+ Reply to Thread
Results 1 to 19 of 19
  1. Member
    Join Date
    Mar 2012
    Posts
    58
    #1

    Default Basic OSCP questions

    I have been preparing for my CISSP and hope to take it early 2018. I already have my SSCP, Security+, A+, MCSA, SonicWall certs and have been working in IT since like 2004. That being said I am awful at programming of any kind, I always have been and likely always will be.

    In order to get your OSCP it looks like you need to take the Penetration Testing with Kali Linux course that costs $800 and includes 30 days of labs?

    I have spent a fair amount of time in the security side of things and have messed around with Kali on various occasions but I am no pen tester. I have read it is a pretty brutal path to getting the OSCP and given my poor coding skills I'm wondering if I would be able to do it.
    Reply With Quote Quote  

  2. SS -->
  3. Junior Member Registered Member
    Join Date
    Sep 2017
    Location
    Paris France
    Posts
    4
    #2
    Hi!
    i hope i will help you
    i just passed my cissp today and i did have my oscp several years ago!


    First of all, they have nothing in commom
    OSCP is a 100% technical exam where the ultimate goal is grabing the keys of the kingdom
    you work online in a dedicated environmemt for several hours and be ready to sweat
    i’ve been at a pentest with kali session at Blackhat in LV and it was for me, as a pentester, quite easy but
    the exam is not!
    but the coding skills are not a barrier I think, i’m no dev like you
    30days of lab is according to me not enough if you’re not full time on it and if you have nearly no knowledge on pentesting

    CISSP is a security manager exam according to me
    Totally doable if you’re not a pentester

    As we say in France : dont run after 2 rabbits at the same time
    my advice would be to focus on your coming CISSP, yiu will be so happy when you have it
    and after ask yourself if you really wanna be a pentester, if yes go for OSCP it’s the best but if you dont wanna be one, forget about it
    Another cert, easier for debuting in pentest world would be SANS GPEN(have it also) will give you a very good and precise overview on security and hacking

    hope to help

    regards
    Reply With Quote Quote  

  4. Senior Member TeKniques's Avatar
    Join Date
    Jul 2004
    Location
    Oregon, USA
    Posts
    1,250

    Certifications
    OSCP, CISA, CISSP, SSCP, MCSA 2008, MCSE 2003: Security, MCDST, MCP, Security+, Network+, A+, Project+, CCENT, CCNA
    #3
    Everyone is different, but I would recommend to dive right in and don't let your lack of programming skills deter you. It would help, but is by no means a requirement to be able to take the course. I would be more concerned with being able to dedicate the amount of time that will be required to work through the course material and be able to research topics on your own. Good luck.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    May 2013
    Posts
    1,260

    Certifications
    CISSP, GWAPT, GSEC, C|EH, CCNA:Security, CCNA:R&S, CCENT, Security+, Network+
    #4
    Programming skills aren’t a prerequisite...the ability to learn and basic security skills are though.

    Don’t be discouraged if it takes a while to achieve the cert...a lot of people have failed the first go around. I would not do 30 days...at minimum do 60...but 90 is better. If you don’t have the background in pentesting, you literally won’t pass in 30 days...barely enough time to get through the material let alone the lab.
    Reply With Quote Quote  

  6. Senior Member shoey's Avatar
    Join Date
    Jun 2016
    Location
    Knowhere
    Posts
    105

    Certifications
    Life
    #5
    Limited programming skills should not deter you from attempting this course... But I would DEFINITELY take the time to research people's OSCP blogs/posts prior to starting. It also would be benficial to take some time to research topics you are unfamiliar/inexperienced with prior to scheduling.

    I had a month where I knew work/life wouldn't be crazy, so I purchased the 30 day PWK course and attempted to grind as hard as possible... It kicked my @ss. I cannot emphasize enough just how much I wish I had just purchased the 90 days. With that being said, I ended the course feeling as though I had learned and accomplished more with the PWK Lab than in any of my other certs.

    I will be scheduling my second attempt at the OSCP early 2018 as well. Best of luck to ya! Let me know when you schedule your course!
    "I have missed more than 9,000 shots in my career. I have lost almost 300 games. 26 times, I've been trusted to take the game winning shot and missed. I've failed over and over and over again in my life. And that is why I succeed." - Michael Jordan
    Reply With Quote Quote  

  7. Member
    Join Date
    Nov 2017
    Posts
    86

    Certifications
    A+, Network+
    #6
    I don't know...

    Is it an open Google exam, or do they include all the scripts you might need to execute in the Kali image?

    I'm speaking only as a petty dabbler who followed a walkthrough to penetrate a VulnHub VM.


    But one of the commands they had me execute to exploit a shellshock vulnerability looked pretty complicated and would not be something I could come up with on the spot. It's hard to imagine pulling that off without some programming knowledge, particularly with bash.
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Feb 2017
    Posts
    109
    #7
    Quote Originally Posted by relegated View Post
    I have been preparing for my CISSP and hope to take it early 2018. I already have my SSCP, Security+, A+, MCSA, SonicWall certs and have been working in IT since like 2004. That being said I am awful at programming of any kind, I always have been and likely always will be.

    In order to get your OSCP it looks like you need to take the Penetration Testing with Kali Linux course that costs $800 and includes 30 days of labs?

    I have spent a fair amount of time in the security side of things and have messed around with Kali on various occasions but I am no pen tester. I have read it is a pretty brutal path to getting the OSCP and given my poor coding skills I'm wondering if I would be able to do it.
    I'm deep into my OSCP Studies and just about to finish 90 days worth of labs... 30 days of that was spent solely on reading the PDF they provide which is 375 pages and also watching the videos - of which there's about 170.


    I have strong Linux Skills, OK Python Skills but my hacking knowledge and experience wasn't strong other than hacking into about 4 VulnHub machines.


    I think signing up for 30 days is insane in my own opinion as it's a lot of work and some of the machines you can be stuck on for days at at time. I've got a blog on here where I've been documenting my journey into OSCP and it's intense, hard, fun but has been very impactive. It's all worth it though.


    One thing i said on my blog was I just don't see why some people are in such a rush. E.g. I've signed up for 90 days, but I'm going to sign up for another 90 as I want to hack into as many machines as I can and come away confident and hopefully with the OSCP certification. Some weeks I can get TONS of work done, sometimes not if work gets in the way, general life or I'm just feeling tired and not as productive as normal.


    I think you're a good candidate to take the OSCP as you have some good background in IT. The OSCP does not involve programming. There is a tiny bit of scripting in the exercises but that is not programming, and it's not essential. The exploits used in the labs themselves rarely need much editing if any. Plus reading code is different to writing it.


    I signed up for OSCP and it's the best thing I've done in a long time, it's my first ceritification and I'm glad I chose it. Good Luck with whatever you decide.
    My Aims
    2017: OSCP
    2018: CISSP & MCSA
    2019: New Job!!!


    Reply With Quote Quote  

  9. Member
    Join Date
    Nov 2017
    Posts
    86

    Certifications
    A+, Network+
    #8
    O_O

    Isn't it $600 for another 90 days? I just think it might have been cheaper to retake it another 10 times for the same price.
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Feb 2017
    Posts
    109
    #9
    Quote Originally Posted by N7Valiant View Post
    O_O

    Isn't it $600 for another 90 days? I just think it might have been cheaper to retake it another 10 times for the same price.
    Haha yes it is. I may just extend for 30 days and then do the exam. I just want to reach 30 lab machines hacked and also maybe hack some in the other networks.


    If I can hack Humble and Sufference I'll be happy too.
    My Aims
    2017: OSCP
    2018: CISSP & MCSA
    2019: New Job!!!


    Reply With Quote Quote  

  11. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    229

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CASP, C|EH, OSCP
    #10
    As other have said, don't let your lack of programming skills deter you. Programming skills will help you some in the course but plenty have passed without much programming knowledge (I'm one of those people). Just make sure that you can dedicate a significant amount of time to the course. I have a blog on here about my OSCP journey that many seem to like reading, it may give you an idea of what you can accomplish. I had 0 pentesting experience or knowledge before I started as well.
    Reply With Quote Quote  

  12. Senior Member shoey's Avatar
    Join Date
    Jun 2016
    Location
    Knowhere
    Posts
    105

    Certifications
    Life
    #11
    Quote Originally Posted by CyberCop123 View Post
    I'm deep into my OSCP Studies and just about to finish 90 days worth of labs... 30 days of that was spent solely on reading the PDF they provide which is 375 pages and also watching the videos - of which there's about 170.


    I have strong Linux Skills, OK Python Skills but my hacking knowledge and experience wasn't strong other than hacking into about 4 VulnHub machines.


    I think signing up for 30 days is insane in my own opinion as it's a lot of work and some of the machines you can be stuck on for days at at time. I've got a blog on here where I've been documenting my journey into OSCP and it's intense, hard, fun but has been very impactive. It's all worth it though.


    One thing i said on my blog was I just don't see why some people are in such a rush. E.g. I've signed up for 90 days, but I'm going to sign up for another 90 as I want to hack into as many machines as I can and come away confident and hopefully with the OSCP certification. Some weeks I can get TONS of work done, sometimes not if work gets in the way, general life or I'm just feeling tired and not as productive as normal.


    I think you're a good candidate to take the OSCP as you have some good background in IT. The OSCP does not involve programming. There is a tiny bit of scripting in the exercises but that is not programming, and it's not essential. The exploits used in the labs themselves rarely need much editing if any. Plus reading code is different to writing it.


    I signed up for OSCP and it's the best thing I've done in a long time, it's my first ceritification and I'm glad I chose it. Good Luck with whatever you decide.
    I've been following your posts on the OSCP. Best of luck and much appreciated!!
    "I have missed more than 9,000 shots in my career. I have lost almost 300 games. 26 times, I've been trusted to take the game winning shot and missed. I've failed over and over and over again in my life. And that is why I succeed." - Michael Jordan
    Reply With Quote Quote  

  13. Senior Member shoey's Avatar
    Join Date
    Jun 2016
    Location
    Knowhere
    Posts
    105

    Certifications
    Life
    #12
    Quote Originally Posted by N7Valiant View Post
    O_O

    Isn't it $600 for another 90 days? I just think it might have been cheaper to retake it another 10 times for the same price.
    Yeah it would be cheaper to just pay for the retake (if all your looking for is a cert) but I'd rather have access to the PWK Lab (imho) to keep trying different exploits, etc. and continue to learn more.
    "I have missed more than 9,000 shots in my career. I have lost almost 300 games. 26 times, I've been trusted to take the game winning shot and missed. I've failed over and over and over again in my life. And that is why I succeed." - Michael Jordan
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    May 2013
    Posts
    1,260

    Certifications
    CISSP, GWAPT, GSEC, C|EH, CCNA:Security, CCNA:R&S, CCENT, Security+, Network+
    #13
    Quote Originally Posted by N7Valiant View Post
    I don't know...

    Is it an open Google exam, or do they include all the scripts you might need to execute in the Kali image?

    I'm speaking only as a petty dabbler who followed a walkthrough to penetrate a VulnHub VM.


    But one of the commands they had me execute to exploit a shellshock vulnerability looked pretty complicated and would not be something I could come up with on the spot. It's hard to imagine pulling that off without some programming knowledge, particularly with bash.
    You can use any resources you basically want...google, books, etc.

    The main thing with OSCP is that they don’t spoon feed you. You will learn the basic concepts of pentesting to build a foundation, but finding exploits that work, scripts, etc. are not included...that is what makes it quite challenging.
    Reply With Quote Quote  

  15. Senior Member
    Join Date
    Jun 2013
    Location
    Iowa
    Posts
    177

    Certifications
    CISSP, GCIH, GSEC
    #14
    Suggest you take advantage of this free course at udemy "Automate the Boring Stuff with Python". This course is normally $50, but free for one more day.

    https://www.udemy.com/automate/?coup...LL_THE_THINGS2
    Reply With Quote Quote  

  16. Junior Member Registered Member
    Join Date
    Sep 2017
    Posts
    3

    Certifications
    CCNA R&S; ITIL-F; MCSA 2012 r2;
    #15
    Quote Originally Posted by IaHawk View Post
    Suggest you take advantage of this free course at udemy "Automate the Boring Stuff with Python". This course is normally $50, but free for one more day.

    https://www.udemy.com/automate/?coup...LL_THE_THINGS2
    Thanks for the link!
    Reply With Quote Quote  

  17. I'm Batman clarkincnet's Avatar
    Join Date
    Jun 2014
    Location
    Raleigh, NC
    Posts
    252

    Certifications
    CISSP, CISM, CRISC, ITIL-F 2011
    #16
    Quote Originally Posted by IaHawk View Post
    Suggest you take advantage of this free course at udemy "Automate the Boring Stuff with Python". This course is normally $50, but free for one more day.

    https://www.udemy.com/automate/?coup...LL_THE_THINGS2

    Awesome link!
    2015 Goals: CISSP [X], 2016 Goals: CISM [X], 2017 Goals: CRISC [X]
    2018 Goals: eCPPT [ ]
    Five Year Goals: CSXP, OSCP, GPEN, eWPT
    "Distrust and caution are the parents of security" - Benjamin Franklin
    Reply With Quote Quote  

  18. Member
    Join Date
    Mar 2012
    Posts
    58
    #17
    @ IaHawk thank you, I just signed up.

    Would you guys say that after passing the OSCP you will have enough knowledge to actually be able to use most of the tools in Kali in order to say fully test a .NET web application? In other words what kind of real world skills do you walk away with vs what I would say are very little to none with a lot of other certifications.
    Reply With Quote Quote  

  19. Member Hornswoggler's Avatar
    Join Date
    Jun 2017
    Posts
    56

    Certifications
    A+, MCSE NT 4.0, CCNA, MCSE Win2k, CISSP, GCIH, CCSK, GPEN, OSCP
    #18
    OP, I recently did the OSCP and like you I had an infrastructure background and very little programming experience. It's very possible to complete the course without being a programmer but there are parts that will be frustrating. You'll get experience "fixing" or customizing bad C and Python exploit code from the internet, and some of the exploits will require PHP or SQL syntax. I probably spent too much time with trial-and-error as I don't fully understand the syntax of those languages. You'll learn a ton. Don't let it stop you but I wish I had done a python and basic C course first. Error messages from compiling code using gcc would drive me nuts! I assume these things were easier for seasoned programmers.

    Quote Originally Posted by CyberCop123 View Post
    One thing i said on my blog was I just don't see why some people are in such a rush. E.g. I've signed up for 90 days, but I'm going to sign up for another 90 as I want to hack into as many machines as I can and come away confident and hopefully with the OSCP certification. Some weeks I can get TONS of work done, sometimes not if work gets in the way, general life or I'm just feeling tired and not as productive as normal.
    I can see both sides. From a learning perspective, we're all different and come from varied backgrounds so take as long as you need to truly understand and master the topic. Be it 30 days or 30 weeks, we do this to learn and grow. In this sense take your time.

    From a goal setting and time management perspective, having a 90-day countdown timer and financial consequence can be helpful to people like me. Without a clock ticking or the threat of spending hundreds of dollars renewing, I would probably take my sweet time and drag my feet. Instead I spent many hours per day focusing on the labs. I was looking forward to getting my life back after I passed. I would rather set an aggressive goal, dedicate myself to it for a few months, and have it over with than prolong the process. Pentesting is one of those fields where you want to be warmed up and stay in practice. We're all different but I need to light a fire under myself sometimes or else it doesn't always get done. YMMV.
    2018: Linux+, eWPT/GWAPT
    Reply With Quote Quote  

  20. Member Hornswoggler's Avatar
    Join Date
    Jun 2017
    Posts
    56

    Certifications
    A+, MCSE NT 4.0, CCNA, MCSE Win2k, CISSP, GCIH, CCSK, GPEN, OSCP
    #19
    Quote Originally Posted by relegated View Post
    Would you guys say that after passing the OSCP you will have enough knowledge to actually be able to use most of the tools in Kali in order to say fully test a .NET web application? In other words what kind of real world skills do you walk away with vs what I would say are very little to none with a lot of other certifications.
    No, it's NOT a web app hacking course. While it does cover some web app topics and quite a few lab boxes have web services running, it's not a complete application testing course. The web topics covered will help you better exploit web apps with default/weak passwords, uploading malicious files, writing to the file system, enumerating the target, and remotely executing code (LFI/RFI).

    Upon completion of the course, you WILL be much more comfortable with kali and familiar with quite a few of the tools. As you learn how to do this stuff manually, you don't need a whole lot of tools. You'll have a systematic approach to hacking a target box. You'll know a dozen or more ways to establish a reverse shell and what to do with it (post exploit plunder, elevate to root, dump pw hashes, pivot, etc). You'll gain a better understanding of buffer overflows and how to write them. Plus lots and LOTS of practice!! It's a hands-on field where practice is necessary.
    Last edited by Hornswoggler; 12-02-2017 at 10:19 PM.
    2018: Linux+, eWPT/GWAPT
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks