Penetration Testing with Kali

27.12.2018 - Date when I qualified as an Offensive Security Certified professional

It is interesting how we approach challenges in our life. Some become overwhelmed with the task, others thrive when faced with the obstacles, but me... I was scared when I looked at the curriculum that I will have to go through in order to obtain OSCP qualifications.

For anyone wondering what does it take to complete the course and pass the exam, the mind map can come as a useful reference. You should become familiar with all the concept below, know what each of them mean and how to use the tools and concepts below to accomplish a security audit and provide a tangible evidence on what needs to be improved.

An OSCP is able to research a network, identify vulnerabilities and successfully execute attacks. This often includes modifying exploit code with the goal to compromise systems and gain administrative access. An OSCP can identify existing vulnerabilities and execute organized attacks in a controlled and focused manner, write simple Bash or Python scripts, perform network pivoting and data ex-filtration, and compromise poorly written PHP web applications.

Acclaim

OSCP mind map (click to enlarge)

Now, I have noticed that OSCP does not demand that you need to be an expert in all of those domains but certain degree of familiarity and understanding is needed.The concepts are not that hard to understand for somebody willing to learn and that comes from a perspective of a person who has started this hobby a year ago... from scratch.

Good test of whether you understand the problem enough is to imagine that you need to explain this to a somebody who does not know anything about it at all, in a way that is both clear and helps them to make sense of the problem at hand.

I certainly do not feel like an expert now that I have passed the course, far from it (I know how much I don't know), but I feel a great sense of accomplishment knowing that I am capable of facing something that appears to be impossible, tackle it and come out successful after all the work I put into it.

To those already doing the course, frustration and pain are natural learning phases to anything and it is no different with OSCP. You can either throw your hands in the air and give up or TRY HARDER and eventually succeed. Knowing that the machines in the labs are vulnerable but there is just something you do not see can cause a bit of discomfort. Keep looking, be like a detective gathering clues and connecting the dots. Ask people, read books on the subject, use google, do your research because the problem you faced was probably tackled by somebody else in the past. Keep notes and do not forget to do the root dance once you are in:).

Good luck.