OSCP

[Jbraithwaite]

Just wanted to pop back in and say Ello! Going through my OSCP training at the moment, and if anyone wanted to get a taste for just hacking the crap out of 50-60 servers and clients, go for it. It's the most fun I've had in a terminal.

Learned a sweet ton off it too and I'm only halfway through my lab time. Recommend it to anyone who feels that the prescribed path is getting boring. Sick of Metasploitable? Webgoat, and all that other stuff? Next step is to sign up for PWK. It's a good ride. Keeps you clean too and cures that hacking itch.

Peace

[akorshikai]

I'm actually about to start OSCP as well. Too busy atm with work, but within a month or so I'll probably do the 60-day lab route. Might see if work will chip in to cover the cost or at least do a telework arrangement one day during the week.

Punched out CISSP earlier this year, but want to challenge myself to something more hands on. Multiple reviews suggest OSCP does not disappoint.

[Jbraithwaite]

If it's practical you want then OSCP won't disappoint. It's as much as anyone needs. True Brain teasers too. Makes Vulnhub look easy.

[ghostheadx2]

What do I do to get a OSCP? Is it more advanced? How long does it take to get an OSCP? Should I focus on CISCO? Isn't OSCP a security cert?

[Jbraithwaite]

The course for OSCP is (PWK) Penetration Testing with Kali Linux. It is lab based and you buy lab time. 30, 60 or 90 days of access. You get video tutorials and a PDF document with tutorials and exercises to complete. There's about 50-60 lab machines to hack into, all varying difficulties. Some can be owned in 2 mins and some in a few days.

The exam is a 24 hour hack on 5 servers. You then have 24 hours to produce your pen test report on how you do it. Score 70-100 and you pass. Fail and you just get told to Try Harder. Resits are cheap.

[liz4rdm4n]

I like the look of OSCP and understand there are no prerequisites. But how much should one know before? Are there recommended certs/experience to equip you for this?

[Jbraithwaite]

No nothing really as everything is shown in the material you get. They require you fix exploits in C sometimes, and don't show you how, but there is a massive amount of googling to be done in this course. It's more about giving you the basics and you fill in the blanks. You don't need to know any languages to do it either but it would help to know how to read C, but that's where stack overflow comes in

[ghostheadx2]

I think it would be nice to know if someone with a linux cert and a networking cert could do OSCP afterwards. Lets say I had CCNA and a Linux cert, would that be enough? I'm thinking of doing this after I get a linux and a networking cert.

[pitabit]

OSCP was one of the best courses that I could do. For me the best one to start in penetration testing. I love their approach, starting with an easy material, then the labs where you can hack more than 100 machines, and the final exam that it's a real challenge.

This course is really oriented to penetration testing, so if you don't want to go in that direction, although you will learn a lot, maybe it's not a good choice (for example, I thinking in an Engineering path).

@ghostheadx2 if you have linux knowledge, CCNA it's good, but the most important one for me, it's the programming knowledge. You will find yourself with shell scripting, python and a bit of C, so it could be good at least to have some basic knowledge in those languages. The good thing with OSCP, is that you have a lot of time, because you can start the course and decide when you want the exam. So, if you are stuck, you can spend more time in some topics (indeed this is even recommended). The most important part of OSCP, is the labs. When you finish the course, try to hack as much machines as you can, and don't forget to write everything you did in the report. This could give some extra points in the final exam that you could need.

[liz4rdm4n]

I currently have Network+, CCNA R&S and soon to be taking Security+.... oh and I code in python. Should I jump straight into OSCP, or should I warm up with CEH or similar security cert?

You also mentioned knowledge in C. Is that strictly C, or C++?