OSCP

[lsquared]

I have been contemplating the OSCP certification for quite some time. I am planning on enrolling within the next month or so. Has anyone taken the course and exam? Either way I am planning on leaving a review when I am done.


lsquared

[Stackprotector]

In order to enroll for the OSCP certification exam, you must first complete the Penetration Testing with BackTrack course.

That backtrack course is starting from 750 usd. I don't like them, they are to much focused on giving certifications to people in company's (because company's will pay that much money) for just a certification.

[Mordred]

I've been studying for the OSCP as I intend to take it after I graduate Uni, but before I go into the job market.

It's one of the cheaper certs out there (most of the other stuff is +1000$) and it covers quite a lot of ground in terms of introducing you to the world of penetration testing.

I have the course material in .pdf format if you're interested, versions 3.0 and 3.2. I also have the book that you need for the BT5 Wireless Pen-Testing course (if you're gonna do that one). If you need either of these, hit me up and I'll upload them.

[Z3R0]

I have taken the course (haven't passed yet). It's difficult. Not impossible, not hard, just difficult. You're given X amount of days to go through the lab materials provided, try out attacks on a vpn network that OffSec gives you access to, you write a report on what you could break into. Finally, you are given the chance to take a hands-on exam for the actual cert where the goal is to break into 5 different machines of varying difficulty, and write a report on it.

Keep in mind, it is a pen-testing course. It is not a "break into as many computers as you can" course. You have to treat it like it's an actual pen-test, and write reports. Honestly, the most difficult part about it is not getting complacent with it, and just giving up.

Going off of what Factionwars said, yes it is a certification course. You take the course to hopefully pass the exam and get the certification like any other course. No one forces you to do it. And unlike fucking CEH, the lab materials are actually good, and have intellectual value. It's not just a course on how to use metasploit, or sqlmap (although both are mentioned, and shown examples of usage).

The actual vpn lab is no different than any other network with vulnerable stuff on it, other than the OffSec admins throw in a lot of "curve balls" if you will, and you actually have to use your brain to break into most of the machines. It's not just ./exploit <somecomputer>. You may have to do a client-side attack, or break into it with lesser privileges, and escalate, or use ssh tunnels to get into non-routable networks.

There isn't just attack techniques that you have to know in order to pass, you have to know a good amount of forensics too. The entire goal of the final exam is to grab "key files" to get points for breaking into said machines, but the files are well hidden, and not easy to find.

Having only gone through it, I certainly have more respect for anyone that has an OSCP cert than most other certs for this field.

Also, pro-tip for those who don't know...the more certs you have, the more likely you are to negotiate a good salary when you go in for an interview. That is UNIVERSAL for ALL career fields.