -PWK, boasted new syllabus and contained new lab machines with recent attack vectors. I went through a review from securityweekly.com Security Weekly OSCP Review and finally decided to take the plunge. My goal was to secure root access on all the systems in the PWK course lab and then attempt exam. With a full time job, I could only offer about 4 hours after work and 8 hours on weekends. I cant thank my family enough to have supported me through this, epic journey. I think it makes sense to draft a 5 point preparatory guide that could help a fellow security enthusiast, who is at the cross-roads deciding @before #TryHarder! and wants to crack all the lab machines in the course and exam.
“Give me six hours to chop down a tree and I will spend the first four sharpening the axe” – Abraham Lincoln
5 thing’s that you “could” do before OSCP
- Linux and Windows Command line: There are few good places in the internet like g0tmi1k blog for linux priv esc and Fuzzy Security windows priv esc. They are absolutely fantastic and provide right directions,but i found it useful to have the RTFM book alongside the above two. If you are not well versed with Linux-cmd line and identify misconfigurations, this nebula should get you started with basics of Linux and concepts which is needed in “limited” shells.
- 101 of Web application security: Start spending time on OWASP top 10 and CWE 25. The course does not go into advanced attacks, but does cover all of OWASP top 10 at introductory level. The courseware / videos is quite sufficient to help anyone get started. But considering constant ticking lab time, it is best to use these materials as a revision before jumping into PWK lab. The best online resource is OWAP top 10 and testing against Mutillidae_2_Project
- Simple Programming knowledge: You will need to know simple semantics of programming. Python is easier to pick up and will help you speed up in the course. Go through codecademy python for scripting basics. Also, try to compile few exploits written in C from exploit-db, many of them have script kiddy filters and will need adjustments. (choose targets from CTF machines, point 5)
- 101 of Vanilla Buffer Overflows: The course syllabus, videos and lab assignments are quite awesome. They are tailored to perfection, easily the best hands-on section in the course.They cover both windows and linux systems. If you are an absolute beginner at this, I highly encourage you to go through securitytube.net . Many of these videos, know-hows with registers, functioning of the stack and tracing using immunity debugger will help you immensely all the way.
- CTF’s and Boot2Root: Finally, I think its best to test yourself against few Vulnhub machines based on difficulty and experience level. Which one you may ask?.. I think pwnOS and Kioptrix would be on the scale of medium-hard machines within the lab.
The PWK lab mimics a real breathing IT company i.e – includes users interactions, domain controllers, mail servers, internal portals, file servers, help desk, voip servers and all of the good stuff you can think of.. Prepare like you want to engage in a pen-test and sharpen your skills. Nothing goes a waste, a failed exploit on one is a working exploit on the next! #TryHarder! ..