Hello! It’s time for an update - I’m going to get the OSCP certification!
For anyone who may not know, OSCP (aka PEN200) refers to Offensive Security Certified Professional. It is a certification offered by the folks at Offensive Security. The course is somewhat renowned for its difficulty, as it requires significant preparation, and the exam involves hacking several devices over 24 hours, followed by a hefty written report.
Perhaps it would be sensible to provide some context concerning why I decided to undertake the OSCP.
So, I have recently finished my Diploma (finished late Februrary, as per summer semester), which went quite well. However, I currently have no intention of staying at university any further for a variety of reasons.
These reasons are somewhat broad and multifaceted, but they can be largely summarised by several points in particular:
-
OSCP is, supposedly, more-or-less the “industry standard” for penetration testing, and implies that the certified individual can actually undertake an engagement.-
So then, back to the OSCP - what’s the plan?
Well, I mentioned that I will essentially be doing this as a preference over a degree at university. As such, I intend to undertake my studies full-time. With that in mind, I will be dedicating around 4 months of consistent full-time practice and training, before attempting the OSCP exam sometime in July.
To break down the general timeline; my high-level agenda is currently to spend March (i.e. starting tomorrow) getting my hands dirty with as much HackTheBox (HTB) as I can handle. From my research, it seems like the most applicable route regarding OSCP preparation is the “TJ_Null” playlist. In addition, I may also undertake a few basic challenges in order to familiarise myself with HTB in general.
At the end of March, (ideally) with plenty of HTB experience, I will then start on a 3 month subscription of OSCP labs. Naturally, I’ll be doing more research between now and April concerning how I will spend those three months, but of course, I’ll aim to cover as much of the OSCP labs as possible.
I intend to keep regular updates on this blog regarding my progress. Assuming it doesn’t break any rules given by HTB or Offensive Security, I plan to post updates either on a weekly basis, or on generally interesting information I find, or perhaps even for each HTB lab and/or OSCP training lab. Regardless of the form though, I’ll be sure to be posting something…
Additionally, I also intend to have a solid cheat-sheet on my blog shortly before the exam, which ought to consolidate all of the important things I have learned.
Finally, it is worth noting that I’m not starting completely from scratch. For any newbies out there who may be reading this and considering following my foosteps, you should know that I have had a good amount of experience with web application testing (almost all PortSwigger Labs) - in addition to doing various CTFs and HTB-esque challenges over time, although surely none were as difficult as the OSCP. So, let me be quite plain when I say that I do not recommend starting from scratch and giving yourself only a few months to get the OSCP, as it most likely won’t work.
Anyway - regardless of how it all turns out, I’ll also post some comments on any applicable successes and/or failures, and perhaps someone in a similar situation might find it helpful.
If you (whoever you are) decided to actually read all of this, then I thank you for your time, and I will be posting more quite soon.
Now then, time for some HackTheBox!