I haven’t been keeping up with this blog very much, but hopefully I’ll be adding more content to it in the near future. At the time of writing this post, I have 15 days left in the OSCP labs. To summarize my time so far: wow.
I can say that this certification is easily one of the toughest challenges I’ve faced in my career so far. No words can really describe the feeling of spending endless hours enumerating a host, trying various methods of attack, failing, and starting over until you finally achieve your goal. It is absolutely rewarding to see that shell up on your screen for the first time.
So far I have a total of 8 hosts with administrator/system level privileges, and another 2 with low privilege shells. I have also unlocked a secondary network. I would say the majority of the hosts I’e owned were low-hanging fruit - in terms of finding exploitable services, they were fairly easy. But it’s clear to me that the remaining hosts offer plenty of challenge.
One recommendation I would suggest to to get the course exercises done ASAP. I worked slowly through the exercises, and ended up finishing them somewhere around the 2nd of 3 months in my lab access. While I got to work through everything at my own pace, I feel that I should have allocated more time to focus on the actual lab penetration test. Needless to say, I am considering purchasing additional lab time to really make sure I am prepared for the exam.
Regardless of my final status at the end of this, I feel that I have learned a ton about penetration testing and methods of exploitation. This course challenges you to learn, and doesn’t hold your hand. For the price, it’s a pretty incredible value. You might hate yourself when you’re in the thick of it, but it’s all worth it in the end.