OSCP Week 2

I started with the PWK course to go for my OSCP. This series documents my progress. I hope to give some insight into brutal proces and exam that goes into obtaining the coveted certificate.

General progress

At the end of the week I am almost through the reading materials, videos and exercises. The only real thing left to do is the Metasploit chapter. I watched the videos, but still have to do the exercises. This week I learned a lot:

  • Linux Buffer Overflow
  • Existing Exploits
  • Privilege Escalation
  • Client side attacks
  • Web Application Attacks
  • Password Attacks
  • Port fun
  • Metasploit Framework
  • Simulated Pentest

Again, these topics correlate to the syllabus that is published on the PWK course site.

As before, I will not go into details of each topic, as that is against Offensive Security policy.

I was already quite familiar with a large group of these topics, so they went by quite fast. If you have no background you will probably spent a lot of extra time on the topics. Most of the time was spent on the web application attacks as there were some attack vectors in it that I did not fully understand. Spending time to understand the topic is a large part of the courseware.

Some exercises also depend on performing them in the PWK Lab environment. I added a TODO marker for those and will revisit them lateron when I find suitable targets for them.

The numbers

In week 2 I spent 754 minutes on the course, which is about 12 and a half hours. I actually spent a sunday evening and skipped the wednesday evening (valentines day). Here is the distribution of time over the syllabus topics: