InfoSec Blog
  • 🏠Home
  • 🪪Trainings & Certification
    • APISec University
      • ASCP Review
    • OffSec
      • OSCP Review
  • 🚩CTFs
    • HackTheBox
      • Windows Machines
        • Visual
      • Web Challenges
        • Neonify
    • ROOTCON 18 PRE QUALIFIERS
      • Rock Paper Scissors Sh**t
      • Zippy
      • Super Secure Static Website
Powered by GitBook
On this page
  • Summary
  • Prior Experience
  • PEN-200 Experience
  • The Course
  • The Labs
  • OSCP Exam
  • Key Takeaways
  1. Trainings & Certification
  2. OffSec

OSCP Review

Penetration Testing with Kali Linux (PEN-200) and the OffSec Certified Professional

Summary

OffSec Certified Professional (OSCP) is a great entry-level certification to anyone breaking into the penetration testing career. Its currently priced at $1649 for the 90-day course bundle or $2599 for the Learn One bundle. It teaches you about the penetration testing basics, building your methodology, and learning new attack vectors.

I highly recommend for anyone to take this certification if they want to pursue a penetration testing career.

Prior Experience

I started my security journey around March 2022 while I was still in school and one of the certifications, I always wanted was getting the OSCP. I first started my journey in TryHackMe, learning everything I could through their curated paths and doing their CTF rooms. I then proceeded to pivot to HackTheBox for more challenging machines as a way to get myself ready for the OSCP.

Overall, I was able to pwn around 100-200 machines in both HackTheBox and TryHackMe which solidified my understanding of basic penetration testing techniques.

PEN-200 Experience

The Course

I started my journey around May 2023 with the goal of getting the OSCP by around late August or early September within that same year. I initially had some problems with my course as it wasn't showing in the portal even though I clearly bought it. It took around 2 weeks before it was sorted out.

The course curriculum was paced nicely and introduced the student to how the course is curated, into cybersecurity, how you can study properly, and then dives in deep into the course proper itself.

The course is detailed enough that you understand the things required to do, why it happens, and what other things you need to consider on. There are texts and video contents if you prefer one over the other. The course labs and challenges are amazing as it solidifies your knowledge on the modules you learn. It also teaches you the necessary methodologies when tackling these types of attacks and what you should do when life throws you a curveball.

The Labs

The PEN-200 labs are a series of networked labs that you need to compromise. Most of the methodologies and techniques you've learned in the course will be tested in the labs. You should polish your methodology here as this will immensely help you when tackling the exam.

It took me some time to finish the labs as it was vastly different from doing boot2root CTFs where you only have 1 or maybe 2 machines you need to compromise to root it. This simulated how enterprise networks can be created and what you should consider when attacking enterprise networks.

OSCP Exam

The OSCP exam is a 24-hour proctored exam where you are required to fully compromise an Active Directory network and 3 standalone machines. You also need to provide the hashes and ipconfig in the screenshot from a stable shell.

I prepared myself with the exam by ordering my meal prep before the start of the exam and I would just reheat it. I also frequently took rest breaks and drank water.

Around the first 1-2 hours, I was unable to exploit any of the machines and this is where I really felt like I would fail. I took a quick 15-minute break and went back in again with fresh ideas. Once I got initial access in the Active Directory network, it took me some time to fully compromise it. Afterwards, I ate my lunch and went back to compromise the last 3 standalone machines. Around 7-8 hours in, I was complete with all my flags, so I started walking through my attacks to validate that they work.

I passed my report around 6-8 hours after finishing the exam, making sure I have all the screenshots I needed and explained everything clearly. I got a notification that I passed after a day or two, but it does say on the website that it may take 5-10 working days.

Key Takeaways

I believe the course fully prepared me for the exam, but this may come with bias as I was prepping for the OSCP ever since a year before I took it with practice from TryHackMe and HackTheBox. I can say that with certainty though as all the techniques and methodologies that I was taught in the course and labs are well worth it and are definitely a key to passing the exam.

There are some nuances that people think OSCP is an overpriced course that doesn't teach you that much. I cannot comment on why OffSec prices it that way, I can certainly say that I have learned so much from the PEN-200 course even with practice from multiple infosec training websites. I believe that the main point of PEN-200 is while it does teach you techniques and ways to exploit vulnerabilities, it actually solidifies your methodology of doing penetration testing; allowing you to become a better penetration tester and you don't easily waver even when you see services or attack vectors you've never seen before.

My penetration testing methodology definitely improved whilst taking the PEN-200 course and that translated well with my work and I was able to deliver better reports, assess vulnerabilities properly, and be able to make risk-informed decisions.

PreviousOffSecNextHackTheBox

Last updated 1 year ago

🪪