Penetration Testing with Kali (PWK) Course And Offensive Security Certified Professional (OSCP) Exam Review

September 12, 2016


Penetration Testing with Kali (PWK) Course

The PWK Course is a self-paced course where you will learn the basics of penetration testing via a 376 page PDF, about 8 hours of course videos, and VPN access to a pen testing lab. A course syllabus of the material covered in the PDF is available at: PWK Syllabus. For more information about this course, visit: Penetration Testing Training with Kali Linux. Lab access is available in 30, 60, and 90 day increments.

Basic previous knowledge in TCP/IP, networking, and linux are essential prior to beginning this course. I would also recommend basic knowledge in Bash and Python scripting. The PDF and videos do a good job describing and explaining things, but you will be using Google and books to fill in gaps and expound on certain topics based on what you are encountering in the labs.

Make sure to document your enumeration and steps taken to pop the boxes in the lab. Not only will this help you on subsequent boxes and the exam, but if you submit a lab report and document the exercises in the PDF, you may gain 10 points for the exam in the event that you need them to pass.

I went with the 30 day lab access, but I would recommend the 60 or 90 day. While I passed the OSCP exam, I feel that more time in the lab would have been beneficial in learning more and being able to practice more on different boxes, and also getting to practice Pivoting.

I spent the first 15 days of my lab time reading the PDF and completing all the exercises. The last 15 days I used exploiting machines in the lab, although I also moved to a different city during this time, so I didn't get to spend all 15 of them in the labs.

Offensive Security Certified Professional (OSCP) Exam

I went into the Exam hoping for the best, but resolved not to be too sad if I failed the first time around. Everything I'd heard led me to believe it would be quite hard. I ended up passing. I scheduled it to start at 9:00am, but for some reason I did not receive the email until 9:40am. I contacted Offensive Security, and they extended my time by an hour.

I got my first root/admin at 12:41pm
Second limited shell at 3:31pm
Last limited shell at 5:02pm
Second root/admin at 5:18pm
and last root/admin at 10:46pm

By this time I had 65 points + 10 from my lab report and course exercises. I knew I had enough points to pass, so I took a break, had a shower and something to eat. I worked on the last 2 boxes for another hour or so, but wasn't getting anywhere, so I called it quits and went to bed.

Resources I used during PWK and OSCP Exam

Websites:
http://www.fuzzysecurity.com/tutorials/16.html
https://jivoi.github.io/2015/07/01/pentest-tips-and-tricks/
http://www.toshellandback.com/
https://highon.coffee/
https://pinboard.in/u:unfo/t:oscp

Books:
There are numerous excellent books on source code review, pentesting, buffer overflows, network security, and web application security. I plan to make a post about my favorite books in the near future.

I'd be happy to answer any questions below. No spoilers.

Comments

©2013-2019 All Rights Reserved.