Wednesday 5 April 2017

Penetration Testing with Kali Linux OSCP Review and Course, Lab experience — My OSCP Review :Try Harder! ;)


 Penetration Testing with Kali Linux OSCP Review and Course, Lab experience — My OSCP Review :Try Harder! ;) 

Introduction:
Gaining the OSCP certification is a challenge like no other. After my experience with the OSCP exam course from Offensive Security, I decided to go ahead and write an OSCP Review. I registered for this course in July 2015 and choose 90 Days lab. Within a week I received Mail from Offensive Security regarding VPN Access, Course Material all etc.
OSCP is a combination of Network, System & Web Hacking also a medium part of Exploit Writing, where you have to write an exploit for a particular vulnerable software.
Who am I:
For those who doesn’t know me .My name is Narendra Bhati, working @Suma Soft Ptv. Ltd. As Security Analyst. I have 3+ years of experience in Application VAPT. I am also bug bounty hunter and doing it from last 3 years. Yes lots of money ;) apart from salary.
About The OSCP Course:



I quickly completed my course material like videos and pdf and it tooks me 3 days to watch it completely. 1st day in my lab, I was able to root 3 machine and I was like King of hackers :p but in actually not. Time by time I learned that the lab is made to hacked but its not easy as I was thinking in starting after rooting 3 machines on 1st day.
In lab I faced different kind of scenarios where only Offensive Security Guys can provide because it’s totally related to real world attacks and approach. I must After lab exercise there is new thinking or you can say style of attacking is getting developed in my mind ( Really ;p )

In the lab machines, I spend more then 7 days on a several machines to get root access of it, yes it is true. You really need to work hard. At the end of my Lab, I was able to root almost all machines hmm ;)

The Judgement Day - 1:

After around 3 months, I decided to give my OSCP exams. I chooses Nov 2015,4:30 PM time slot.
At sharp 4:30 I got the mail from Offensive Security with exam details, VPN Access and all. First I started my hand on lowest marks machine and within 15 minutes it’s done. I was like BOSS ! :p   
After this machine I got second machine after 5 hours and later on it was all dark. After cracking two machines I was getting nothing. I was thinking where the hell I am missing something or doing any mistake. 50% time was gone I got my hands on only 2 machines with around 25% marks which was not enough to get Pass, at least you need 70% marks to achieve the OSCP Certification.
Rest of the time I was very frustrated and confused because I have done good practice in OSCP lab then why I am not able to crack those exam machine and later on time was gone. VPN disconnected and my hope too. L
After 3 days of sending my report, I received mail from Offensive Security that I wasn`t passed. L

The Judgement Day – 2:
After my 1st failed attempt, I was very disappointed and wasn`t wanted to re-attempt for OSCP, because OSCP exams really kicked my ass a lot.

But in the background. I realized that, I fall in some of the places like Privilege Escalation & Information Gathering part.
During the office project and deliverables and I was not able to do proper study and practice again. But still I have to do this.

I was continuing to improve my Privilege Escalation & Information Gathering part every day over the night.

But in March 2017 I seen a Facebook post of one my friend about his OSCP Achieving, I think should I try one more time hence i was improving my weakest parts and yes. Just after 15 day I schedule my OSCP Exam at the same time. Within 15 days I did all practice and studied a lot on the things where I was lacking.
Received the VPN details and exam details on sharp 4:30 PM, this time I was confident and decided to crack the machine which have highest marks. Within 12 hours I was managed to crack those machines and was very near of Passing Marks. Next 12 hours I put my almost all efforts and finally I achieved the score which I was looking for just before 1 hour.

Sent my report to Offensive Security with all details and within 2 days got the haunted mail and It was "I have Obtained the OSCP Certification"

Best of luck to anyone who going to take on the OSCP course and exam
Resources:
Some resources I used:
More information about the OSCP and PWK can be found here:


2 comments:

  1. So what was the issue that didn't allow you to crack those machines initially?

    ReplyDelete
    Replies
    1. In my 1st attempt, I wasn't good enough in Privilege Escalation & Enumeration. Later I improved it and re-attempted.

      Delete