I got the news this morning that I have successfully completed the OSCP exam. It has been a hard 4 month of exams, training and study for me with my CISSP, OSCP and GWAPT and this was most certainly the icing on the cake. It is without a doubt the hardest, most realistic, most valuable course/exam I have ever taken.

I found it so worthwhile I’ve decided to give it a review. So let’s start from the start and I’ll give you as much detail as I think I am legally allowed.

Getting Access

First of all the sign up process is not quite what I have experienced with other certifications. I psyched myself up, sat down with my bosses’ credit card and was all ready to spend some of his money… but no… The guys at offensive-security don’t want your money straight off. Instead they email you with an openVPN configuration attachment with the purpose confirming that you can actually connect to their labs before taking your (or your bosses ) hard earned money.

Now a point of note for those located behind an Ironport Mail Gateway: I waited days for the response email and heard nothing. I was actually starting to get a rather cranky at their (lack of) service. I mean, I had employer dollars to spend. I managed to get in contact with them and deduced that Ironport* have given the Offensive-Security mail server IP a reputation of -3 which is well under our drop by reputation thresholds. After rearranging with them to send all correspondence to my Gmail account we were away.

The Course

So with email working and the VPN confirmed operational we arranged payment for the course (which again was a problem due to the credit card not being in my name… but we won’t go into that) and I got my material and 60 days lab time. What you actually get for your $700USD is quite impressive.

• One PDF containing the course lessons.
• One set of SWF video files where Muts walks you through all but the last few of the course modules.
• 24/7 access to the Labs for 60 days via VPN which is full of vulnerable devices to attack; and,
• Hours of guaranteed pain, suffering, joy, frustration and exhilaration.

The combination of these materials creates a very comprehensive learning environment. Overall there are 16 modules of delightfully wicked goodness. The PDF covers each of them in fair detail but the videos are the real meat of the course. Each module covers a specific aspect of penetration testing. These range from the information gathering stage, all the way to keeping access and rootkits.

Muts, through the videos, keeps you company as you make your way through the course material. He pushes you to learn more and he provides links to more information in case you would like to expand your knowledge in any of the areas that can’t be covered in depth through a 5 minute presentation. I found him to be very articulate and the videos are of quite high quality.

The videos only cover from chapters 1 – 13 and then you are left with the PDF to guide you through the rest. This turns out ok however as the last 3 modules are more of a brief and require more external reading through the provided links rather than the total immersion that is the previous modules.

Most modules allow for hands on practice through the labs. This was of the most benefit to me as this is how I learn best. Often I find you can read something that sounds simple and easy but when it comes to actually putting it into practice things just don’t go according to plan. Hours were spent by me working through the exercises and trying to smooth out the lumps and bumps and believe me… there were plenty of lumps and bumps

Lastly once you have finished the modules you are free to (and actively encouraged to) attack the rest of the lab network with the exception of the other student machines. A list of final challenges is set upon you and the goal is simply to get root or admin access to each device. This is quite a lot of fun, and far from easy.

The Exam

The first thing I have to say about this exam is that it’s a really tough exam. You are given 24 hours to gain root or admin access on 5 devices. From what I have seen in the field, these devices are as close to the real deal as you can get.

It was a lot of fun when I wasn’t stressing to the hilt. The different ways to break into these devices was very good and bound to stretch your mind.

What else can I say about this exam… well not much. I’m not allowed to… sorry

After you successfully pass the exam you are given access to a forum just for OSCP’s where you are free to discuss all aspects of the exam and course. I found it interesting that students worked out multiple different ways to get into the same devices. This brings on my only real point of angst about this course. I was unable to crack one device, so as soon as I got access to the forums I jumped in to find out how to crack this nut. It turns out everyone before me (that posted) had done it using a particular exploit that works on a particular port (could I be any more obscure ). So moving back to my pain point… That port was not even open on that device during my exam!!! So, I still have no idea how to get into this device.

Conclusion

This is a brilliant course!

I have done many courses both from vendors and course providers such as SANS and the Offensive-Security. While a lot of the other courses have been great, the Pentesting with Backtrack (OSCP) has easily provided me with the most value. I walk away from this course actually feeling like I have achieved something solid. This is both due to the time it takes to work through the course at your own pace and the quality of the content.

This course is by no means for beginners into IT. It works through some very complex topics and concepts. It is recommended that you have at least some coding experience as well as an operational knowledge of Windows and Linux.

For $700USD I think it’s a must for anyone in the IT security industry to work towards and I expect to see the certification gain serious traction and the respect it deserves in the near future. I know I’d be looking for an OSCP if I was hiring.