–Page 1: OSCP Journey (Current)
Ever since reading about how difficult the OSCP is and how prestigious it is to have (despite being an entry-level certification), I’ve wanted it. I want a challenge that will take months of hard work to get instead of just sitting down, reading a book and filling out a scantron sheet. I wanted something that will actually teach me things and something that is respected within the infosec community. This is going to be an page where I keep up to date with my OSCP journey — what I’m doing to prepare, what VM’s I’m doing, what books I’m reading, and finally when the time comes, what it’s like during the actual labs.
At home I have a giant whiteboard attached to my wall. On it, I’ve drawn a tree diagram with my goal of OSCP at the top. I have four components I want to “check off” before I register for the OSCP. They are:
- Vulnhub VMs
- Homelab(Psuedo Windows environment)
Homelab was the first thing I crossed off. I simply installed an ESXI server on an old box I had laying around and build a Windows environment with server 2003, 2008 R2, 2012 R2, XP, Win 7, Vista, and Win8. The point of this was to purposely make misconfigs in the domain (e.g. DNS Zone Transfers) that will simulate what a real environment will be like.
Vulnhub VMs are the thing I’m working on now. I’ve done a lot of research and read a lot of blogs on people who have taken the OSCP, and of those that listed Vulnhub VMs, I’ve gone and downloaded and added to my list. It’s as followed:
- Kioptrix 1-4 – write-up
- Metasploitable 2
- PwnOS 1.0
- SickOS 1.2
- SickOS 1.1
Once I finish one of these, I do a write-up. I’ve noticed that write-ups greatly help me remember what I did. To assist me with these, I compiled a cheat sheet as well that can be found here.
Next are books. I have five books that I want to read:
- Metasploit, the Penetration Tester’s Guide
- Practical Malware Analysis (Definitely not needed for OSCP but this helps with my job)
- Hacking Exposed 7
- Violent Python (Also not too necessary, but does help)
- RTFM (More of a reference guide, but still helpful)
Finally there are 4 video topics I want to watch from www.pentesteracademy.com, it’s a subscription to watch them and I got it when it was on sale, but hopefully they turn out to be worth it:
As you can see, I have a long way to go but I want to prepare as much as possible before I take this. I know the material they provide is very good and should be enough to get you through the exam, but I want to go in knowing as much as possible so when I do go over their material, they might have another way of doing something or a better way of explaining it.
Continue to page 2 — Start.