OSCP – Offensive Security Certified Practitioner. A lot of fun, a lot of learning, this is what a certification is all about!

Share Button

First, a little bit of history. I’ve entered the Security domain of Information Technology about 10 years ago, and back then IT certifications were so well sought, everyone thrived to add letters after their name in their business cards. Microsoft probably started it all, as they begun the era of OS certifications. Security certifications were not that common those days. Most of the certs came from firewall vendors like Checkpoint/Netscreen(now Juniper)/Cisco. I remember how some of my former team mates pride themselves for earning a new 4 letter suffix after their business cards. I pity them, they’re not even close to what I expect them to be.

Back then, Microsoft was the most taken certification. I guess mainly because, most of the companies utilize Windows in their back end and new IT managers have so much IT budget, they require all their staff to have it. They buy exam vouchers in bulk in discounted rates and push their staff to study. Everyone knows how braindumps help them pass. For those who does not know, dumps are exam notes, actually they are exam questions with answers. They came from people who took the exam and have photographic memory(sarcastic), they are able to write down their questions including the choices and answers! Now all you got to do is memorize the dumps and surely you’ll pass. Imagine, if this is how doctors get their title.

Fast forward 10 years, and I was looking for a worthy security training for myself. I’ve taken RHCE a few years back and it’s one of those certifications that I find special compared to the usual question/answer type of certification. Passing the actual hands on exam was really a very good experience, you’ll really feel that you’ve gained the title.

And so, I go scoured the web and found OSCP. To be honest, I’ve never heard of Offensive Security before, but as I searched and found feedback about the course and the founder(muts), I registered for the online course and little that I know that it’ll change the next 3 months of my life forever(gained me XP on sleep deprivation).

The course provides a training module composed of a PDF book and training videos that you can follow along. As a pentesting course, it provides a lot of practical examples and exercises for the student. It will give you the basics first and build upon that foundation to learn more complex methodologies. I would say not everyone will like this course, specially the ones that would like to be spoon fed(remember those braindumpers?). The course was designed for you to be frustrated and you as a student needs to learn how to be able to channel that into a positive attitude. Yes, “Try Harder” will be your motto. Once you get the point, you will learn one very important quality of a good pentester – to be persistent.

The course will give you access to a lab via a VPN connection. After you’ve finished the lecture(which probably will take 3-7 days, depending on your free time), you will access a very interesting company network(s). The lab access is what gives this course its value. The lab is comprised of several(I won’t tell how many) interconnected subnets of servers and workstations(around 50-60 I guess, I think I got 50+ of them). Your mission is to root or get admin access to all the machines you can find. The machines have varying degree of vulnerabilities in them, sometimes multiple and you have different ways to compromise them. There are several ways to expose the other networks as well.

You will document your pen testing effort and submit it at the end of the course. Report writing is not left out, as it is one of the most important task in pentesting.

There are really easy ones(Alice), which will be the first machines you’ll be able to compromise. And then there are the evil ones – gh0st, sufference, pain etc. These last few machines gave me a lot of sleepness nights and it specially gratifying the get a root shell after 24 hours of marathon hacking.

And then comes the exam. You will be given a day to compromise a small number of machines. You will be given points based on the complexity of the compromise. There are easy one, which are worth 10 points and difficult ones worth 25 points. You will have to pick which ones to root and you need 80 points to pass. I would say this is the most engaging assessment exam I’ve ever taken. And after I received the email that I passed, it brings a lot of pride and joy, like the time my daughter was born!

I know a couple of local folks who also took the course but were not able to pass the exam. I wouldn’t be surprised as I know it is difficult. You need to take a lot of practice and be able to solve the difficult machines in the lab. Believe me, once you learned them you’ll never regret the time and effort you took to root them.

Here are my tips to the folks who are looking into taking OSCP:

  1. Time is of the essence here. The more you get engaged in the labs, the better. So I recommend taking the course/exam during the time of the year when work is not that busy(December perhaps?). Invest x amount of hours each day.
  2. Do not run exploits you don’t understand. Most of the exploits in the internet are in source code format. You never want to ran an exploit that wipes your partition table don’t you? If you are using BackTrack in VM, make scheduled snapshots.
  3. Be organized. Document all your findings as you will need it to write the report later. Make a database of passwords and hashes you’ll find along the way and use them to guess passwords on some hosts. Believe me some of the hosts are accessible only from information from other machines you’ve compromised.
  4. Before the exam, make sure you get plenty of sleep, as you won’t be able to sleep that much during the exam. But I do encourage to take naps to replenish and freshen up your brain. If you are not making any progress for the past 2 hours or so, take a rest and return. Sometimes the solution appears in your dreams. ^.^
  5. Offsec has an IRC channel where you can talk to other students and let go of the steam once in a while. It’s a cool place with cool and not so cool people. Make friends and block out the rotten ones. I assure you, you’ll different types of people in the chat.

Overall, I think this is one of the best pentesting certs out there. The course is well thought, the lab is well designed and you’ll definite miss the guys(Mike, Alice, Bob, Pain, Tricia, Sufference etc, etc). I am taking OSCE by end of year and will update you with the experience as I go and venture to the unknown.



Share Button


  1. John

    Hi dude, I was Reading your post here, and I noted that you said that we don’t have to run exploits that we dont understando…. please, tell me, do you have to know programming to pass the exam?? or what did you supose to say about “dont run exploits you dont understand”

    Best regards

    • Vince

      Hi John, you need to know how to write scripts(python/perl) since you’ll have to code scripts from scratch or modify publicly available exploits.
      In finding ways to compromise machines, you’ll sometimes find scripts via google that you don’t understand(cryptic or using encoded payloads). Most of them are malicious and affect your own machine. So make sure you have a backup of your machine. I learned a lesson the hard way(I ran a root script that wiped out my drive, ouch). After that I’m extra careful.

Post a comment

You may use the following HTML:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Loading Facebook Comments ...