There are many OSCP reviews and resources on the Internet. Here I’d like to share my journey to obtain the OSCP.
About PWK & OSCP
Simply , PWK ( Penetration Testing with Kali ) is a Penetration Testing course created by Offensive Security. It is an online and hands-on training. That means you need to do by yourself , manage time effectively, and prepare everything that needed. Please kindly check the While OSCP ( Offensive Security Certified Professional ) is a certification that could be obtained if you’ve completed the PWK and pass the OSCP challenge ( exam ).
IMHO, PWK is a great, awesome, and amazing course. That’s because Offensive Security has managed and organise the course materials well, delivery best, and support excellently. During the PWK course, I’m using “Offsec PWK/OSCP” VM that they provide to the Offsec students. I run the VM through VMware Fusion on my MacBook Pro.
Learning the PWK Materials
There are two main materials ( videos and .pdf guide ). So I tried to focus with them along the course although during the penetration testing the internal lab need a google much. First, I learn a topic by watching the video then I read the appropriate topic in the .pdf guide. So I’m able to understand the topic deeply. After that, I do hands-on practice to make sure I’ve understand the topic, then take a notes as a summary of the topic. Yes, I do that methodology from one topic till the last topic in the PWK materials. Here is the quote from the PWK .pdf guide that reflects that matter :
Doing the Lab Exercises
In the end of each topic in the PWK materials, usually we will be given some exercises ( 3 – 5 or more exercises ). Although it’s not a must to do, I’d recommend to do all of the exercises as much as can. That’s totally worth because It will help me to prove what I’ve learned through the PWK materials. Sure, if you’re able to do the exercises from a topic, that means you’ve understood the topic. That’s it!.
Penetration Testing the Internal Labs
Yes, this is the most part for every students that really want to do. Even there are many students that jump to this without doing the exercises :). For me, I did this step ( Penetration Testing the Internal Labs ) after I’ve completed learning the PWK materials and done with lab exercises. I know the journey will take much time, but I don’t care with that because what I’d like to get before pentest the lab is having a good pentest knowledge, and skilled ( by learning the materials and doing all of the lab exercises ). So I’m able to be focus each steps I’m taking.
For penetration testing the internal labs, I need to connect to the internal labs using a VPN connection. After connected, I will be given many target machines that need to be hacked. During the course till the exam I’m using the Kali VM ONLY for penetration testing and didn’t update the metasploit or others software because if I update the metasploit, it will face some issues in a certain module in the PWK materials.
The target machines that need to be hacked were located on some different networks. And if you need to hack a machine in other networks, you need to hack a machine in the current network. Yeah, there are some various model / games during penetration testing the internal labs. So keep focus on penetration testing to all of the target machines. I’m able to hack almost all of the target machines ( only remains around 6-7 machines ).
While penetration testing the internal labs, I’m writing the walkthrough of the penetration testing process to a machine. Beside that, I’m taking the screenshots and grab the proof files too. Then I wrote the pentest report of each machines on the Keepnote.
Preparing the Exam :
For preparing the exam, I just do review all of the PWK materials with the exercises and the walkthrough all of the machines that I’ve hacked in the internal labs. Then I wrote them into a Methodology notes on the Keepnote.
Beside that, make sure to have an enough sleep before taking the exam and keep relax :). If possible, take a walk. shopping or anything activity that could make you relax, fresh, happy, and ready to fight for the challenge ( exam ).
Penetration Testing the Exam Servers
Before taking the exam, I’ve finished the internal labs and the lab exercises report into the PWK report. So when exam date came, I just need to focus on penetration testing the exam servers and then add / wrote the exam report into the PWK report that I’ve written.
I got the email challenge on August 23, 2015 at 10 PM include with the exam packages. and this is the first exam attempt. I read the exam guide carefully because there are rules about metasploit restrictions, etc. After that, I connect to the exam lab through vpn to start the pentest to the exam servers. I decide to hack the target machine that has highest points first for more challenging. Same during the penetration testing the internal lab, I wrote the walkthrough, taking the screenshot , and grab the proof files from the target machines.
Writing the PWK Report
After done owned some exam servers, I wrote the exam report into the PWK report.
I’ve submitted my PWK report within next 24 hours after exam completion.
The OSCP Certification Challenge Result
I got this OSCP Certification Challenge Result email on the 2nd day from my report submitted :
Lesson learned / Tips
Here is my PWK & OSCP journey on slideshare : http://www.slideshare.net/fl3xu5/my-pwk-oscp-journey