Earlier this year I signed up for the Pentesting With Kali Linux course in an effort to improve my offensive skills and work toward my OSCP. I will tell this story in three parts (initial preparation for the exam, preparation for the retake of the exam, and a retrospective once I pass (without spoilers).
Some things of course you will need to discover on your own; however I will discuss anything that is publicly available by Offensive Security. At the time this article was initially published, I am currently in part two of this journey.
About a year ago as I was just starting to work in InfoSec I made plans to begin working towards an OSCP certification. Despite running into some obstacles…namely not working for the first month of 2017 as I was in between jobs I still managed to stick to my commitment by signing up for the Pentesting With Kali Linux course and started that course a week after attending LayerOne 2017 in late May.
When purchasing the course I chose the 90 days of lab time as I wanted as much lab time as possible and that was a smart decision. Knowing I had to wait some time before receiving the course material and access to the lab I did as much research as I could finding whatever blogs, videos, and forums related to the subject.
That said, I could only prepare so much as the labs finally became available to me. So regarding the labs, the 90 days was a good decision as I spent the first few weeks reviewing the training material. Once that time passed I started digging into the lab. Out of all the things I learned about individual tools and techniques I learned a few things that could be applied to any other course:
- Document your work
- Take risks, fail fast, and recover
- Create a system of doing all of the above
- You aren’t the first or only one to struggle
Knowing I had a lot to learn I decided to schedule the exam anyway rather than waiting until I felt “ready” to take the exam. If you are on the fence about taking the course, or taking the exam just jump over the other side of the fence and schedule it. I’ve surprisingly ran into a lot of people that have taken the course and have not taken the exam. Then again I may have decided the more aggressive approach as I paid for it out of pocket thus creating a sense of urgency.
Regarding the course, I found the material surprisingly relevant from both a defensive and offensive perspective. As many of us in Information Security work on the defensive side of things it showed me what to look out for in environments I work in and coupling my years of experience on the IT Operations side of the house I could easily see where pitfalls commonly occur.
Now for the fun stuff on the offensive side. I not only got a lot more comfortable with the tools, but learned a lot about how an attacker thinks and how to research a target. With that in mind, I was able to find a lot of valuable information on vulnerabilities and exploits on YouTube. For example when reading up on a vulnerability related to the recent Equifax breach I was able to find a decent amount of material.
So there I was at exam day. I had scheduled the exam to start at 0600….yes on purpose because I tend to get up earlier and wanted to give myself as much daylight on the exam as possible. I didn’t expect to be prepared by the time I took it the exam which was about three weeks before my lab time ended which was two weeks after DEFCON 25. Yes, scheduling a very hard exam two weeks after DEFCON was probably not the way to go, but I wanted to pull the band-aid and get the test anxiety out of the way.
In hindsight, while I did not pass the exam the first time around I was not as intimidated after taking it and it gave me a nice healthy gut check. I now know what I need to study up on and where to sharpen my skills which I will talk about more in part two of this story.