Certification: Preparing for the OSCP

Last Updated for Accuracy: September 2019

“Or how I learned to stop worrying & just tried harder”

The OSCP certification is obtained after successfully completing a proctored penetration testing exam in 48 hours. The OSCP certification demonstrates that the certificate holder is proficient in Kali Linux and has an expert level understanding of advanced attack techniques and tools.

Introduction

I decided to enroll into Offensive Security’s OSCP course after working in a SOC for about a year. Prior to that, I exhausted the vendor training offered by my company (Fortinet NSE training), passed the (ISC)2 SSCP certification exam and became an (ISC)2 member, passed the CCNA R&S certification, and completed additional training from various security vendors.

The logic behind taking the exam is that it will help my career short term and long term;

Short Term:

  • Hone my current information security skills portfolio
  • Strengthen my resume to entice employers & secure a higher salary

Long Term

  • Explore bug bounty opportunities
  • Prepare myself to take more advanced certifications/courses (SANS)

This post is the first in a series of OSCP themed posts and this will detail what steps I took in order to prepare for the OSCP course before enrolling, such as reading lists, YouTube videos, other penetration testing labs, and more.

TLDR;

  • Four book recommendations to familiarize yourself with penetration testing
  • Root easy/medium machines on HackTheBox
  • Watch IppSec videos to learn the basics
  • Sign up for Virtual Hacking Labs for more OSCP like lab machines
  • Join the Discord groups to get insights

Books to Consider

Before I started my OSCP journey, I gave the following books a quick read over. Below are the books and a brief description.

Penetration Testing: A Hands-on Introduction to Hacking by Georgia Weidman (Amazon)

This book is equivalent to the PWK course material. I highly recommend reading over the whole book and skip the sections you know. This book gives you the foundational knowledge to start penetration testing.

Red Team Field Manual (RTFM) (Amazon) & Blue Team Field Manual (BTFM) (Amazon)

These books are handy for their useful one line commands and give you an overview of all the commands, scripts, directories and other information you will need to enumerate, privilege escalate, and create reverse shells.

The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws Paperback  by Dafydd Stuttard  (Amazon)

This is essentially an encyclopedia for web app pen testing. If you want to know everything there is to know about how web applications are configured to how they can be exploited, this is a solid start for beginners.

Hack The Box

Hack the Box is an online platform to test your penetration testing skills and it contains dozens of virutal machines that are vulnerable. However, in order to gain membership, you must be able to pass an easy challenge to get an invite code – see online blogs on how to do that.

Working my way through the Easy-Medium machines on HTB, with the help of IppSec’s videos got me familiar with almost all of the tools used in the PWK lab exercises.

Machine Lab Dashboard

I would highly recommend getting a VIP subscription (less than $20/month) which gives access to the retired and current lab machines with your own lab network. I would start watching all of the IppSec videos on YouTube and going along with his methodology and keeping note of all the tools he uses.

HTB Linux machine ‘Lame’

IppSec YouTube Channel

The IppSec YouTube channel is essential for beginners.

IppSec video Channel

IppSec is a ROCKSTAR online for penetration testing, as he has helped thousands prepare for the OSCP and tests like it.

He narrates his way through his pen tests and explains in full detail all of the tools he uses, detailing the flags used, how to modify exploits, provides multiple ways to exploit the machine, and is generally one of the best sources for learning pen testing I have come across. The video will detail the steps he used to enumerate, get a reverse shell, privilege escalate, and obtain the root.txt file.

I highly recommend visiting his Patreon page and paying for permanent access to all of his HTB videos.

VirtualHackingLabs

Virutal Hacking Labs

VirtualHackingLabs is an OSCP like lab network environment for people to practice penetration testing on. The machines are much like OSCP lab machines and I have been told by members in the Discord chat that this is a good lab to practice on if you have failed OSCP exam and you do not want to pay the $200 OSCP lab extension fee. (VHL offers 1 month access for $99 )

Below are some screenshots of what VHL is like. There are 10 chapters covering most of the topics in OSCP. The most noticeable omission, however, is there is no buffer overflow training.

VirtualHackingLabs Course Dashboard
VirtualHackingLab Lab Network Dashboard
VirtualHackingLabs Vulnerable Lab Machine

Below is the pricing model.

Pricing Model

Discord

There are three Discord chat groups I would recommend you follow and lurk;

Here are my recommendatioins

  • On the OSCP Discord channel there is a chat bot you should private message with ‘!help’, called @WOPR
  • Read through PWK-EXERCISE and LAB-RANGE on the OSCP Discord channel in the weeks leading up to the exam to get a feel for what its like
  • Ask the community any questions you would like before enrolling – they are very helpful!

The HTB Discord and VHL Discord are useful when exploring their lab networks respectively. Much like the OSCP Discord group, you can find interesting conversations about careers, salaries, certifications, and what its like to be a penetration tester.

Helpful Blogs

Here are some helpful blogs I read to prepare for OSCP;

Additional Recommendations

  • I signed up and completed the coursework for VHL about a month before starting the PWK course to get familiar with studying and the course work
  • I would recommend rooting about a dozen or so HTB boxes before signing up for VHL, so you aren’t going in blind
  • You can find lists on the HTB Discord channel or on other people blogs about which HTB boxes are OSCP like
  • If you are unfamiliar with Buffer Overflow, I would recommend watching the Computerphile video explaining the process

Disclaimer: I have not yet written the OSCP exam. As of this post, I have completed the PWK course, lab exercises and am currently rooting the lab network, public, dev, IT, and admin.