How to Prepare for the OSCP
The information security market is still volatile. We’ve heard about a disturbing trend for years, with survey after survey reporting the exact same thing: a severe shortage of qualified, skilled talent to fill mission-critical roles.
This should make your ears prick up. Anybody looking to make a move in the cybersecurity market, or even pivot into infosec from an existing IT area, is in a great position. It’s worth looking into the various positions in infosec and the types of training that you will need to make that move.
Although most infosec positions are focused on the defensive side of the job, such as Security Engineers or SOC Analysts, we believe the real fun lies in the offensive.
Look at the Penetration Tester!
There are few other jobs that require you to hack into systems, find network weaknesses, exploit vulnerable applications, break through sloppy code, or go for the ROOT (or ADMINISTRATOR, in Windows). Pentesters are professionals hackers. However, they must be allowed to do so as part of a carefully crafted engagement to remain legally compliant.
Learn how to become a security expert with SPOTO’s Cybersecurity Training
Start trainingGot your attention? Great. Go back to the first paragraph and notice two key words: “a severe shortage of skilled, qualified talent.” How can one acquire the necessary skills and qualifications in a field where the FBI will not grant you a visit if you do it wrong?
Offensive Security Certified Professionals, of course! There are many options when it comes to pentesting certs. But we’re here for the best: the Offensive Security Certified Professional (OSCP).
The OSCP is a well-respected and widely accepted pentesting certification. It teaches core pentesting skills. There are many to learn. It is also known for its toughness. There is not much hand-holding. This should be evident in their “try harder” motto.
How to Get Started in the PWK Courseware
The Pentesting With Kali Linux course (or PWK) is the first requirement for the OSCP. The course consists of a written PDF and video that introduces you to Kali Linux. This is a special Linux distribution preloaded with nearly every open-source pentesting tool.
The course is extremely comprehensive and covers everything you need to know about reverse shelling with Metasploit, running port scans with Nmap, cracking password hashes using John the Ripper, and exploiting vulnerable apps with Metasploit.
You must carefully list your targets
However, it goes beyond just knowing how to use tools. Pentesters need to have a certain mindset in order to succeed. It is important to be meticulous and methodical when identifying a target from the outside. If you don’t know how to get through the perimeter fence, it’s useless knowing which Fort Knox room holds the gold.
Pentesting is the same. You must find all open ports, find the version of each running service, and then research carefully to find your way. You will need to absorb large amounts of information, digest it, and think like an administrator, relying on your knowledge about networking, OSes and network services, as well as scripting languages.
You’ll hit more brick walls than open ones if you are stubborn. The PWK will test you in all these areas and make you stronger or worse.
Do Your Exercises
You will also find a series of exercises in the course that will allow you to get your hands dirty with basic shell scripts, running tools, and probing ports. These exercises are great learning opportunities. Sometimes they are very straightforward, but sometimes you will need to do some research on your own.
This is the approach that a lot of OSCP members take.