Joshua F. Rogers

About Facebook Instagram Twitter GitLab

25 Feb 2017
Offensive Security Certified Professional

So I’ve been more than a bit shit about posting; but I’ve been pretty busy to be honest. As I sad in my last post, I did indeed return to my shitty sleep patterns on shift; but for once it proved useful.

In mid December, I started the Penetration with Kali course, culminating in an exam which would certify me as an Offensive Security Certified Professional if passed.

Well, after 60 days of labs, a 24 hour exam followed by a 24 hour write-up; I finished my time with the course on the 22nd February 2017. I passed the exam, despite feeling at many points like I was going to fail.

It is without a doubt one of the hardest things I’ve done; and consequently, one of the hardest courses I’ve worked on to get the most out of it. I ended up spending a couple hours each day here and there, with only a few days I truly took as time off; even then I made up for it by spending more hours on the days I was working on it.

I found myself writing notes on everything; something which I am taking more into my day to day life now; by taking notes on everything; i f i ever have to return to it, I can - I have that record. I might not go quite to the same level of detail though (there probably isn’t quite the same need to screenshot my life every ten seconds).

The boxes in the lab challenged me to think about solving problems in some interesting ways, ensuring I wasn’t thinking about things in a script-kiddie type way but actively having to hunt out misconfigurations, vulnerabilities and exploits - not just rely upon metasploit for everything.

Indeed during the exam, I became happy I hadn’t used it that much; it made it a relief when I eventually did use it; as opposed to a crutch I depended on.

I’m not too sure what more I can say about the course; the multiple environments tested out a lot of different methods for attack. Truly I think this is the way more courses should be taught; less bookwork and more practical. I found myself having to do outside research for a number of vulnerabilities; and as such taking in the information much better than I would have, had I been spoon fed it.

The Exam was unlike anything I ever have done before; though I have on occasion done a 24+ hour day, there hasn’t been a time I’ve had to be both conscious and able to work for the duration. Though I made the majority of the achievements I made in the exam in the first twelve hours, I kept thinking I could maybe try and push it further.

It’s at that pint I should have gone for a nap; researched the exploits I was trying and took a step back. Thankfully, by the point I was stuck amongst the weeds, I had already gotten enough points to nab me the pass; else I’d be in a much less buoyant mood.

If there is anything I could suggest as a tip for the OSCP it’s this:

Take a step back. Way back. Walk away from it every so often, and don’t trip yourself up.

Too often I found myself repeating the same task over and over because I wasn’t really reading the output.

Oh, and Try Harder!

Until next time,
J.R. at 23:46

About Facebook Instagram Twitter GitLab