Monday, January 9, 2012

My OSCP Experience

Last summer I was tossing around starting to study for a security certification. I got my Security+ at the end of 2010 and felt it was time to look into something a little more advanced. I looked at the CISSP but felt that maybe I wait on that one as i was going to really have to stretch to pull off the professional requirements. Next I came a crossed the Cisco security certs but not even having a CCNA means a very long process and I wanted something a little quicker. Eventually I ended up looking at the CEH and I though this looks pretty promising but in doing some additional research I heard a few people talking about the OSCP from Offensive Security. Now I thought the theory behind the both of them seemed to overlap in a lot of places but from what I could tell (and now believe to be true) the OSCP is a lot more hands on. Since I find I learn better with hands on learning I opted to go after my OSCP.

So, come mid-September I signed up for the 30 day course. Well... I was in for a world of hurt. Once the course begins they give you a bunch of videos to watch and a decent sized lab manual (I recommend printing a hard copy to take notes on) to go through. Also, how could I forget to mention, what I consider the biggest perk of the course, VPN access to the lovely offsec lab. Now since I work full time and have a handful of kids needless to say I did not spent 24 hours a day going through this material. Some days I was able to get in a couple hours at work but most of my progress was made on weekends. So 25 days later I was just finishing up going though the lab manual and videos. Not even really preforming the exercises, just absorbing the all of this new and wondrous information being dumped on me. Looking up some supplemental topics on Google as  I went just either to clarify or because I can't believe I hear about a topic before. Needless to say I had to signup for another 30 days.

My second 30 days were spent... well mostly off topic. Feeling a little overwhelmed and no shortage of other life things happening I spent as much time as I could in the lab. I remember the first day I actually started to attack the machines, I went after, what I considered, the low hanging fruit and in about four hours I had two machines. Thinking that was good for the day I turned to other exercises in an attempt to refine my skills. The next day I got two more machines. I started to think "Hey I'm actually getting the hang of this... Its easier than I thought!" ... ... .. .. A week later I was still in the same spot. Confidence going down the tubes at this point after everything I was trying and nothing was working out. Eventually I was able to get a few more techniques under my belt and my machine count started to slowly add up. Before I knew it my second round of 30 days was nearly up and I needed to grab another 30 days.

On my last 30 days I feel I may have "grown" the most as a student. I was researching topics a bit more, starting to see things in a new light. Hell at this point the course already helped me land a new job just by telling them I was taking it! I had more than a decent chunk of machines popped and I felt now was a good time to organize everything and go back over the lab manual making sure I crossed my "I"s and dotted my "T"s! By the end of this last 30 days I still felt like I had so much to learn but I didn't really want to invest any more money at this point and with the holiday break coming up it was the perfect time to take the exam. So the last two weeks I spent time writing my report and making sure I got all (most) of my extra miles exercises done. I then scheduled my exam to start 5pm on Dec 29th. I figured its 24 hours let me get the night out of the way in the beginning. Not saying this ended up being a good idea or a bad one, with the time crunch I eventually felt wiped out. Now I would love to go into details and specifics but I can't and won't. I don't want to be that guy who shouts out the ending of the moving in the middle of a crowed theater.

What I can say is that after the exam ended I was miserable. I felt like I should have done better but looking back now I think I was a little hard on myself. Either way I shot my full report off to Offsec went to bed!

Much to my surprise come Saturday morning I got the email that I passed. I was ecstatic!! I felt like I had actually proved something to myself. Not only that I few days later I was going through some books that I had read last year while moving them into my new office and found that "Grey Hat Hacking" actually made a lot more sense.

Did I have fun? Yes. Was it hard? Hell yes. Did it build be up and shoot me down? Without a doubt! ..... Was it worth it? Absolutely! and I would do it again. Hell I have spent the past two weeks looking for decent vulnimages that are similar to the lab enshrinement. If you are looking into the course, just do it! You will learn most of what you need to know during the course. Don't be afraid to chat in the IRC, they are there to help you along. Remember, Google is your friend! You may not find specifics (in fact you flat out won't) but you will find enough to point you in the right direction or to make you look at a problem in a new light.

And last but not least, when you have tried everything you can think of, your sleep deprived, on the verge of giving up, and you feel in over your head.... Try Harder!!! (its worth it!)


  1. great review,

    can i know exactly what's your experience?
    have you done some programming before in python or bash scripting?

    and how much hours you spends in a day?

  2. Thanks!

    I took two college level courses on VB.NET.... what does that mean I can do... I can Frankenstein some VB.NET programs and vbs.

    I knew ZERO python/perl. My experience with bash was along the same lines use it as a simple way to bulk together normal commands.

    I suppose what helps me the most is that I understand how scripting works. If you know or can learn what different lines mean (ie importing, deceleration, assigning values to variable) That was my most valuable ability. But then again they walk you through making simple scripts....

    For instance they show you how to make a simplistic FTP fuzzer in python and explains what each command is doing.

    I can tell you the anatomy of a simple python exploit I used was:

    Import the needed modules (usually I looked at similar exploits for what i needed)
    Assign a variable of many "A"s (ie var1 = "A" * 1000 )
    Assign a few more needed variables (retaddr= XXXX, shellcode=XXXX)

    String variables together ( buffer = var1 + retaddr + shellcode)

    Then actually sending the code thats where I turned to other exploits... if you look at a few you can see the socket coding that is used.

    In the end these are things you pick up in the course, remember if you want to know more about how a piece of code works Google the commands or the idea (ie assigning variables in python)Hell thats what I had to do.

    On the average day I would say maybe 5hrs Mon-Fri, as much as I could on weekends. When the course first started I did 8+hrs/day on my first two weekends just going though the videos/lab guide.

  3. thanks, it sounds a little bit hard to find the suitable time to study for 5hrs in a day i don't have this time maybe i'll pick the 90 days and spends 2-3 hrs in a day,

    i think what you need now is a full time rest and then try the next super course OSCE.