OSCP Blog Series – OSCP Preparation – Pre-Enrollment
In last blog post, we discussed on how to make decision whether your are ready to register for OSCP or not. In that we covered the OSCP background, Course packages, different skills we need for OSCP as well as categorized our standing for the OSCP based on the skills we already have.
Continuing the second post of this OSCP Blog Series , we would be discussing on how to prepare for OSCP (Pre-Enrollment). In last post I explained 3 scenarios based on which you can take the decision, where scenario 2/3 allow you to go for OSCP registration and scenario 1 was all about preparing for your Pre-Enrollment journey. That means if you come under scenario-1 you need to acquire some skills before going for OSCP.
So let’s talk about, what all skills we should have before we decided to go for OSCP ..
Note: This post will only talk about OSCP Pre-Enrollment Preparation not about how to prepare during OSCP for the exam. In the future blog posts in this series, we will talk about how to approach the OSCP Post-enrollment Journey and what all things we should consider to crack it.
First of all I would like you to go through the Updated Syllabus of OSCP. This will actually give you overview of the complete OSCP Journey you are going o go through.
As I discussed in the last post that it’s good to have at least below skills while going for OSCP.
- Linux and Windows Environment Understanding
- Basic usage of Kali Linux
- Web/Network Architecture Understanding
- Linux and Windows CLI
- Web application attacks
- Basic understanding of Metasploit
- Enumeration ,Scanning and other Tools like NMAP, Burp, Nikto, Nessus, Wireshark
Apart from this the most important requirement “Try Harder Mindset”. I would again like to repeat “Try Harder Mindset” because if you are going for OSCP just because your friends/colleagues have done it and your are taking it other ways then I am sorry to say but you are going to struggle a lot and may not succeed in it. OSCP is one of the most demanding certificate because it is full practical and proctored during exam. So Industry trust on this certificate with regards to skills as well as Authenticity. You need to make sure that you have enough patience , skills research/learning ability while attempting the OSCP because you will face lot of challenges throughout your journey and you need to tackle them.
In my case, I am from Penetration Testing background and have been working in the same domain for last 5+years so I didn’t need to go through these again. So most probably I will not be able to explain you here , how I approached for this phase in short time as it was continuous learning. But in this post I am assuming that all the learners are new in the Pentesting as who are working in Pentesting should already have all these basic knowledge.
So starting from the above list :
1- Linux and Windows Environment Understanding :
Understanding of Windows and Linux environment is must as we deal with both the platform during the OSCP. Moreover it’s not only about OSCP, if you are a Penetration Tester you may need to deal with both the platform everyday. Penetration Tester may get any kind of target like Linux/Windows so to plan your attack you need a complete understanding of how a particular environment works. Specially in attacks which are dependent on the platform for exploitation like Buffer Overflow, you need better understanding of the system to crate a successful exploit.
Resources:
- https://techcommunity.microsoft.com/t5/ask-the-performance-team/windows-architecture-the-basics/ba-p/372345
- https://www.tutorialspoint.com/operating_system/os_linux.htm
2- Basic usage of Kali Linux
Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering. Kali Linux is developed, funded and maintained by Offensive Security, a leading information security training company.
Source: https://www.kali.org/docs/introduction/what-is-kali-linux/
Now if you are a Penetration Tester or a Security Researcher, you may need to deal with Kali Linux every single day. The reason is , it is full of the necessary tools and supported environment which helps you in almost all kind of attacks. Generally you may need to look for the individual tool based on your requirements and configure it which is very time consuming process. Kali Linux helps you to solve this problem as it has 600+ Penetration testing tools included. So you need to have hands on experience on Kali if you want to a Penetration Tester or targeting OSCP.
Resources: The best resource to learn the Basic of kali is from their Official Book which is available free of cost at https://kali.training/downloads/Kali-Linux-Revealed-1st-edition.pdf
3- Web/Network Architecture Understanding
Web and Network Architecture are the most critical areas in the Penetration Testing as most often you will encounter any applications, systems , network to compromise or assess for the vulnerabilities. But to analyse the vulnerabilities or exploit it you need to have a good understanding of the environment first. Having a deep understanding of architecture of any target is must if you want to break it but Web/Network are 2 major areas which which will be involved in most of the attacks. So you need to have a good understanding of at least web/network environment or architecture before going for OSCP.
Resources:
- https://www.slideshare.net/cchamnap/introduction-to-web-architecture
- https://hackr.io/blog/web-application-architecture-definition-models-types-and-more
- https://www.cybrary.it/course/network-architecture/
- https://www.javatpoint.com/computer-network-architecture
- https://www.youtube.com/watch?v=vv4y_uOneC0
4- Linux and Windows CLI
As we discussed in the point 1, you may need to deal with both Linux/Windows system every day while doing Pentesting or during our OSCP journey. As well as you may need to operate from both the environment so it is very important to get your hands dirty on the CLI of both the platforms. When compromising any of the system despite of what platform it is running on, most of the time you will be getting the shell of the compromised system instead the GUI interface. In that case you need to know how to operate a complete system using command line.
Apart from that, Kali Linux is the main platform we should be using during our Pentest so we should have complete control over the CLI to operate it in an efficient manner.
Resources:
- https://www.sans.org/security-resources/sec560/windows_command_line_sheet_v1.pdf
- http://www.cs.columbia.edu/~sedwards/classes/2015/1102-fall/Command%20Prompt%20Cheatsheet.pdf
- http://linuxcommand.org/https://www.linuxtrainingacademy.com/linux-commands-cheat-sheet/
5- Web Application Attacks
When we talk about Web Application Attacks, the first thing comes in our mind is OWASP Top 10. The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.
I consider OWASP Top 10 as the first core Pentesting Module while entering into this domain. It covers the most common attacks a Web Application may have. We need to get ready with these attacks before we go for OSCP as this will be helpful in our Pentesting Career as well. While entering into security field Web Application Testing is the primary service a company can look for and in the same way security service provider also have huge amount of opportunities in their companies. So as a fresher you can grab this opportunity if you atleast have good practical experience on OWASP Top 10.
We should no waste our Lab Period on the attacks which can already be learned in advance. The main focus of this post is to ensure that you are not wasting your Lab Period on learning the basic stuffs. So it is highly recommended that you learn all the skills mentioned in this post before you register for OSCP.
From the below references, I would suggest to take OWASP official PDF as the base and refer other links in addition. For practical you can try the Demo apps like DVA, bWAPP etc else tr Cybrary Labs mentioned in below references.
Resources:
- https://owasp.org/www-project-top-ten/
- https://www.amazon.in/Web-Application-Hackers-Handbook-Exploiting-ebook/dp/B005LVQA9S
- https://www.cybrary.it/course/owasp/
- https://www.cybrary.it/course/web-application-pen-testing/
- https://www.hackerone.com/sites/default/files/2017-12/OWASP%20Top%2010%20Flash%20Cards.pdf
- https://www.sans.org/reading-room/whitepapers/application/web-based-attacks-2053
6- Basic understanding of Metasploit
Metasploit is a penetration testing and exploitation framework that helps security researchers to make their process simple. The Metasploit Framework is a Ruby-based, modular penetration testing platform that enables you to write, test, and execute exploit code. The Metasploit Framework contains a suite of tools that you can use to test security vulnerabilities, enumerate networks, execute attacks, and evade detection. At its core, the Metasploit Framework is a collection of commonly used tools that provide a complete environment for penetration testing and exploit development. You should have atleast basic understanding and execution flow of the Metasploit.
Source: https://metasploit.help.rapid7.com/docs/msf-overview
Resources:
- https://www.offensive-security.com/metasploit-unleashed/
- https://www.cybrary.it/course/metasploit/
7- Enumeration , Scanning and other Tools like NMAP, Burp, Nikto, Nessus, Wireshark
Everyone knows that Enumeration is key in Penetration Testing and OSCP as well. The more you enumerate , more you will be able to simplify your attacks. Scanners help you to automate your vulnerability scanning process. Mostly the code level vulnerabilities can be found by scanners but for business logic scenarios and exploitation of advanced attacks you may need manual effort or need to use other scripts.
There are basic enumeration and scanning tools you should know about before going for OSCP as these will help you at every stage :
NMAP – Nmap is a free and open source network discovery and security auditing tools. It is considered as a powerful port scanner as well as have various capabilities to scan for vulnerabilities using it’s scripting engine(NSE). You can also try exploring other port scanners as well such as Masscan which is also helpful when we have a huge network to scan.
Resources:
- https://nmap.org/book/man.html
- https://tools.kali.org/information-gathering/nmap
I am not explaining about all the tools as Google is full of the knowledge and my idea in this post is not to teach any tool but to just share the experience and help in planning. You can have a look at https://tools.kali.org/tools-listing which covers almost all the necessary tools request in your OSCP journey.
The above post talk about the the minimum skills one should have before thinking of OSCP but not limited to mentioned skills. One can always try to gain more and more skills if he/she wants before the OSCP. The more skills you have, the more you would be able to do better in OSCP. I have explained all these scenarios in my last post.
Apart from the above, you can try to get some experience on the platform like HackTheBox and VulnHub as it will give you exposure of how to approach a machine to compromise. In OSCP as well your target would be to compromise the machines so this experience will definitely help you there.
The below specific machines from the above platform may help you in OSCP :
Linux Boxes:
- Lame
- brainfuck
- shocker
- bashed
- nibbles
- beep
- cronos
- nineveh
- sense
- solidstate
- node
- valentine
- poison
- sunday
- tartarsauce
- Irked
- Friendzone
- Swagshop
- Networked
- jarvis
Windows Boxes:
- legacy
- Blue
- Devel
- Optimum
- Bastard
- granny
- Arctic
- grandpa
- silo
- bounty
- jerry
- conceal
- chatterbox
- Forest
- BankRobber
Source: https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/edit#gid=0
Hope this post will help you in gaining all the basic knowledge to be prepared for the OSCP Journey. Once you feel confident on the above skills you can surely go for OSCP preparation.
Note: The above post is written based on my experience. One should not purely dependent on this but can refer this to take the decision. Final decision should be done by his/her own choice based on the skills , mindset and preparation level he/she has.
Author: Yogesh Prasad
Information Security Professional | Cyber Security Expert | Ethical Hacker | Founder – Hackers Interview