What is OSCP
Offensive Security Certified Professional
A certification attained by working
through the "Penetration Testing
with Kali" labs and passing a
24 hour hacking exam.
What is OSCP?
A course and exam with a reputation!
Respected among infosec people
(unlike most certs, esp in dev)
A fantastic way to learn about
penetration testing...
... if your'e a masochist.
What is OSCP?
A self-paced course
Low on material, high on content
No knowledge assumed,
lots expected!
It's all about the lab
The OSCP lab
Virtual lab
4 networks
Shared among students
Amazingly fun and horrible
The OSCP Lab
Mixture of operating systems
Custom applications
Known apps with known vulns
HUGE variety of attack vectors
Pwn as many boxes as you can
What was it like?
Well ...
... it was brutal!
- Material was introductory
- Much of it was "new"
- I'd never so much as done
a boot2root before
- In most cases I had no idea
where to even start!
What was it like?
I also lacked "polish" in
- Some basics such as..
- Port forwards
- Tunnels
- Moving around networks
- General use of "the tools"
- Familiarity with the "scene"
What was it like?
Dropped in the deep end
with heavy shoes
Material taught: how to crawl
Labs expected: how to climb Everest
Short Timeline
30 days lab time
3 hours of reading, got bored
Rest of the day, pwned one box
Really. Simple. SQLi.
DB running as SYSTEM.
Short Timeline
Second day: Nothing.
Third day: Nothing.
Fourth day: ....
... nothing.
Not even basic entry, let alone priv esc.
Short Timeline
Fifth day
Changed my approach
Started to think like a "bad guy"
Saw things in a different light
... 7 machines popped.
Short Timeline
The rest of the month got easier
and harder
Then there was Pain ...
... and Sufference [sic] ...
.. and others.
By the End...
Pwnd most of all networks
Only a few machines left
Pondered extra lab time
F**k it. Bring on the exam!
5 machines in 24 hours,
70pts / 100 required
1st in 45 mins
2nd just about an hour later
3rd fell 3 hours after that
getting harder ...
4th machine was the hardest
I left it for a while and came back
5th didn't take long to fall
Last machine came down after
a total of 14 hours
Even in the exam I learned new things