On December 1st, I took the Offensive Security Certified Professional (OSCP) exam and successfully earned my certification. For those unfamiliar with OSCP, it is a hands-on training course and certification offered by Offensive Security. The content it focuses on is immense; Everything from SQL injection to writing your own remote buffer overflow exploits is covered by the course e-book and videos. There is also lengthy coverage of how to properly enumerate hosts and take inventory of an entire network.
The content alone provides a decent introduction to each topic. The labs, however, are where the course really shines in my opinion. The OSCP labs are comprised of several networks that you’re challenged to break into. The hosts in each network provide a good variety of operating systems, network services, and web applications, many of which a penetration tester will encounter in the real world. Some hosts are standalone while others require you to chain access together through several networks or exploit a client-side vulnerability. The variety of the lab machines is what pushed me to keep learning; There was little chance that I was going to get too comfortable with one particular environment or type of vulnerability. You quickly learn that your tools alone aren’t good enough. A good penetration tester must rely on their methodology to get them through the diverse number of possible environments that they may encounter.
At the time of writing this the OSCP exam format is as follows. The entire exam is 48 hours long. For the first 24 hours, you have access to the exam lab network where you must complete challenges to obtain points. In order to pass the exam, you need at least 70/100 points. Many servers have multiple challenges such as obtaining a low privileged account and obtaining a highly privileged root or system account. The next 24 hours are to be dedicated to writing a report, which is submitted to and evaluated by Offensive Security. The template of the report is pretty simple, and consists mainly of screenshots and any custom exploit code used.
It took me about 8 hours to get enough points to pass and another 2.5 hours to write my report. This included taking breaks for meals and relaxation, which I think were very important things to do. Self care will help you keep your cool, which in return will help you think more clearly.
I ended up submitting my report at around 8:30 PM to Offensive Security and hearing back two days later that I had passed. Overall, my experience studying and taking the exam for OSCP was positive. I think some of the things Offensive Security uses to throw you off the trail are incredibly frustrating, and every so often the correct answer ends up being a little gimmicky. However, the labs are still a fantastic learning experience and really do push you quite hard to practice, first hand, how to think creatively and technically.