OSCP (Offensive Security Certified Professional) Training and Challenge
I’m writing this post, as I really feel that this course needs to get more publicity. Over the last few years I have done countless security courses, and exams from some of the top players in this market, and nothing has come close to the OSCP training.
I first signed up for the training in May, as I saw it advertised on the Offensive Security website and thought that it sounded fun. At a first glance, I really wasn’t too sure about the training materials, as you get a Flash based CBT and a PDF, I initially ran thought the CBT side of things in a week, when I actually got around to doing the training, and thought that it needed a bit of work. I think that I wasn’t looking at the training from the right angle, and that’s why I misjudged it, it’s not designed to teach you everything in one sitting, it’s designed to give you enough information to go away and actually spend some time researching the different areas that they cover, and in which case, it’s the best training that I’ve ever taken!
There is no way that a training course could cover everything that they cover without expecting you to go away and do some research yourself, and well to me, doing the research on my own time really paid off, as I feel that I learnt more in the time that I spent either going through the training or researching bits of it, than I have in the last 2 years.
Now on to the actual challenge that you must pass to obtain the certification, this is a live hack of a number of predefined hosts, and you have 24 hours to get through them all. You can pretty much use any publicly available exploits or ever write your own to compromise these hosts, and well let me tell, this has be the most insane 24 hours that I have ever had. It took me 23 hours and 55 minutes, and even then I didn’t manage to fully finish the last question, but I knew that 5 minutes wouldn’t have been enough for me to finish it. throughout the whole 24 hour period, I had 2 hours sleep, and the rest of the time was spent trying to compromise the various hosts. It may not take other people as long as it took me, but “Challenge” is definitely the right choice of words for it. If you don’t know how to exploit systems to a level where you have root/Administrator access then in no way are you ready for the Challenge.
Thankfully I made it through, and if I hadn’t I would have sat it again, but it would have been a while before I did, as it really does take it out of you. From my side though, when I come across another OSCP, I will show them the respect they deserve, as honestly, if you can get through the Challenge, they you should have a pretty good idea about how to conduct a proper penetration test, and no other training that I’ve done has ever been as hands on or in depth.
To anyone thinking about taking the course, do yourself and your employer a favour and sign up for it, you won’t regret it.