Finally I am among those who can write this review and say “I did it!”
It has been a long journey for me with everything I had going on at home between work, and a new baby I had to extend my lab time A LOT! So I will not be commenting on how long it SHOULD take you to complete the course and certification… What i will say is if I would have had 2 weeks to do nothing but this class I could have knocked it out in that time. My time for the class was spent mostly after work 6-7 PM until bed, and then on weekends…
The Pre Game:
I have wanted to take this class for years, and I finally had the money saved up so I could. I signed up, and after having to use PayPal because my bank declined my transaction I was official 🙂
I was unsure what to expect like most so I read a ton of these reviews. I also worked on the www.vulnhub.com VM’s as much as possible. I read from https://www.corelan.be/ and watched videos at www.securitytube.net. I still did not know if I was ready, but I was sure excited to learn!
The Puck Drops:
I started out my first week by doing nothing but watching all the course videos, and reading the material provided. Week two I started in the labs. I took down the boxes with MS08-067 first, and any other low hanging fruit… I then worked my way slowly though the lab network including two out of the three sub networks that had to be pivoted into. Along the way I met a bunch of great people who pointed me in the right direction as well as the admins in the #offsec channel who would pull me out of the rabbit hole I dug my way into and point me the right way, or just tell me to “TRY HARDER”.
After I had compromised all but a few machines I decided it was time to write my lab report. I highly recommend that if you take this class you write you lab report BEFORE taking your exam. It took me about a week to get the report done to my liking.
Time to re-surface the ice and prepare for my exam… I started out by copying my Kali VM from my Macbook to an external hard drive, and building up a fresh clean VM. I got the latest Kali 32 bit VM. (It is recommended that you use 32 bit Kali in the class and exam.) I created a tools folder and dropped a copy of any scripts I had found/created along the way. I also created a list of common commands that I found myself having to Google the syntax for during the lab as I did not want to waste time with syntax issues during the exam.
I had about a month between my lab time expiring and my exam so… I went back to www.vulnhub.com and started working away on some VM’s to keep my mind sharp. I also practiced some buffer overflows to prepare as well.
The day before the exam started I ran a 5k. Still not sure if that was a great idea, but it did help me clear my head before the big test. After that I just did a final check of my Kali machine, and created a snapshot of it just in case.
My Exam went well. I can’t go into much detail about it, but I will say it was a challenge for sure. It took me about 19 hours including a 1 hour nap to get enough points to pass. I will say this about the exam. The things I did above to prepare helped out a lot! Keep in mind well preparing with Vulnhub that you grab machines that are more “realistic” a lot of them are designed to be brain teasers, and don’t accurately depict real world scenarios.
Within an hour after my short nap I got root on the last box I needed to pass the exam, and I was so excited I forgot I was tired from an all nighter :). I spent the last hours of my exam trying to get root on the last machine as I already had a limited shell on it, and making sure I had all the notes, documentation, and screenshots I needed for my report. I spent that night writing and making my report look good before zipping it all up and sending it off. I got my confirmation it had been received the next morning.
Then I waited… Two days later I received an email from OffSec.
We are happy to inform you that you have successfully completed the Penetration Testing with Kali Linux certification challenge and have obtained your Offensive Security Certified Professional (OSCP) certification.
I did it! As I write this it has only been a week or so since I passed so I am still waiting on my paper certification in the mail, but I feel great for finally passing this as it has been a goal of mine for years!
Post Game Comments:
This class and certification was everything I was hoping it would be. Even when I was told to “Try Harder” there was a lesson to learn in that every time. Even when I did get a hint I learned a lesson that I will not forget. One of the fun things about going back to the Vulnhub VM’s after the lab time well preparing for the exam was that i felt so much more confident as I worked though them.
The best thing of all the come out of it by far though was the people I met along the way (Maleus – Erik, and Felux – Steve). They pushed me when I was feeling defeated, and those same people have been instrumental in building up this blog you are reading now. As well as helping maintain an active community on Freenode #overflowsec. They have even published a tool called Enumerator that is being actively maintained. (Enumerator)