Posted in Education, Penetration Testing

OSCP – My journey

oscp-certs

It will take time, effort, blood, sweat and tears, but I WILL GET THERE!

It’s with great pleasure that I can say that on the 3rd March 2017, I passed my OSCP. Nope, it still hasn’t sunk in, no matter how many times I say it.

I guess, it’s been an up and down week since passing. I haven’t really had a chance to think about it. I spent so much of my life devoted to success in the labs, sitting several exams and doing extra work on top learning about Windows and Linux Privilege Escalation that I totally forgot to live a little bit and take stock of everything around me.

Fast forward to exam attempt number 4. 

By this point I’m staring down the barrel of a 6 week wait if I fail, and no direction whatsoever and no plan for the future, because lets face it, failing 4 times in a row is not good. The only plan would be to get back to the drawing board in the labs.

Exam Day…

I wasn’t nervous. I felt calm. I hadn’t looked at any hacking for 4 days before. I played my favourite game ‘The Forest’ killed some cannibal tribes and built a massive base, so I was relaxed. On the morning of the exam I lay about the house chilling. Did my normal routine for the day. I didn’t even think about the exam. I cleared my head.

Email comes in…

Kali is fired up. Connection pack downloaded. Particulars read and off I went into the darkness for 24 hours.

I had a 10am start UK time and by 10pm that night I had 80 points. I obviously can’t talk about any aspect of the exam. I had 4 out 5 roots and used the next few hours to makes sure everything worked the way it should. 2am came and I went to bed for a sleep. I woke at 9am and tried the last box but it was pointless by that point. I was already happy with my effort.

I submitted my report before 1pm and after double checking everything I sent it off. I tell you though, that must have been the longest wait for a reply ever. Gladly it came in a couple of days later and I had passed.

Yay!

Numb

I still feel a little numb after it all. I worked my socks off for that OSCP. It’s been the best part of my life for the last 6 months at least. Anyone following my progress (it was hard to miss) cheered me on many times and it’s been great encouragement. Now I don’t really know what I’m doing.

I do have a few ideas up my sleeve, and I very rarely leave myself empty handed with tasks to do. I’m currently creating my own CTF Vuln VM, that I’ll hopefully post on Vulnhub if they let me. I was so taken by it all that I want others to take up the challenge if they are willing. You need all the help you can get.

So who is it for?

I have my own reasons for doing OSCP. Sometimes I think to myself how silly it was to jump into it so fast, spend the amount of money I did, to sell everything I had to do it, and have no plan after it. Yeah well maybe so, however, for those of you how are wondering if you should?

Why not?

If it’s fear that holds you back, just stand up, shake it off and sign up. It’ll teach you more about yourself than you’ll care to imagine. It strikes a maturity in your approach to hacking. You are taught to pay special attention to the information you find, and through sheer repetition you are taught to forge command line parameters you’ll never forget.

It’s more than just a hacking course. You meet new people all on the same journey as you. There’s a great no spoiler mentality even among friends. I’ve had people ask me if I’ve popped a box in the labs, and in the same breath say “Don’t say a word, I want to own it myself”. Not that I could tell them if I wanted to. I wouldn’t want to steal their glory.

But I can’t learn from pages of notes

Neither could I. I hate learning from books. It’s boring. One thing PWK forged into me is learning by reading. To be honest? it’s the best lesson I’ve learned from it. Now I can apply that to anything and learn.

Anyone with a drive to learn and succeed in the InfoSec space can do OSCP. Yeah, it’s a bold statement and I’ve made it before, but it’s true. I’d advise anyone to do it given the time and determination.

Ok so what’s the real deal?

I’m not going to lie to you. Yes knowing some Python helps. Knowing how to read, spot mistakes and fix C files helps, and you better be spot on with enumeration. You’ll get no points for only using linux a few times and expecting to be a 1337 hax0r. Nope, not going to happen. What I will say is that you can be limited in these fields and still get it done. It just takes longer. Would you rather learn all that stuff now then go wit PWK? or waste lab time learning stuff you could learn now?

Work hard, try your best and don’t sit at your computer saying “Shit! I’m not good enough for this, I’m out”

I don’t work in security, I never have. I passed it. Yeah it’s absolutely the hardest thing I’ve ever did in my life, but my god it was the most rewarding. Some say it’s a beginner cert or the tip of the iceberg, and that may be true, but it’s a good tip to start off with.

Special thanks

I can’t put my success down to sitting in my room all alone and pwning the world. There have been people in my life that without their encouragement I probably would have given up a long time ago.

My wife: For putting up with my moods, me being broke and just being a rock star.

Andy Gill (aka ZephrFish): For buying me more lab time when I really needed it, and just giving me the kick up the ass I needed at the right time.

Paul Ritchie (aka cornerpirate): For constantly being a source of enthusiasm and encouragement throughout.

Cheers folks 🙂


 

So I guess it’s back to the review I was meant to write.

I hope by this point you’re all raring to go sign up for PWK and get started on your epic journey. No? Well I guess it’s up to you, however, it’s starting to get very popular so if you want a job in Penetration Testing you’d probably be better getting it sooner than later 🙂

As for me? Ermm I think I’ll keep that one to myself for now if you don’t mind.

At the moment I feel like a part of a big wheel. It’s kind of hard to get off, and I don’t want to.

Don’t let fear rule your life. Do something daring like I did. I work in IT fixing servers and laptop motherboards by day and by night I felt like Batman or something like that. It’s over now and I’ve got to chase the next thing. There’s no time to sit back, you press on and keep learning as much as you can. It does get easier and you may just surprise yourself.

Take care…

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s