Re: OSCP certification?

[Ryan B <broadydownunder () gmail com>]

Hi Don,

I got my start in InfoSec with the OSCP and I would highly recommend the
course if you're new(ish) to Penetration Testing (more novice than absolute
beginner, although both are fine, one will require more personal study
though) It is by no means the only training you should get and I'd
recommend you continue your studies after the course but if you're looking
for a Pentester Bootcamp, it's really good.

The best part about the OSCP is the Lab. The Lab has about 40-50 systems if
I recall correctly, and they vary in difficulty to compromise. The easiest
would probably end up being a Windows 2003 box vulnerable to the good old
MS08-067 "netapi" exploit and the most complicated would be PAIN and
SUFFERANCE which you can enjoy for many sleepless nights.

The thing I like most about OSCP is it's not a "Here's a bunch of tools and
how to use them" course. They really do work at the bits and bytes level of
Pentesting. You will learn about Port Scanning and ARP poisoning but
learning the make up of the packets, reconstructing your own through
painful processes and in most cases, you'll need to build your own ARP
Poisoning tools and Port Scanners using Bash, Python, Ruby or Perl. Only
then should you defer to the Tools we all love. That way you get an
understanding of what's going on "under the hood" and a greater
appreciation for what the developers of your toolkits have built.

Another important rule, No Nessus, No Metasploit in the Lab! The point of
the Lab is to understand how to find and identify vulnerabilities. Then
find available exploits (exploit-db, packetstorm, securityfocus, osvdb,
cve-details), modify the shellcode to make them work for you, then go after
the system.

Finally, you'll be using some impressive SSH tunneling to exploit the hosts
multiple subnets away through bridged machines you find in the Lab.

The Certification is a 24 hour exercise, you'll be given 5 machines and
asked to do your best. Normally, one of the machines will not have a listed
exploit but one you will have to research and build yourself. The rest will
be challenging machines requiring multiple exploits to achieve root.
Vulnerability Scanners and Metasploit again are not permitted in the
Certification.

One year after finishing the OSCP, I'll admit that it may not have the
biggest reputation amongst employers, but it will shape you into a
Pentester that's not reliant on his toolkit.

g0tm1lk wrote a great review of the OSCP you can read up on here:
http://blog.g0tmi1k.com/2011/07/review-pentesting-with-backtrack-pwb.html

Cheers and best of luck with the course.


On Tue, May 21, 2013 at 12:12 AM, Don Pandori <dpinfosecurity () gmail com>wrote:

> Was looking for thoughts/comments on the OSCP certification.  I can't
> afford to get to SANS this year, even as a work study, so I'm looking at
> the Pen Testing with Backtrack training that Offensive Security offers.
> The online course looks pretty kick-ass and I like that the
> certification is more like a practical rather than filling in bubbles.
>
> Thanks in advance!
>
> Don
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com