the oscp cocktail, preparing the pwk

Posted on by michael

A while back I earned my OSCP. I have written my reviews of it in two parts, once just on the logistics of my course experience, and another with advice to others. I often see requests on what to do to prepare for the OSCP or what it takes to earn it, and I have a saved response that I often give out to those learners. And I realized I’ve never really put it down here on my blog in complete format (a large chunk of it comes from the aforementioned advice post). So, here it is in entirety: my advice to people with the question, “Am I ready for the OSCP?” (A.K.A., part 3 of my OSCP series…)

Let’s first take a step back and ask this question: “What do you hope to get out of the OSCP experience?” In other words, “What is your purpose?”   

There are two main goals for the OSCP, though one really overshadows the other. First, the OSCP cert will open doors to pen testing and other security jobs; it’s a way to confer some immediate credibility amongst those who know what the cert is about. Secondly, and most importantly, the cert and lab are ways to teach pen testing methodology and frame of mind; how attackers work. It’s not about pwning more systems, or getting another add on the resume/CV; it’s about learning how to think like an attacker and efficiently evaluate systems and provide value for customers and admins.  

My OSCP prep advice is pretty much always the same, and yet it depends on what every student brings to the table. For me, if I were making an OSCP cocktail: 

  • 1 part Windows admin – know how to turn services on and off, add users, change passwords, browse through cmd and windows explorer, RDP, etc.
  • 1 part Linux experience – Know how to move around directories, read files, create files, use a text editor, create users, change passwords (linux essentials or linux+ prep courses will help)
  • 1 part LAN networking – TCP/IP knowledge, ports, arp, wireshark/tcpdump familiarity, firewalls (host and network), dns
  • 1 part security knowledge – general attack classes, goals, major OS vulns over the past 20 years; a pen test course or book works
  • 1/2 part Kali experience – poke around it a bit, experience installing it, logging in, location of some tools and the interface
  • 1/2 part Metasploit knowledge – have used it a bit, run through the free Metasploit Unleashed course
  • 1/2 part web server/client knowledge – nice to have hosted anything with apache/iis in the past and understand config files, ports, php/javascript a little, client vs server-side processing, dash of SQL syntax
  • 1 part coding/scripting logic/basics – if you can make a bash/perl/powershell/c/python script or have coded in the past enough to read and minorly edit script/code chunks, you should be good to start; nothing amazing
  • Sprinkle of efficient Google searching ability 

Bring all of that or more to the table, and you’re set to be slammed in the face with the course material and then hit the ground running in the labs.  

Keep in mind, the course is an entry into pen testing; it’s not a requirement to have popped root shells in the past. The course will grab your hand and start you off the on the path. 

If you want the best example of what you’re in for, go to cybrary and have a perusal at Georgia Weidman’s Advanced Penetration Testing course. It’s free, and will be the closest and quickest way to see what you’re in for. Vulnhubs and hackthebox are fine for practice and to understand the process of enumeration, but they’re not necessary at all. 

Google for OSCP reviews. They are full of suggestions and resources, and usually give a great idea of what the course and exam experiences will be. Don’t over-mystify the course or exam, and thus, don’t over-prepare! Dive in and get on it. 

Try to become familiar with the Kali Linux and the tools it has and the layout. This will be your home base for the course, and has pretty much everything you’ll need.

For those newer to Linux, start using a distro on a day-to-day system and find some online courses on Linux security and administration and shell scripting/commands. Linux+/LPIC-1 level skills are good, anything beyond is great. Also suggest a Bash Shell/Scripting primer.

For those newer to Windows, find some courses on Windows security and OS administration. This includes hosting server-type applications (e.g. web platforms).

Learn some Metasploit. It’s worth it and it’ll get used, whether in the course or beyond as a pen tester. Off Sec has a free Metasploit Unleashed course.

Learn some basic, free, staple tools and get comfortable with working various switches: nmap, unicornscan, curl. Google the top 100 security tools and at least know what you could use each one for. You don’t need to wield/install each one, but feel free to try any out.

To get familiar with some of the big security issues over the past 15 years, grab a copy of Hacking Exposed (McClure, Scambray, Kurtz).

For pen testing theory, check Penetration Testing: A Hands-On Introduction to Hacking (Weidman) or the slightly more up-to-date The Hacker’s Playbook 2 (Kim). The Hacker’s Playbook 3 is even more updated!

Have a decent enough grasp of networking to know how TCP/IP works in general, use and read some Wireshark/tcpdump output, and understand IP addressing, firewalls, and ports.

Have a decent grasp of how web technology works, from configuring web servers, looking at simple HTML/PHP/ASP code, simple SQL queries, and how browsers interact with the web server.

Install some security-related browser add-ons and poke around the Developer tools in place in every major browser these days (F12).

Dive into Python or Perl enough to get into Socket or web request programming. Very useful to start swimming in the ocean of editing or making exploit code or enumeration scripts. Having had a course or class in basic programming is great, as you can start to consume any language if you know the logic. (This is not necessary, but very nice!)

Start thinking like an attacker. This often comes with experience, but start thinking of ways you can get to Goal X or Access Y. What mistakes do you look for? What isn’t default?

Lastly, know that OSCP/PWK comes with course materials and videos that teach you everything you need. So don’t think you are going into this being tested from day 1 and spend 2 years trying to prepare for something that is meant to teach you new skills in the first place. You’re going to be learning from day 1 until day X.

So, what can you do to practice, if that’s what you feel you need to do? Download and install a Kali VM. Join Hackthebox (HTB). Watch Ippsec YouTube videos on retired HTB boxes and follow along. Download VMs from vulnhub and follow walkthrus on those boxes. Read OSCP reviews for more viewpoints. Pwn and have fun!

2 thoughts on “the oscp cocktail, preparing the pwk

  1. Pingback: reflections on passing the pwk lab and oscp exam – terminal23.net
  2. Pingback: pwk and oscp advice to my younger self – terminal23.net

Leave a Reply

Your email address will not be published. Required fields are marked *