OSCP Course Review 09/2017

In this month, i have finished my OSCP course, and i had some review about course and exam:
Preparing
Before start lab, i had some preparing:
- I am pentester with more than 5 year experience.
- I am CTF player: web and pwnable is my category.
- Some experience with Software Exploit (Corelan and RPISEC course).
- Tried with some free lab.
OSCP Lab
After register, you will be received: PDF + Video material, VPN account to connect OSCP Lab. I used pdf only. In OSCP Lab, you had more than 50s machines to exploit. Some machine too easy, but some machine, you need "Try Harder". I get root more than 40s machine in first month, and spent two weeks to prepare OSCP exam. I used one week to complete my OSCP lab exercises and write lab report (to get 5 point bonus)
OSCP Exam
I had 24 hours to compromise a range of machine (5 machine). After first 3 hours, i compromise 3 machine. Next 6 hours to get 4th machine (1 hours to get limited shell and 5 hours to get root). After sleep, i start write exam report (I think i enough point to pass exam).  After submit report, i received email from Offensive. I passed OSCP exam.
Conclusion
OSCP is not hard: Every box is easy… when you know how. Try Harder! Try Harder! Try Harder! . And some machine had rabit hole :)
OSCP forum is very helpful
Document all: exploit, payload, your command, your proof.

----------------------------------------------------------
Thanks for reading
--------------------------------------------------------------------------
Security Research
SecurityLab - Linux Lab -- Window and Cisco Lab
to be continued - I will update more.

Comments

Popular posts from this blog

Python - Multithread to read one file

Exploit Exercises - Format String

OpenCA tutorial