Concluding on my OSCP journey

Some fear the OSCP. Some see the OSCP as an entrance into the penetration testing- or even the IT Security field. Some are already in the field but really would like to know. Know what the OSCP is really about. First of all OSCP is short of Offensive Security Certified Professional. A certified professional in the field of offensive security that is. Offensive Security doubles as the name of the company offering the certification.

I personally always have known of the OSCP certification. I have known that it existed and also that I really wanted it to show that I was actually able to "hack". Until recently I did not even know what was expected of me as a student. I did not know what was contained in the PWK course leading up to the exam itself. I did not know how much knowledge and experience I needed to have to start the PWK course.

Having the mindset for passing the OSCP

For quite some time I was afraid to publicise that the OSCP was in my scope or even in my thoughts and dreams. Afraid of potentially publicly admitting to failing. Time went on and I read about others taking the exam. Many others. Some passed the exam the first time, but many did not. Not the first time, second time or even third time. I realised at some point that I needed to just do it. Learning by failing is not a bad or wrong way of learning - it is in this case the right way. I needed to spend a lot of time failing. When at first my mind was made up, I made a wise decision to make my goal public here on LinkedIn and at the same time ask broadly if others had the same goals as myself, wanting to go ahead on this journey with me. To my surprise I was overwhelmed by like minded people wanting in on a study group - not only locally but globally as well. So many people wrote me that I had to “take control” of my own learning by taking the decision to make this a “small” and local group of people. We started out being around 6 people, but the group grew every week. Today 25 people are in the private chat room that I created, three have passed the certification and more are on their way. Some met with the group only once and, as I hoped, a core group was quickly formed. Every week I hosted a hacker night, usually we were 6 to 10 people meeting up to train together, using HackTheBox. Some of us would in time buy the PWK course, others PTP (for the eCPPT certification) and some were just part of the learning.. because it is really fun!

Unfortunately COVID-19 put an end to our study group before my lab time was over, and I did not really practise much until I was forced to schedule the exam. 

Should you have a study group?

Yes. It is a simple answer. Even if you have different individual goals you will find that you all have the same ability to find vulnerable configurations, and I promise you that you will learn from each other’s failures. I know that I focus a lot on failure. You will also learn by succeeding, but the whole process of trying something, figuring out that your hypothesis was not correct, and then trying again will give you so much more. This is what is required by the OSCP exam. Enumerate, try, then you fail, enumerate more, try more - try harder. And yes, enumeration is key. 

Why did I take the OSCP?

I am not and do not strive to become a world class hacker. At the moment I am not even considering to pursue other certifications from Offensive Security. Even though I genuinely believe that people holding the OSCE and also the OSEE are world class professionals, especially those in my country. Not many in Denmark hold these certifications. Most are actually employed by the same company, which is a very specialised company. Needless to say also the best. These individuals I admire. They simply know how enterprise systems are configured correctly, and this enables them to spot the outlier. This be an outlier in either the configuration of a system or even find issues in the memory- or privilege management of an application or service, in order to exploit this for their own goal. 

The reason I spend almost nine months pursuing this was that the OSCP had always been a personal goal for me. I, like many of you, have an analytical mind, and I love to tear things apart finding ways to gain privileges and in time accomplish my own goals. Of cause this can be used for badness, but likewise this can indeed be used to protect both the company that I work for along with our customers. In my daily job I am a part of a detection and response team, analysing alerts and recommending mitigating action. It sure does come in handy being able to perform the attacks that we should be able to detect every single day. 

Coming back to the mindset 

I said it before. I am not a world class hacker. You don’t have to be either. Of cause you should have some experience with breaking into vulnerable systems and also documenting what you did and why you did it. Everything you write in the report has to have a meaning. You don’t document all the failures along the way of the exam but you have to document how you got from A to B and why this was done in the way you did it. Luckily all of this is possible for you to learn throughout the PWK course following the materials at hand. 

Reading about other people’s journeys helped me a lot. Before scheduling the exam I had to acknowledge that this certification is not only targeted a small group of elite hackers in the world. It is for the hackers that can manage their time breaking into a well defined set of machines, documenting what is important. Staying calm and structured is key. This fact is even more important than being a 1337 h4x0r. 

Key takeaways

I ordered 60 days of lab time. I will recommend that you do at least that. And you should use the time in the lab wisely. I did not do that. 

Use a study group. Have a supporting community that will help you push forward in learning. 

Manage your stress level. I battled my self to be calm while digging into rabbit holes along the way. This should be expected of you even before you go in, to be alright with spending time on things that don't take you anywhere.

Be alright with failing. Failing is not fun. Failing is in fact necessary for you to learn. Even if it means failing the exam. Failing the exam the first time will give you insights into what is needed of you, and what is important.

If you liked this post, please click "Like" so that others can find it.

About: Dennis Perto is an enthusiastic security analyst who places great honour in genuinely humble consulting. He believes in serving the client with expert knowledge, and in not being afraid to admit when he is not the right expert anymore. He enjoys researching vulnerabilities and exploits to advise trusted partners.

Feel free to connect with me here on LinkedIn, and follow me on Twitter: @PertoDK