Here it is, my story on my first security certification. I am writing this to both share my overall experience and shed some light on what to expect if you are considering taking this certification course. My expectations were lower than they should have been when I started taking the course and as a result, led to some difficulties in both the course and my personal life. Here we go.
The Offensive Security Certified Professional (OSCP) is a certification awarded to students that successfully complete the Pentesting with Kali Linux course and pass the certification challenge. You can view the basic info here http://www.offensive-security.com/information-security-training/penetration-testing-with-kali-linux/ It is one of the most in-demand certifications in the industry today. (Note: At the time I enrolled this course was known as Pentesting with BackTrack Linux however Kali Linux was released shortly after and the course was renamed. I was allowed to use BackTrack, but I highly recommend Kali over it.)
I had worked in general IT for about 4 years when it hit me I needed to work on specializing in a particular IT field. I had looked around at routing, server administration, database administration, and even programming, but the field that has always interested me is information security. Problem was I knew nothing about how to get started. This led me to a friend of mine that is a CISSP(http://www.isc2.org/CISSP/Default.aspx). After speaking with me on my experience, strengths, and weaknesses in IT he recommended I look into ethical hacking. With that in mind I started looking into the various courses and certifications out there. I narrowed my search between EC-Council’s Certified Ethical Hacker(CEH) and Offensive Security’s OSCP. Long story short once I learned that the CEH exam was a multiple choice proctored exam I chose the OSCP. The OSCP certification challenge consists of a 24 hour practical exam in a live lab. This is one of the reason’s this certification is in demand. Employers learned long ago that passing a multiple choice test does not mean you necessarily have the skills needed for the job. There were other reasons but I’ll leave that to another post.
Ok now that you have a little history, let’s move to my experience with the course required for the OSCP course; Pentesting with Kali Linux. It was summer 2013 I had the money ready to enroll and I was very excited. I contacted the folks at Offensive Security and they sent me the initial info I needed to know before I began the course. After reading the recommendations I enrolled in the course with 60 days lab access. If needed later you can purchase additional lab time(more on that later). 24 hours later I received the enrollment packet that included the instructional videos, lab guide, IRC info, and access info for the labs. I could not wait to get home, connect to the labs and dive in. Keep in mind I NEVER did anything close to security, hacking, or coding before this course. Everything I’ve done up to this point was general IT, PCs, networking, servers, etc. My college degree was in Networking and Communications Administration.
Part 1 of the course covered mostly the basics of Linux, setting up the tools needed, and the basics of shell scripting in Linux. I confess I blew through this section eager to get to the labs and start hacking systems. I can’t stress this enough do not make my mistake take your time and get familiar with shell scripting it will save you a ton of time to script instead of manually entering each command!
Part 2 of the course dealt with Information Gathering portion of a pentest. I took to this part pretty easily because of my familiarity with common network protocols such as TCP/IP, DNS, SNMP and SMTP. I was also pretty adept at using Wireshark to sniff traffic because of my networking experience. Another topic that was unfamiliar to me was Google Hacking. This is a very interesting section but be warned some of the special operators in Google can turn up some info you really don’t want to see.
My confidence at this point was fairly high moving to the next section; Buffer Overflows. This section is when my confidence started to wane a little. I had to redo this portion many times because of my inexperience as a programmer. It was here that I built my first exploit in Python. I’ll admit the first time I did this I had no clue what I was doing I was just copying instructions though. So my first exploit is coded I run it against my test machine and as soon as I saw the C:\ prompt open on my system I was forever hooked on exploiting systems.
I don’t want to spoil the entire course so I’ll summarize the next topics covered. They are post-exploitation, how to use Metasploit inside and out, cracking passwords, pentesting web applications, man-in-the-middle attackes and my personal favorite; port redirection and network tunneling. Keep in mind when signing up you can’t use man-in-the-middle attacks within the lab environment.
Once I was finished with the videos and lab guide I was told from there to dive into the labs and hack as many systems as I can. I had about 30 days of lab time left so I connected to the labs ready to hack like crazy. So I sign in, I’ve got my notes handy from the Info Gathering labs, and I start to go over the machines open ports. I look at the services running on the ports and I think to myself….great…..now what!? It just occurred to me just how inexperienced and how I was in way over my head. Finally, I figured out how to run Metasploit exploit modules on a couple of Windows systems, but I was completely lost. Time was running out I needed to ramp it up so I go for a Linux system. I got a shell pretty easily, but I quickly found out I needed to somehow become the root user.
With this in mind I signed in to the IRC channel provided for the course. I had a week left and I needed help. I contact one of the admins for help and he sends me a blog post for Linux privilege escalation(I highly recommend it by the way). Being inexperienced in Linux this didn’t help me much at the time so I asked a more specific ‘How to I root this machine?’ question. The response I got was “Try Harder”. This is what I both loved and hated about the course. The admins will not disclose the answers to any of the systems, but they will give you just the right hint to lead you in the right direction to find it on your own.
At this point I realized I would never get to where I needed to be in a week so I renewed my lab time another 30 days. This would become a pattern for me over the next 9 months. The only way I can describe my time in the labs is that it was an emotional roller coaster. Some days I would get 2 or 3 machines or it could take me a week just to get one. After the 9 months were over I finally went all in and scheduled the exam. I still felt that I was not ready, but I could no longer spend any time or money I needed to finish this once and for all.
In conclusion, if you want to take this course carefully evaluate your personal situation before doing so. I foolishly thought I could start learning a brand new skill set in 60 days with a spouse, 3 children, and a baby on the way. Obviously I did not and my very patient and loving spouse sacrificed a lot of time and energy after the baby was born to help me. This is an extremely rewarding and practical course that I highly recommend if you are wanting to get into pentesting, but beware it will consume your life while you are doing so. Stay tuned for my review of the certification challenge and some helpful links to help you if you are considering the course.