I am a Cyber Security engineer responsible for supporting my customers with engineering, developing, implementing, and deploying secure systems. One of my recent projects involved verifying that an Intrusion Detection System (IDS) correctly identified and alerted network-based attacks. The team used the Armitage tool within BackTrack to generate attacks against our network to verify the IDS behaved as expected. This effort peaked my curiosity with BackTrack.

To advance my career, I felt it was necessary to obtain a Certified Ethical Hacker (CEH) certification. However, my interest in learning more about BackTrack influenced me to first take the Penetration Testing with BackTrack (PWB) course offered by www.offensivesecurity.com. My plan was to attain an Offensive Security Certified Professional (OSCP) certification and then pursue the CEH certification. I recently received my OSCP certification and I am now preparing for the CEH certification, so my plan is still on-track. The PWB course and associated OSCP certification provided an excellent foundation for attaining my CEH.

I began my OSCP adventure by purchasing the course and 30 days of the virtual lab. My huge miscalculation was believing I could take the self-paced class, gain sufficient knowledge using the virtual lab network, and take the OSCP exam within this timeframe. Not even close! I needed 6 months of lab access. The amount of lab time required will vary depending on your skill level with the multitude of facets involved in penetration testing. These facets include enumeration tools (wireshark, nmap, nbtscan), linux (multiple flavors and kernels), Windows (multiple versions), databases (mysql, MS SQL Server), scripting (bash, perl, python), programming (primarily C), networking, web applications, backdoors (netcat, sbd), tunneling (stunnel, plink), etc. In order to adequately prepare for the exam, you will need to be very comfortable with all the techniques covered in the class. But even that is not enough! The class provides basic fundamental information to get you started. The actual skills necessary to pass the test come from self-taught experience gained by using the lab.

I thoroughly enjoyed the course videos. The instructor, Muts, was outstanding at presenting the fundamental penetration techniques within the video segments. The course guide augmented the videos very well. You are expected to provide a log of all completed exercises that are compulsory for attaining the OSCP certification. I used the keepnote application within BackTrack to document the course exercises. The keepnote application provides a handy feature to export the notebook to an HTML file; I used this feature to generate my class notebook (+20MB zipped) to submit as part of my OSCP documentation.

You are expected to use the virtual lab to hone your penetration testing skills. The lab contains numerous vulnerable systems deployed within four virtual subnets. I vividly remember my elation after I successfully exploited my first server within the lab. I used Metasploit and the MS08-067 (SMB NETAPI) exploit. In hindsight, this was the most trivial (rudimentary) exploit I used while attacking the lab systems. I will also never forget my astonishment at learning you are not allowed to use Metasploit to conduct an exploit or elevate privileges during the OSCP challenge. At that point I thought to myself "how I am going to exploit and gain elevated privileges on systems without using Metasploit, this is terrible!" Well, practice makes perfect. The more you use the lab the more you will feel comfortable with techniques like downloading, fixing/tailoring, compiling and executing an exploit you obtained from reputable web sites containing Proof of Concept (PoC) source code, or manually exploiting a multitude of other vulnerable components (e.g., using SQL injection attacks, Remote File Inclusion [RFI], privilege escalation via mysql, etc.).

Originally, I thought the OSCP would be merely a warm-up for CEH. Attaining OSCP was far from a warm-up. The PWB course was undoubtedly the best, most intensive class I have taken directly related to the advancement of my career. The course videos and accompanying lab guide provided excellent starter materials necessary to understand penetration testing techniques. The PWB virtual lab is awesome in providing an environment to attain hands-on experience with learning and executing penetration testing exploits. The OSCP exam is not the typical multiple choice exam associated with many certifications; to receive the OSCP certification, individuals must demonstrate knowledge with penetration testing techniques by hands-on exploitation of vulnerable systems in a virtual exam lab. The exam was extremely challenging for me and required me to take the challenge more than once.

A special thanks to my wife, Natalie, for her encouragement and moral support during the OSCP preparatory activities.  She continually persuaded me to "try harder" during frustrating times.


Ten (10) tips for preparing for the OSCP exam