I started with the PWK course to go for my OSCP. This series documents my progress.
What is OSCP?
O ffensive S ecurity C ertified P rofessional is the end result of the Penetration Testing With Kali Linux course. From what I gather it is one of the hardest certifications in the infosec community at the moment. The reason for this is that it is not a paper exercise (read a book, take a multiple choice exam), but instead focuses on applied skills.
To pass the certification I will need to go through a 24 hour lab exam in which I will need to hack several machines and document the process.
I have bought 3 months of lab time to practice for the examn. From reviews I have read most people spend anywhere from 100 to 300 hours on the labs before attempting the examn. As I do have a real life to take into account I have opted for the 3 month lab time.
Why do this?
I think the OSCP certification is a great way to objectively show the skill set I have to the world. I took CEH (Certified Ethical Hacker), which is more of a paper exercise.
Most of all I do it because I get a kick out of these types of puzzles and it qualifies as "good fun" for me.
What is this series?
The reviews I have read summarize the entire experience. As I will not be able to blog much during this time I figured that I would write about my experiences along the way.
The rules are quite clear that I am not allowed to share anything which amounts to spoilers for the course. So I am going to focus on the general aspects and the time I have spent on them. I will not share anything more than what you can read on the certification website.
How was week 1?
The first week started sunday februari 4th. I have opted to follow the recommended structure of watching the videos, reading the document and performing the exercises (as they are worth extra points when handed in with the examn).
The very first thing you do is setup your OpenVPN connection and Kali Linux VM. I am on macOS, which means I had to use VirtualBox or shell out $$$ for VMWare Fusion. It turns out that the VMDK you get works very nicely in VirtualBox. The only downside seems to be that if you copy a lot between the host (macOS) and the guest (Kali) the guest will start to hang after a few hours. I solved this by just working inside the VM 100% and documenting everything on a shared folder. An alternative would be to just SSH into the Kali machine from the guest, but then I can not use CherryTree to document machines.
This meant that the first week was spent on the basics, up to windows buffer overflows. You can find the syllabus on the PWK website.
I am keeping a quite detailed timesheet to see how much time I actually spend on it. For week 1 you can clearly see that the Windows Buffer Overflows cost me most time. I just started the Linux ones, but scanning the documentation I see that there are not that many exercises, so it might not end up taking that long.
I document everything in the number of minutes I have spent on that topic, actually I register timestamps and derive time between start and end. For the first week all the time has gone into the course materials.
Total time spent in the first week was 852 minutes, which amounts to about 14.2 hours. On to the next week!