Posted in Penetration Testing, Thoughts

Good enough?


Writing gives me space to offload things that could be swirling around in my mind. Almost like a program caught in RAM, this blog serves as a Task Manager to clean out any unwanted processes in my head.

One particular annoyance lately, has been an echoing thought of meeting the grade. I have thrown myself into the lions den so to speak, or in a less aggressive manner, thrown myself into the deep end. Training in OSCP has been a challenge, and I feel that with 23 boxes rooted, it’s a modest number for someone who didn’t know anything about hacking only 12 months ago.

OSCP can have you living in a protected bubble. It can lure you into a false sense of security. It’s not a criticism of the course or certification, but merely an observation. You can become so captivated by the lab environment that you lose track of everything else around you. There are other aspects to Penetration Testing, however, your mind is focussed on the task of hacking lab machines. This is great for learning, however, when you speak to other professionals, it can leave you feeling distant if the conversation isn’t about OSCP.

Do you belong here?

I ask myself this question quite regularly. I see amazing things happen on a daily basis in the industry. That’s just from the people I follow on Twitter. Am I putting enough effort in to expand my knowledge past that of the OSCP? Where else should I turn for information?

OSCP hasn’t been a walk in the park for me. It’s often classed as an entry level certification in Penetration Testing. Entry level? Really? I’ll either need to put overtime in or readdress my goals. Don’t be fooled by the notion that this is an entry level certification if you are new to Penetration Testing. I can understand why they say it’s entry level, because it’s such a vast space, however, entry level doesn’t mean easy.

False sense of security

Finding your flow in OSCP can take some time. There is a lot of material to go through and when you start hacking the labs it can be a slow and frustrating process. Once you get more confident with identifying vulnerable services and exploits related to those services, you slowly and surely start believing in your ability. If for some reason you get ahead of yourself, there are some machines in the lab that can bring you back down to earth. This constant fluctuation in feelings can be unnerving at times. One day you’re full of confidence, and other days you just feel like a fake.  Training yourself to look past failure and turn it into success can take some time. The lab teaches you more about yourself than the vulnerabilities you uncover.

So what now?

I’ve broken past the point where training in Penetration Testing is a hobby for me. It’s not a matter of whether I’d like to do this as a career. It will be my career at some point. I love the art of enumeration and the craft of transparently learning everything about your target. There is always room for improvement. OSCP helps engineer your mind into learning. It’s not there to teach you how to hack. It’s function is to show people that you have the ability to learn and apply complex procedures in practice. How that translates to real world testing remains to be seen. Not everything in the world is vulnerable.

Ready, Set, GO!

I was fearful of moving away from my job in IT because of the job security. I knew my bubble and it was safe, but now I feel more confident that I can learn anything. That’s what OSCP teaches you. Work hard, learn, work harder, learn and apply in practice with confidence. It’s a genius concept once it sinks in.

You can do anything in life. Set goals, and if you want it bad enough it will fall into place.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s