Offensive Security, PWK and OSCP – A Review
PWK and OSCP
Penetration Testing with Kali Linux (PWK) is Offensive Security’s starter course for newer folk in the field of computer security. Although it’s advertised as an entry-level course, it’s recommended to be acquainted with Linux, TCP/IP, Networking and be familiar with at least one scripting language (Python/Ruby) and one high level programming language (C/C++).
The Offensive Security Certified Professional certification is an optional certification provided upon clearing the OSCP challenge available when you register for the PWK course.
You can check out more information about the course here.
It’s a good idea to brush up on your choice of scripting language and have an idea of C programming as you will need to ‘fix’ quite a few public exploits. Reading up on networking is also a good idea as the point of the PWK course is to give you a hands-on experience with attacking a network.
You can check out the Course Syllabus here
Post Registration – Course and Lab
At the start of your course you will receive a care package (approximately 650 MB) containing the course videos and PDF and also a link to the appropriate Kali Linux VM image for the hands on.
I would recommend going through the course videos first then following it up with the PDF and related exercises.
An important aspect of the course is documenting your work. I preferred KeepNote for on the fly note-taking for its easy to use interface and easy organizational abilities by arranging files in hierarchical structures.
The course walks you through an introduction to Kali Linux and then eases you into the various available tools along the way. The content features a module dedicated to exploiting buffer overflows which helps immensely with understanding the underlying concept of b0fs.
I was finished with the course content within a week and moved on to the lab. The virtual pentesting lab features about 50-odd machines spread across multiple subnets designed to be rooted.
The lab machines varied in difficulty from push button, get bacon to pull-out-your-own-hair difficulties, top of the chart being the trinity of pain, sufference and humble. A lot of the machines are also only exploitable via client side attacks which provides a realistic penetration testing experience.
At many points of time while going through the lab it becomes tempting to just give up on it but in these times is when one must remember the Offensive Security goto hint.
If that doesn’t quite work out, the forums and IRC channel are great places to seek guidance.
The experience of pentesting a virtual lab is unforgettable and every OSCP will say that they definitely miss the lab.
The OSCP challenge is a 24 hour time bound test in which you have to root enough machines to clear the points requirement. You’re given credentials for the VPN and machine IPs when your 24 hour exam period begins.
Even though 24 hours seems like plenty of time, it seems to fly by while you’re in the flow of the exam. It’s certainly enough time to eat and sleep in between but getting too lax might cost you. I managed to get the requisite points in just under 23 hours and proceeded to catch up on some much-needed sleep before finishing up the exam report.
After sending in the report, I heard back within 2 days from the Offensive Security team congratulating me on clearing the OSCP certification challenge and now I look forward to the CTP and OSCE challenge!
The course places a heavy emphasis on self learning and for this purpose, I relied on quite a few online sources. I’ve linked the major ones below.
As there are 50 pc to root, can you give 1 or 2 examples how you accomplish this?
I can’t tell you the exact method but the lab materials teach you the basic process which involves recon, scan, vulnerability identification and exploitation.