Month: March 2017

the pwk (oscp) course take two, or where my free time has gone

Posted on by michael

Back in 2008 I signed up for the Pentesting with BackTrack course and Offensive Security Certified Professional exam put on by the folks at Offensive Security. I even blogged about enrolling and getting started on it. Just to put this into perspective, this was back in 2008…when BackTrack 3 was still in beta! I also have a 4 digit OS-ID number…old school!

As alluded to in those old posts, I ended up getting immediately swamped with unexpected work at the exact same time I signed up for the course. And while I was able to slowly consume the videos and PDF materials over small moments, I was never able to really get much going in the labs. I was pretty mentally spent in those days after work. My lab time expired with no exam attempt made.

But I’ve never wavered in my interest in the certification itself and in finishing the cert out.

So last year I renewed my course materials for a small upgrade fee, and near the end of February renewed my lab time.

I’ve had 20+ days in the labs out of 90 so far and have rooted 28 out of the 50-ish systems that exist. I’m pretty happy and stoked with the experience and learning that is happening this time around. And while I do like my progress, I still have plenty of room to grow. I need to get faster and more practiced with my process if I want to feel good going into the exam. I also have avoided some of the known harder systems in favor of “easier” wins and gradual escalation in difficulty. At least as much as I can with otherwise blindly picking targets. I’m at least happy that I’ve been able to make progress and not have to walk away from any targets yet due to lack of success; if I’ve targeted a system to take down, it has always eventually gone down.

I do have other sub-goals as well to accomplish during my 90 days of access that go beyond just preparing for the exam. I want to get every box in the labs down, and then I want to do them again with only minimal assistance from my past notes; I want to make sure I know the clues to look for, why they’re clues, why certain things work, and maybe even find new avenues of attack as many boxes have additional issues. I want to also run OpenVAS against as many as I can get credentials to, to see if I can find things I missed. I also want to make sure that I can run through as much of the labs as I can with Metasploit and without the automated tools. The exam will limit usage of automated tools, but the real world of pen testing will not, and I’d like to take advantage of the excellent lab environment while I have access to it.

So far it’s been a blast, and while things might slow as I hit harder systems, I hope to continue my success over the next few months!