February 19, 2021: I quit my job without a new one lined up. I was no longer growing in cybersecurity there. I wanted a meaningful career in cybersecurity, and I decided that it was better to grow and have no income, than to stay stagnant and collect money. The two most addicting things in life are heroin and a weekly paycheck.
March 2, 2021: I decided to find out how much I liked working in cybersecurity. I signed up for Offensive Security’s OSCP exam with 90 days of lab time. I chose this certification for a number of reasons but the main ones are:
1. I was unemployed, and needed something structured to do that would take a large amount of time.
2. I was determined to find out if I liked cybersecurity enough to do it for free.
3. I wanted to be able to show that I was doing something meaningful during my unemployment.
One of the things I like about the red team side of cybersecurity is that it can be gamified. Resources like Hack the Box, Try Hack Me, and the OSCP labs are just challenges that teach penetration testing techniques. I like puzzles, so this is really appealing.
March 7, 2021 – June 4, 2021: During this time period, the OSCP consumed my life. I spent over 650 hours reading, practicing, and struggling. Most of the time was spent in the lab environment; 90 days of lab time was expensive, so I wanted to get as much out of it as I could. In total, I got SYSTEM/root on 52 computers in the lab environment, with a foothold on several more. The labs are designed to be frustrating; the whole purpose of the labs is to build your methodology and strengthen your resolve. That is why everybody always says to “TRY HARDER”, although I despise that phrase. You don’t know what you don’t know, and sometimes you need help instead of knocking your head against the wall. Still, I believe it is important to struggle. It makes you find out how badly you want it. Below are the resources I used and some practical tips.
Resources Used:
– The PWK course pdf and the labs. I did not watch the videos at all.
– The Windows Privilege Escalation and Linux Privilege Escalation courses by The Cyber Mentor.
– Hack the Box and Try Hack Me.
– Google.
I tried to use as few resources as possible, and mainly just stick to the things Offensive Security provided. I think there is a tendency to get too many resources and then be overwhelmed with all of the information. I only used Hack the Box for my practice exam and Try Hack Me for buffer overflow practice. More resources does not translate to more knowledge. The same thing goes with tools; there is too much reliance on tools and not enough understanding of what is actually happening. Keep things simple, and take time to understand what is happening and why.
Take a practice exam before you sit for the actual exam. Don’t schedule your exam until you take a practice exam. Give yourself 24 hours to try to knock out one buffer overflow machine and four other machines. For my practice exam, I used:
– A buffer overflow machine from Tib3rius’s THM buffer overflow practice room
– Jeeves (HTB)
– Chatterbox (HTB)
– Cronos (HTB)
– Sense (HTB)
I stole this practice exam idea from here.
For the exam itself:
– 24 hours is more than enough time to pass the exam. I believe it is supposed to be done in 8-12 hours.
– Do NOT use new tools for the exam. If you didn’t practice with tools like AutoRecon or NmapAutomater in the labs, then you shouldn’t be using them in the exam. Use the training you developed in the labs.
– Have a methodology, write it down, and stick to it. No matter what. You have to be methodical for the exam. Do not let your stress, anxiety, or whatever pull you away from your methodology. I didn’t do this, but I wish I did. I would have finished the exam much sooner IF I HAD FOLLOWED MY OWN DAMN METHODOLOGY. Don’t be like me. Stick to your game plan.
Conclusion: The OSCP was created for penetration testers, but it can easily be applied to either the red or blue sides. The foundational skills learned in the OSCP are very transferrable. Taking the OSCP taught the core skills of system administration of Windows and Linux, networking, scripting, many different attack vectors, patience, and critical thinking. These core skills are helpful for any job in cybersecurity. No matter what side you are on (red/blue), knowing how attackers break into computer systems can help you replicate it or defend against it. I spent over 650 hours working on this without doing anything else. I have no idea how people have gotten this certification with a full time job and a family. This has been one of the most frustrating and rewarding things that I have ever done. Now it is time to find another challenging project. It was real, and it was fun. But it wasn’t really fun.