My OSCP Course/Exam Review, A 14/15 year old’s perspective.
The reputation you are immediately introduced to when you mention the words ‘OSCP’ is the challenging, “Try Harder” nature of the course. When the reputation of a course is so heavily built up to be difficult, it is a daunting task to anyone who wishes to attempt such a beast. However, PWK the course accompanying the OSCP certification, it makes the OSCP a well rounded certification. With the completeness of the course I believe it can take anyone regardless of skill level, up to the level of expertise needed to pass if given enough time and effort.
A lot of people think of the PWK course as a ‘outdated’ course and I agree with them on that, however I believe the purpose of PWK and also OSCP isn’t to show you how to exploit the latest OSes on the latest hardware(See OSEE if you wish to do that). In my opinion, since PWK is an entry level certification the point of it is to teach the core mindset of pen-testing, how to go out and research topics on your own, and lastly to give you a solid foundation of key concepts to build upon.
In typical offsec “Try Harder” fashion the course doesn’t cover everything needed to pass the exam, As I mentioned earlier the course gives you a solid foundation to build upon and expects you to do the rest. Some people may not appreciate the fact that the course does not hand feed you the information needed. It helps you grow overall as a pen-tester as no course is going to be able to teach you everything and research is a very valuable skill.
Accompanying the videos & PDF is the PWK Labs. The labs give you a chance to use, and test the core competencies you learn from everywhere else in a simulation network of varying difficulty. The labs give PWK a certain completeness, as the skills and practice you get from the labs are priceless for the exam.
The labs is a group of interconnected machines in 4 different networks, IT, Dev, Admin and the public network you start with. You have to gain access to certain boxes and pivot into the other networks from them. The skills that you can gain from these boxes closely represent the skills needed to pass the exam minus the reporting aspect. I recommend aiming to complete a minimum of 30 lab machines to give a solid level of skills. I think a good way to manage time is 1-2 boxes per day, however if you opted for something longer than 30 days of lab time less boxes per day is good as well.
One option available to you if you wish is to document your PWK labs and course exercises for an extra 5 points on your exam, see more details on that here. However, I only recommend this if you need the ISC^2 CPE’s or need the extra practice with reporting.
Other Prep materials available
Outside of PWK there are plenty of community resources available to help you practice if you are interested in taking OSCP. These include resources such as HTB(HackTheBox) for box-style practice(TJ-Null has a list of some similar to OSCP Boxes), the DoStackBufferOverFlowGood GitHub repo for BOF Practice Samsclass, and really anything else you can find on the internet, don’t limit yourself to just PWK. A good way to know what you need to pass is looking at the “What competencies you will gain” on the OSCP overview page.
The part everyone always covers is the long 24 hour exam. Whilst this can be quite a daunting task due to all of the time constraints etc, it shows you have learned all the required skills to be in the industry. If you wish to see my recommendations after my first exam attempt go here. The exam puts all the skills you’ve learned from PWK and everywhere else to the test, and requires you to turn in a professional grade report at the end. If you are attempting the exam just make you you keep going, don’t give up and Try Harder! Most people don’t pass on their first try too, so if you don’t that’s typical.
Overall, for anyone wishing to take OSCP, I recommend that you TryHarder (seriously, it helps) don’t give up and to keep pursuing as the methodology that you will learn from learning to research is key. You will learn how to recover when you fail, how to research for information and to prepare for the unknown. If you have any further questions about OSCP i Recommend you check out this amazing community around OSCP/Offsec Certs discord.gg/9xTqKTY
Sorry everyone for the delay of this post, I forgot about it until recently. I have also started taking the OSCE/CTP Course and expect posts on that in the future :)