Wednesday, 13 April 2011

Passed OSCP - I'm back and blogging

I've not blogged a great deal in the past month or so. This is mainly because I have been focused on my studies.

This blog is just to say, that I have passed the OSCP, which has got to be one of the most challenging and worthwhile IT Security courses and certifications that I know of.

OSCP is a unique 24 hour exam; A live online Pen-test, in which the candidate must complete 5 hacking challenges to break into several computer systems (that you have never seen before), gain root or system-level access, and collect a trophy file to prove it.

You then have a further 24 hours to document and submit your results, explanations, and supporting proof, in a Penetration Test Report.

It's a tough exam. Apparently most people fail at their first attempt, but I passed it first time :o)

What's next
The next part of my study plan is to finish the OSCE (which I already started studying) - Yes, I'm actually looking forward to this 48 hour monster-exam! (Just need to do some more study and 0-day research...)

I now have a ton of letters after my name, but OSCP is probably the one I value the most (as would anyone else who has attempted it) as it demonstrates real capability, rather than knowledge.


  1. what exactly do you mean by "as it demonstrates real capability, rather than knowledge." ?

  2. Hi Anonymous,

    What I meant by that was that I feel it is one thing to know that it may be possible to exploit a vulnerable system with a certain exploit, but a different thing to be able to actually do it, and prove that you can do it.

    OSCP proves that you can manually find vulnerabilities, in systems you have not seen before, customise exploits, and use them to gain access to the system. This is a different layer of skills.

    Many security experts have knowledge of the tools, exploits, and techniques which are "possible" to use (a CEH course could teach some of that) but much fewer people can actually "do it".


  3. Well done Ben, I'm beginning the course myself, any tips you can give me? I'm struggling with the report as not sure how I should approach this being new to Security.

    Any help would be appreciated ;-)

  4. My top tips

    1) Expect to buy more lab time (I found 15-day blocks was good)

    2) Start your report early, when you have pwned 5 to 10 systems. It will help you with ideas.

    3) The lab is big, and some systems are very hard. Expect it to be hard, but don't give up hope.

    4) Don't try to run before you can walk, take your time, and get really familiar with exploits and systems before you move on.

    5) Hacking at this level is all about enumeration. Enumerate everything, and when you have done that - enumerate more.

    6) There are some good hints and tips on my blog, and elsewhere on the web. For PwB most of the answers are somewhere on the web - some you will have to customize, and a few you will have to invent.


  5. Ben
    For PwB most of the answers are somewhere on the web - some you will have to customize, and a few you will have to invent. -----

    Can you please provide a link

  6. Hi tux,
    I'm not sure I understand what you are asking for (exactly).

    But, if you are studying PwB, and are asking me "Where are the answers?" - then I feel you have misunderstood a core purpose of the course.

    What you need to do is work out (for yourself) "How to find the answers", not just "find the answers".

    That is a massive difference.

    There is no link I can provide you to give you that.


  7. Congrats :) I'm looking over some material for the OSCP myself, will apply for it when I have some spare cash. How long did it take you to complete it? Did you get time to sleep? Anything else worth mentioning?

  8. Hi Sean,
    I probably took about 10 hours on the exam to get enough points, but I carried on trying to get the last system - nearly got it but ran out of time...

    The course can take you a long time, before you are ready

  9. Mate,

    Congratulations but don't get too hyped up . From what I can see on the outline, any Unix admin with > 4 years experience will ace this exam. Well done still .

  10. No Anonymous, I really feel you have misunderstood. This is not a course about Unix administration - in fact, nothing like it.

  11. Maybe,you misunderstood. How much Unix experience did you actually have going into this course ? See if you did, then you would have realised that a majority of the stuff covered are things that most Unix admins will tackle on a daily basis. The only exception will probably be buffer overflow attacks which in fact anyone with a decent grip on ASM will tackle with ease .Have you read the ART OF EXPLOITATION or SILENCE ON THE WIRE ?

  12. Ok, if you think you are ready, sign up for the course

  13. Good job ben I respect your hard work.
    I'm now working on my report :/ pain..

    hopin to be in your league soon :p


  14. Good stuff Dom, best of luck with the exam.

    You will find that there are no leagues ;o) Everyone knows unique things, nobody knows everything, and there is always more to learn.

    Have fun.

  15. yea dude, have to agree with that

    and we all know the above anonymous said abt the course is totally a joke. :p

    my test is in two days,
    im gettn even more nervous by reading all you guys' review :/
    and sadly my system corrupt.. i lost my student report..
    which means i need HIGHER score to pass the test now..


  16. what was your study plan for this exam , what course u toked before taking labs ,do u recommend SANS Wed Pen Test Course .

  17. PwB was one of the first pentesting courses I took, though I would not recommend that, as it is rather hard.

    It is the best course there is though, but you will need lots of time and enthusiasm to get you through.

    The SANS web course is a good complement to PwB as these two courses don't cover a lot of the same material, but they are both very important if you want to be a good pentester.

  18. which more important to learn before taking the course python or shellscripting?

  19. hi ben...just curious im planning to take OSCP as well as soon as i passed CPTE from wondering what is the PWB material/course you keep saying?

  20. Hi ben, I was wondering if I could ask your opinion on something. I am currently studying a msc computer science degree and want to get into pen testing. I am trying to decide whether to do another msc but in ethical hacking at abertay university, msc information security at royal holloway or learn oscp full time. Sorry this is off topic! Many thanks in advance

  21. dark_knight_baby,

    PWB is the course, and OSCP is the exam.


    I would steer away from the academic courses, as academia doesn't tend to be up to speed with the cutting-edge of the real-world. OSCP is a good option, but you will learn the most by practical application of the techniques, working for a company that does pentesting (as their main line of work).

    I did it "the wrong way round" - i.e. doing OSWP, OSCP, OSCE - and then getting a job as a pentest - but there is no "right way" - and I did have the advantage of already having around 10 years experience in the IT Security industry.

    So, do OSCP, or find a company that will start you off as a junior pentester/consultant (or preferably both).

  22. i signup in pwb course and i am certified CEHv7 & ecsa-lpt .and watching videos and practice it in my laptop kindly tell me that what type of exploits we can use in 24 hrs exam. on exam is points are divided into different servers and minimum points to pass this exam is 70 points . i started from basic level not have knowledge of bash. in exam buffer over flow method is used i am facing difficulty in it. kindly suggest me . i have little very basic knowledge linux but i am developing it as course go on i can easily understand what is going on course. i am too depressed abut this exam.

  23. hello guys, any one is having oscp material including guide and vedios....please share please....