I'm incredibly happy to say that as of today, I'm the very proud holder of the Offensive Security Certified Professional (OSCP) certificate! The exam was an exhausting 24 hour marathon which tested not only my acquired knowledge from the course but also tested my endurance, both metally and physically. I started my road to OSCP almost exactly 4 months to the day, and today I'm finally able to say that I've reached the end of that road having gained confidence and so much knowledge. What follows are my thoughts on the course and exam. For those folks looking for a review of the course and exam, I hope you find it useful; I also spent a lot of time researching people's reviews before signing up. For my friends and family, this is what I've been doing these past few months; thanks for being patient with me along the way!
The course guide and videos were absolutely great. The topics and exercises were well thought out and well explained. The course syllabus outlines all of the topics covered. For those researching the course, checking this out is an absolute must before pulling the trigger. It took me roughly 3 weeks to get through the course material. Any chance I had to get some reading/watching in, I took it (a 3 hour round trip daily commute certainly helps). I decided that I would get through the written/visual stuff before I dove head first into the lab environment, and I'm glad I did. As far as the course material, I had the most fun with the Windows/Linux buffer overflow and exploit development modules.
I felt pretty damn good about the level of knowledge I had heading into the labs, but all that changed pretty quick once I actually understood the size and complexity of the environment we were given to work in. The lab environment was, in my opinion, MASSIVE. After performing my initial evaluation of the primary network, I found a smorgasbord of machines with all sorts of OS-es, versions and purposes, all of which were fair game to students - It was a bit overwhelming to be honest. I briefly took a step back to reevaluate my plan of attack for the remainder of the time. The best advice I think I can give for potential students is to stay organized. You'll want to sort out your documentation tools and note organization strategy before you get too deep into the labs, since there are so many boxes to hack.
Once I felt better about what was ahead of me in the labs, I dove in. The labs were able to draw out my weaknesses and force me to Try Harder™. Oh yes, get used to hearing that if you're contemplating taking the course... It's annoying as hell to actually get that as a response when you're stuck on a difficult box or problem, but anyone who's passed the course challenges knows that's essentially what it takes to be successful. Back on topic, as time went on in the labs I found myself hacking boxes quicker. In one word, the key to success in the labs is enumeration.
Give me six hours to chop down a tree and I will spend four hours sharpening the axe.
Along the way I learned to automate a fair bit of the manual, repetitive tasks which proved very useful. Shaving seconds or minutes off of the time it takes to enumerate your targets definitely paid off during the exam. I spent 60 days working in the lab environment and I was able to hack into 91% of the lab machines before my time ran out, which I'm pretty proud of. There is no right answer to "how many boxes must I own before being ready for the exam?". There are some who only hacked a few and took (and passed) the exam, and there are some who owned 100% of the boxes but didn't pass the exam their first try. Offensive Security recommends students at a minimum hack all of the boxes on the student network (there are other additional networks in the lab environment) except for 3 of the most difficult boxes before consider taking the exam. It makes sense to do as many as possible before your lab time runs out - after all, you paid for the privilege!
The final 30 day period in this course was devoted to doing all of the documentation required of course takers and trying to go back and attempt to finish all of the lab machines I had left. As it turned out, I really wasn't able to utilize the full 30 days for the course, as I took a vacation in the middle of that time period. I was able to complete the bulk of the course materials and labs within 90 days. The final lab report was essentially a pentest report, much like what you would generate for a client after a live engagement. After all was said and done, my lab report was 265 pages, so you can imagine how exhausted I was after I finished writing that up! I think another student's report wound up being 900+ pages, which sounded absolutely ridiculous to me, but to each their own. I was satisfied with the content of my report and felt it covered the material in an informative matter. Once my report was complete, I began studying. For me, studying consisted of writing/updating self-made enumeration scripts to aid me during the exam, going through the notes I took during the labs, re-watching some of the course videos and going through the buffer overflow modules.
I felt really confident about my skill level going into the exam, but I also knew that there would be no freebies once I entered the exam environment. Students taking the exam have 24 hours to acquire at least the minimum required points to pass, followed by another 24 hours to complete a formal pentest report and submit it to Offensive Security. I think that this exam was by far the most challenging test I've faced in my professional career. Knowing that the clock is ticking in the background while you work on the exam boxes really lights a fire under you and increases the amount of adrenaline surging through your veins.
Within minutes of receiving my exam VPN connection I got straight to work. I wound up working non-stop for 5 hours before considering a dinner break. Those 5 hours went by FAST too! I should also note that by the 5th hour my brain was almost completely fried from stress/exhaustion. When I got up to break and get some water, I wound up putting an empty bowl back in the refrigerator instead of the water pitcher! By the 8th hour I had some form of control over all of the boxes on the exam network, and by the 10th hour I had fully rooted all but 1 box, putting me well above the required points necessary to pass! When I broke through the last box with full SYSTEM privileges, putting me into the passing category, I did one of the most ridiculous-looking victory dances. My mind and body were entirely out of sync by that point and I'm glad the only specators of that tragedy were my two cats - at least they can't speak about it!
Anyhow, I spent another 2 hours trying to escalate my last box to try and attain the full 100 points but I didn't have any luck. However, I was able to go to bed knowing I had more than enough to pass. I slept for 4 hours, woke up, downed the rest of my 5 hour energy and gave it one last push to Try Harder™ on my last box before calling it. A few hours later, I got my pentest report together with all of the proof required and sent it off for review. 3 hours later I received confirmation that my material was received, and this morning I received confirmation that I had passed the course!
The course and exam were absolutely outstanding. I was challenged at every turn. This isn't your typical knowledge-regurgitation certification course, this is challenge after challenge after challenge. This course demands a lot of time. You'll find yourself spending many long nights in front of the computer, not getting enough sleep and generally going through cycles of elation and despair as you progress through the labs. If I had to boil it down to some key points to success, I'd go with these:
- Make sure you have the time to complete this course!
- Don't worry about purchasing lab extensions, it will happen.
- Read and watch the course material before hitting the labs, regardless of prior knowledge or skill level.
- When you hit walls, don't linger on being discouraged. Take a step back and enumerate.
- Automate as much as you can.
- Stay organized from start to finish!
- Document everything. You don't want to have to go back and rehack boxes to get screenshots.
- Have fun!
If you've made it this far, thanks for reading! If you're considering taking this course, DO IT. It is one of the best experiences I've had. To my wife, thank you darlin! I know the schedule I had wasn't easy on you, but thanks for supporing me at every step!