Certification name: Offensive Security Certified Professional:
Penetration testing with Kali Linux. (PWK)
If you’ve reached this page you maybe gathering information on whether to do this certification or another one, say maybe the CEH?
What follows is my experience when I took and passed what I think is an excellent course and exam. Then some tips for preparing so you can get the most out of it.
The course itself is well worth the pain it happily puts you through. Did I mention the anguish? Well you will get plenty of both, but once you get passed all that, the rewards make it well worth it.
The course itself if available in 30, 60 or 90 Days with option to purchase more lab time with an exam shot. You get the course material and then the the chosen amount of time in the labs you bought with it. Firstly you will need to download the recommended virtual machine image that will have all the tools necessary for you to successfully complete the course (Links in the course material). As well as a hyper-visor to run it. (Either Virtual Box or the VMWare Workstaion or the free VMWare Player). You work through the material, do the exercises and test what you have learned in the labs so you can become familiar with the tools and methodology.
The labs themselves are essentially a number of networks you access via VPN that you can freely scan and attack to your hearts content. There are a few restrictions such as no ARP spoofing or DNS attacks, anything that could potentially disrupt other students as you do share the labs. There are a number of identical lab networks that are available that students get assigned to so you do not have to worry about congestion or clashing with other students attacking the same box. In fact some popular boxes are duplicated within the environment. This reduces the likely hood of students clashing (it can happen but it is greatly reduced). Students are also encouraged to do a couple of checks before the attack a target. If its being reverted (reset) recently there is a good chance another student is currently playing with it.
But don’t worry there are over 50+ machines across 3 networks in the labs so you will not be short of machines to try an break into.
The main purpose of the labs to is bestow experience on you, each machine has a different way to be attacked. Although you could potentially use the same exploit on similar machines, you would not gain or learn anything from it. It is generally recommended that you do most if not all of the labs before you go for your exam, but this is just a suggestion. I know of some people who had only done a small handful of lab machines and passed their exam fine. But this is purely down to the individual. (One or two of them may even already be Pentesters so already have good experience)
Coming from a sysadmin point of view the course taught some lessons in not being afraid of breaking/changing things and trying things out. It was a difficult thing to learn for myself as I was so used to fixing and keeping services up and running.
The material was mostly all new to me, I have Linux and Windows experience and some scripting skills so these bits were easily assimilated. But other sections such as buffer overflow and understanding registers were all new, as well as the small amount of Python too.
At times I felt like I was over my head, and as it is intended; you do need to do a lot of external research to get a full grasp of all the exercises. This is all part of the course. Read one section, spend the next 3 hours reading other resources until you were happy with what you learned.
How long will it take to pass?
Every one is different, it will depend on how much time you have per week you can devote to this course. If you can get 5 hours a day you should be able to get through everything within 2 weeks easily. But if like myself you have work, life, food and sleep that gets in the way it will take you longer. But please do not get hung up on how fast you need to pick up this stuff. I myself started in March, and passed beginning of November on my 2nd attempt. I did have a full 2 weeks off from work to do labs and I found this invaluable. But this would depend on how flexible your work place is.
The course aim is to empower student to learn themselves, try things out, fail a lot but always learning from the failures. The course moto isn’t ‘Try harder‘ for nothing! Spoilers are discouraged by admins and other students. Where’s the fun in being told the answers when you need to learn yourself.
One of my issues with this course was the fact that you get your course material at the same time as your lab sessions start. So you are conscious of the time you are taking. Your lab time is counting down. So you may race through the material just to get into the labs sooner and before your time runs out.
My advice, book the 30 day session as your first then once you need more you get what you need. This means if something happens as life always does, you do not have lab time wasting away.
Student support and resources:
IRC on freenode network channel: #offsec : a place where you can talk to other students.
Contain a vast array of knowledge and a place to ask question and read a little more about the machines in the labs. Admins are very good a trimming off any potential spoilers, as you will not learn anything by being told how to break into a particular box.
Live Chat with Admins:
If you get truly stuck you can chat to an admin who will ask you what you have done and guide you without giving too much away. It may as simple as ‘You are heading in the right direction keep going.’
Preparation before the course:
This is an excellent guide to preparing for the course. Its well written and will benefit anyone who is looking to participate in all the fun 😉 I followed this guide a little late but did follow this as supplemental for my learning.
Hind sight: Do the prep first before the course. You will benefit greatly
Useful things to also learn:
- Bash scripting (nothing serious just some loops, output redirection and pipes. Common tools for string manipulation such as sed, grep, cat, cut etc.)
- Python to a very basic (just enough for developing, changing exploits)
- Basic Linux administration (moving around the filesystem, day to day administration)
- Basic Windows Administration
Once you’ve done the above why not have a play with some vulnerable machines and dip your toe in.
OSCP like virtual machines from Vulnhub.
- Kioptrix: 2014 https://www.vulnhub.com/entry/kioptrix-2014-5,62/
- FristiLeaks: 1.3 https://www.vulnhub.com/entry/fristileaks-13,133/
- Stapler: 1 https://www.vulnhub.com/entry/stapler-1,150/
- VulnOS: 2 https://www.vulnhub.com/entry/vulnos-2,147/
- SickOs: 1.2 https://www.vulnhub.com/entry/sickos-12,144/
- Brainpan: 1 grl_uk: https://www.vulnhub.com/entry/brainpan-1,51/
- HackLAB: Vulnix https://www.vulnhub.com/entry/hacklab-vulnix,48/
- /dev/random: scream https://www.vulnhub.com/entry/devrandom-scream,47/
- pWnOS: 2.0 https://www.vulnhub.com/entry/pwnos-20-pre-release,34/
- SkyTower: 1 https://www.vulnhub.com/entry/skytower-1,96/
You can either do the above before or after your course, I know some people who do these machine as a supplemental after their labs finish. Good for practice.
I am running through these now, to gain more practice and experience. And I shall also be getting more lab time in despite having passed the course. I did not finish off all the machines so I cam eager to gain more from them. The labs are that good.
So to summarise….
- Do the prep first (read the book, watch the videos)
- Book your course and lab length
- Do at least 30-40 machines in the labs
- Re-grow hair.
- Book exam
- Pass your exam.
- Have some tea.
That’s it. Hope you enjoyed reading as much as I enjoyed writing this.