OSCP Blog Series – Decision Making to Register for OSCP

Overview

Attention OSCP Aspirants !!

I believe every security enthusiast is aware about OSCP Certification and added this in their wish-list. I am also one of them and really wanted to go for it but due to busy schedule or other planned activity I couldn’t go ahead. Finally I have decided to go for it and crack one of the most demanding certification of industry. Everyone may faces certain challenges while finalizing their decision to go for OSCP as I did.

To ensure that coming aspirants do not face similar challenges, I have started this OSCP Blog Series which will cover the challenges and solutions to avoid these at the every stage of your journey.

Disclaimer: OSCP believes in “Try Harder” approach as well as I do so this post will not talk about the technical challenges in OSCP. Also none of the OSCP course content or anything which gives understanding of the official OSCP course material will be disclosed. I endorse “Try Harder” approach of Offensive Security hence will not help you to restrict your technical/research or problem solving skills.  I will talk about the challenges in planning your path throughout the OSCP as well as to make the decision whether you should go for it or not with your current skill set. Many of us don’t go for OSCP because we have a perception in mind that it is very difficult to crack as well as we don’t get sufficient guidance for this. So in this series I will help you to clear your doubts with my experience.

OSCP (Offensive Security Certified Professional) is one of the most demanding and respected certificate in the Industry offered by Offensive Security. The reason for being most demanding is that , It is completely practical oriented certification for any of the security professionals who have keen interest in deeper piece of Penetration Testing. More than just Certification to add in your CV, It is a complete exposure to understand and execute the Penetration Testing Methodology and Attacks.

OSCP certification is followed by a course PWK(Penetration Testing With Kali Linux) which teaches you all about the Advanced Penetration Testing. The PWK is offered to ensure that a person have enough understanding about the skills he/she required to obtain OSCP certification.

PWK course is offered with different packages based on the duration which includes below efferings:

• Course Material (PDF Manual + Video Lectures)
• Lab Access(30/60/90 Days – Can be extended based on the need)
• OSCP Exam

You can find all these details on their official website : https://www.offensive-security.com/pwk-oscp/

I am going to share some basic stuff which will help you to start your OSCP journey or will help you to decide whether you should go for it or wait sometime to acquire the necessary skills.

I believe most of you might have asked yourself… Should I go for OSCP ? or  Am I ready for it ?

As per my understanding and after going through blogs of other OSCP holders and experiences they have shared about their Journey, I think below parameters can help you to answer your questions.

1. Money[Obvious thing 🙂 ]
2. Existing Pentesting/Technical Skills (40%)
3. Try Harder mindset(60%)

Some people may get confused while dealing with this ratio of point 1 and 2. But let me explain to make you clear about this:

OSCP is not only about learning the content provided in course material. It is more about the skills you need to develop in yourself every day by following a “Try Harder” approach. Everyday you will be facing lot of technical challenges where you need to show your research and problem solving skills along with your Pentesting Skills. That is what I understand about Try Harder tagline of OSCP.

Most of the OSCP aspirants are either Full time security professionals, Bug hunters or college students. Even if they have basic Pentesting Skills they feel that they are not ready for it or will not be able to manage the time for OSCP while working. But this condition would remain same all the time as no one is going to leave their jobs/colleges to do OSCP.

So I would really suggest to just go for it even if you have time constraints, because once you register you will find all the ways to manage your time. Else you will never feel ready to go for OSCP.

So let’s discuss about the ratio of point 1 and 2 now.

When you go for OSCP, everyone may have different level of knowledge and may need effort based on these skills to crack the OSCP. Based on that everyone need to understand their strong/weak areas and select a approach to go further.

• Ratio of point 2/3 for Beginner will be 20-80
• Ratio of point 2/3 for Intermediate person will be 40-60

The above Ratio is applicable only at the stage you are trying to start OSCP. This figure will start changing as soon as you start working on OSCP. Once you start working on OSCP, the ratio will be around 50-50. Once you complete 90% of your course content it will be 70-30 and so on. Again when you go for Lab provided in the course, it will differ.

Existing Pentesting/Technical Skills

The existing Penetration Testing or Technical skills plays a crucial role while deciding to go for OSCP. As it will also help you to understand if you are going for OSCP which package you have to choose.

Scenario 1 – You are not from Pentesting background and don’t have knowledge about below topics
In this case , I would suggest not to go for OSCP. But what to do now ?

Just Keep Calm 🙂  and wait for my next post explaining “How to acquire the necessary skills required before you go for OSCP “.

Scenario 2 – If you have understanding of below topics you should opt for atleast 3 months Lab
Execution – [2 Months Course Material(Including Exercises and Reporting) + 1 Month Lab Practice]

Skills you need to have before you start :

1. Linux and Windows Environment Understanding
2. Basic usage of Kali Linux
3. Web/Network Architecture Understanding
4. Linux and Windows CLI
5. Web application attacks
6. Basic understanding of Metasploit
7. Enumeration and Scanning Tools like NMAP, Nikto, Nessus

Scenario 3 – If you have understanding of below topics you can opt for atleast 2 months Lab
Execution – [1 Month Course Material(Including Exercises and Reporting) + 1 Month Lab Practice]

Skills you need to have before you start :

1. Linux and Windows Environment Understanding
2. Playing with Kali Linux
3. Web/Netowrk Architecture Understanding
4. Linux and Windows CLI
5. Basic Scripting Skills [Bash/Python or both]
6. Web application attacks [OWASP+]
7. Exploitation Framework like Metasploit or any other
8. Privilege Escalation[Windows/Linux]
9. File transfer techniques [Win to Lin , W-W , L-L , L-W]
10. Enumeration and Scanning Tools like NMAP, Nikto, Nessus
11. Others: Powershell , Netcat, Wireshark etc
12. Buffer Overflow

Having exposure on the platform like HackTheBox, VulnHub etc give you more ability to perform well in OSCP but if you have not gone through these it’s not a big concern as many of the persons get confused whether they should go for OSCP if they have above skills but din’t work on these platforms.

So does it really matter ?

So answer is Yes. If you have practiced on the above platforms you will really have understanding of advanced attacks and scenarios on how to compromise a machine. But again if you have not done this, you need to give more time on OSCP Labs to cover up these skills.

I will explain in the future posts which machines you should specifically target from HTB or VulnHub for OSCP.

Try Harder Mindset

I have explained the Try Harder approach in above sections as well but let’s have a bite again.

This is the tagline of OSCP just not for formality but they have a clear vision about this. OSCP is not a spoon feeding course so you will not get each and everything from course content but if you want to crack the Labs and OSCP you need to work hard and improve your skills by Research only.

So the key is Research, Research and Research….

It’s all about how you utilize your Pentesting skills as a package against a Machine. Presence of mind is very important in these scenarios, as you need to take the right step at the right stage. Once you move in the wrong direction, you will waste the time on finding something which is impossible to grab.

I hope, this post helps you to make the decision for OSCP registration. Please share your queries/feedback in the comments. I would try to answer all the queries regarding this post.

Stay tuned for next post !!!

Author: Yogesh Prasad

Information Security Professional | Cyber Security Expert | Ethical Hacker | Founder – Hackers Interview

Twitter Facebook Linkedin