Its been a couple of days since I received the email from Offensive Security saying I successfully completed their Penetration Testing with Kali Linux Certification Exam. It was a crazy journey that would have not been possible without the love and support of my loved ones.
Background
Just to give a little background about myself, I recently graduated from The University of Texas at San Antonio with a BA in Cyber Security. However, the curriculum I took did not offer many classes for the offensive side. My last semester, I did take a “Cyber Attacks” class but it was just a taste of what the field had to offer and that’s where I fell in love. Other than that, I had no real exposure in college to penetration testing, especially because I started my college years playing basketball for a small NAIA school in Kansas and did not have a variety of class selections due to my athletic schedule.
Purchasing The Materials
I decided to make the jump and invest in myself by spending the large amount for the training materials OffSec offers. I did my research and noticed a lot of people recommend purchasing the 3 month lab time, but I decided to do the 2 month because my budget was a bit thin. I went through the material taking notes on every section and doing all the exercises at the end of each section but eventually grew tired of doing some that seemed to be geared towards people who have never had experience touching a Linux box. OffSec does offer each student the ability to obtain 5 extra points for their exam if they supply a report of 10 boxes they are able to root in the labs along with all the exercises in the material, but I didn’t see the worth of losing valuable lab time in order to do some of those exercises. After about 3 weeks of covering all the lab material and watching the amazing videos OffSec supplies, I went straight into the labs and was able to root about 44 boxes and move around a couple of the networks in their lab environment. With rooting about 44 boxes in the lab, I “thought” I was ready for the exam. Boy, was I wrong..
First Exam Attempt
On the Exam attempt, I scheduled my exam for 9 am Central Time, and had everything prepared from snacks, water bottles, and several snapshots of my VM. I immediately, started my scans with a tool that I wrote to make my nmap scans faster, while I took on the Buffer Overflow machine. I was beyond confident with the Buffer Overflow aspect because I had practiced with several vulnerable VMs that had Buffer Overflows and was knocking them out in about 30 mins. This time was different. I cannot go into details for obvious reasons of why I struggled, but my planned 30 mins for the Buffer Overflow machine turned into 8 hours. After that, I was done. My confidence went down the drain, and I was not able to root any other machines. The OSCP got the best of me and put me down 1–0.
Second Go Around
After taking such a FAT L, I knew I had to come back stronger than ever. So after a couple of days to recovery, I signed up with TryHackMe and started their “Offensive Pentesting Path” and knocked out all those machines in the path. In my opinion, I am a BIG FAN of TryHackMe because it is a platform for all and gives such amazing learning material!! After doing those machines, I signed up with VirtualHackingLabs and this ended up being one of the best investments I could have made. They have about 43 vulnerable machines that are updated and supply the user with some learning material similar to OffSecs. Each machine teaches something different and are rated from Beginner, Advanced, and Advanced+. Granted that almost all the Linux machines priv esc methods are vulnerable to Dirty C0w, this is not always the intended way, and teach something new! They also allow you to submit a report after you have rooted 20 machines to obtain a certificate of completion as well as an Advanced+ certificate if you are able to root 10 Advanced+ machines while doing 2 of the machines manually without any public released scripts. I was able to purchase a month subscription for $100 and root 42 of the 43 machines and obtain both certificates.
After getting through those machines, I scheduled my exam for the following weekend and was ready to hit the OSCP exam with the 1–2 combo!!
Second Exam Attempt
This time, I decided to take the exam later in the day so I could work later in the evening. My biggest take away from my first attempt was to simply take my time! You have to remember, these machines you get for your exam are meant to be vulnerable, so you are in no need to rush! Just ENUMERATE! I made sure to take my time and take breaks every hour, even if it meant just going outside and walking around a bit. I managed to root 4 machines and obtain my OSCP certification! I felt really comfortable writing my report as well since I had the opportunity to submit two different reports to Virtual Hacking Labs, so I wasn’t to concerned submitting my lab report to OffSec.
Useful Items That Helped Me
For privilege Escalation I purchased The Cyber Mentor course on Udemy:
I also watched and took notes on IppSec’s methology on how went about attacking the TJ Null’s OSCP Hack The Box list.
Vulnhub’s OSCP list was super useful as well since the machines are on your internal network, your scans work so much smoother and quicker compared to being on a VPN.
Finally, having a playlist that motivates you and pushes you to grind harder than you already are! ;)
I hope you find this useful on your own journey to OSCP. I’m finally glad this all over as I start the path to obtaining eLearnSecuritys eCCPT and breaking into the penetration testing field. I can finally kickback and watch my little girl have fun being a toddler!!
