Some thought on doing the OSCP

I can see now that I haven’t updated this blog in quite a while. This is due to the fact that I have been doing the the course Penetration testing with Kali Linux (PWK - OSCP). Today I got the email from Offensive Security that I passed the exam, and that means that I am now a Offensive Security Certified Professional.

Before I decided to take the course I spent way to many hours reading reviews and threads on reddit about the OSCP. One thing that I was always looking for was an answer to the question: when am I ready to take the course? And, what background do I need to have? So in this post I am going to try to answer those questions and share my ideas and recommendations.

My Background

I don’t have any professional background in infosec at all. My background is in political science, and I spent quite a few years at uni doing my undergrad and graduate studies. When I finished my grad-program I got a job at an embassy, where my only interaction with technology was with Word, Excel and PowerPoint. At that time I started getting more and more annoyed by the fact that I was basically computer illiterate. I was sitting in front of the computer all day long, but I had no idea of how it worked. Of course, in an office environment where the average age was pretty high I was considered a power user. I was the youngest person in the office, so I became the unofficial IT-support. I turned computers on and off, and I did it well.

Anyways, I got a hold of a really old laptop and installed Linux on it. For absolutely no other reason than to satisfy my own curiosity. After I had installed it I didn’t really know what to use it for, so I just started exploring it. Meanwhile I started becoming more and more fascinated with programming. It seemed like magic to me. They said that everything is zeros and ones, and from that some mysterious levels of abstraction generate this amazing experience that is the computer and the internet. The fact that computers were so far away from what I had studied really intrigued me. So in my free time I started dabbling with python. That was about two years ago.

Then I quit my job and moved to another country and I started learning web development. I learned javascript, nodejs, angular and mongodb (thank you freeCodeCamp - best webdev learning resource ever!) and got a job at a startup working with those technologies. Since I was learning more and more programming during the days at my job I figured I could study security at night. So for the last year I have been studying security at night and on weekends.

I started a study-group with some other infosec-nerds that I got to know over the internetz. And together we have been pushing and helping each other to become better hackers. Something that has been really valuable.

How I organized the OSCP

I created a directory structure with one directory for each machine, with subdirectories for enumeration and privesc and loot.

I saved all my progress in a private gitlab repo.

I wrote notes, exam-report, lab-report and exercises in markdown with sublime. And viewed it in the browser, and then converted it to PDF using the browser. There were some issues when converting it to PDF, but all in all I still think it is more convenient than using KeepNote or OpenOffice/Word.

Gitbook-book

Every time I learned something new I added it to a book that I have been writing. It was, hands down, the best idea I had. It helped me so much. The book is written with gitbook and is searchable and can be read as epub, PDF or online. It is available here: I still don’t have a name for it. I went back to it again and again. I really hate having to google the same thing over and over again. I like to have everything I need neatly structured at the same place. It is still messy and a lot of it is half-written. But you are more than welcome to fork it and make it yours, add and remove content as you wish.

Templates

Another thing that I did that worked out really well was that I wrote two pentest-templates. One for Linux and one for Windows. And in each of those templates I outlined all the steps and checks I needed to do. For enumeration, privilege escalation, and for post exploitation. Having check-lists really sped up the process and it made sure I checked all possible vectors before moving on.

Scripting

For the exam I wrote a pretty comprehensive enumeration scripts, it is based on this great script, but very heavily modified. I just ran that with the target hosts as arguments, and it created a file-structure, imported the templates I mentioned above, ran specific scans according to open ports and outputted the result in the correct directory. The script also added in the correct IP-address on every command mentioned in the template file, and it also added some enumeration-output right into the template file. So that was kind of nice to have. It is far from perfect and have some issues. But over all it was pretty useful. The templates and script can be found here.

Tips

If anyone else is in a similar situation as I was. By that I mean coming from a non-technical background and wanting to do the OSCP, I would recommend the following:

Try Harder! Unless you have tried really hard but it is just way out of your league. Then move on to something easier and then come back when you know more.

Regarding educational resources I would really recommend this:

Also, one last note. When I started researching OSCP I wanted to know what kind of internet speed you need. Since I live in an area with really poor connection. I did the whole course with the internet speed of a shared 2 mbit connection. It is absolutely nothing I would recommend anyone of doing, sometimes you can get lag when connecting through RDP or even in the terminal. But for the most part I didn’t really have any problem.