Thoughts on Offensive Security's Penetration Testing with Backtrack course

Written on September 5, 2012

The Offensive Security Certified Professional (OSCP) certification is awarded to students who successfully complete Offensive Security’s Pentesting with Backtrack (PWB) course. This is an intense hands on course, where students are expected to use the knowledge and tools they’ve obtained, to hack into several machines in a virtual network. There is no hand holding, no spoon feeding, and the only hint a student usually receives, is “Try Harder”. At the end of the course, the student must pass an exam and submit a penetration test report in order to earn the certificate. Unlike most exams, this one is 24 hours long, and the student must hack into several machines to obtain enough points to pass the exam.

Over the past four months I had been taking PWB, and last weekend, I received an email informing me that I had completed the course and passed the exam. This is a short review for others thinking of signing up. First, this was the most fun I’ve had in a course, and the most intense exam I’ve ever done. Prior to taking the course, I had heard much about it. Stories about people having a hard time, failing the exam, re-taking the exam multiple times, and so on, gave this course a reputation for being difficult, and producing students who had the skills to backup their paper certificate.

My experiences have been positive in the course. By the end of my 90 day lab time, I had hacked into all the machines, including the notoriously difficult ones, and penetrated the additional networks. During the exam, I scored the points I needed to pass after about 17 hours, and continued to try to score more. For folks interested in taking the course, I offer the following advice:

  • Read, and read some more The course materials do a great job of preparing you, but ultimately, you will need to do your own reading and research. Google is a great resource - use it.

  • Hack into everything in the lab Not just for bragging rights, but the experience you gain will be invaluable. The lab is so diverse with different setups, that each machine is a challenge on its own right.

  • Take breaks Taking a break from the computer every couple of hours will relieve tension and relax your mind. This has come in handy for a couple of machines that seemed impossible. An hour of sleep, and the solution came to me.

  • Know some programming It will aid you tremendously if you can write your own scripts to automate certain things. Know some bash scripting (since you’ll be using Backtrack Linux), and at least python, perl, or ruby for scripts that demand more.

Finally, don’t give up. You will at some point, hit a brick wall (or several), during the lab. Remember that every machine in the lab can be broken into, so it’s not impossible. Keep trying, and try harder!