Not Just Another Technical Certification
Offensive Security Certified Professional Certification is self proclaimed to be the first hands-on offensive information security certification. built and designed to occupancy the Offensive-Security Penetration Testing with Kali Linux course as well as challenge OSCP students to prove they have a clear and practical understanding of the penetration testing process and life-cycle.
The Offensive-Security Penetration Testing with Kali Linux course is centered around a virtual private network environment referred to as "The Labs". These environments are tailored and designed to be group areas for multiple students to have access to and hone their skills against several vulnerable systems within their assigned Scope of Penetration. After the completion of the course the OSCP Student is then granted access to a rigorous 24 hour certification exam in order to demonstrate their ability to enumerate targets within the new scope of penetration, exploit those targets and clearly document their finding and results in an established penetration test report.
According to Offensive Security an Offensive Security Certified Professional or OSCP is clearly able to execute and complete the following objectives.
- Use multiple information gathering techniques to identify and enumerate targets running various operating systems and services.
- Write basic scripts and tools to aid in the penetration testing process.
- Analyze, correct, modify, cross-compile, and port public exploit code.
- Successfully conduct both remote and client side attacks.
- Identify and exploit XSS, SQL injection, and file inclusion vulnerabilities in web applications.
- Deploy tunneling techniques to bypass firewalls.
- Demonstrate creative problem solving and lateral thinking.
As you can see these objectives require an extensive base of knowledge and skill across many differentiate specialties and technical platforms. So that being said in my opinion this certification clearly represent the holder of such a certification as a highly specialized generalist with both creative alternative thinking prowess as well as highly perspective technical knowledge. Now applying these objectives to my own learning experience during my recent PWK course I can without a doubt attest to how difficult and painful this course is! But I do not believe that currently in today's market this is a better course out there...
Unfortunately for me I was unable to complete fully the objectives to be granted the OSCP Certification designation, however I am not shaken or disappointed at the results of this outcome; as both personally and professional I feel that I need to further advance my knowledge and technical expertise on the objectives noted above.
So what am I doing about it? well I am setting up a self-train advancement program, or as my Drill Instructor from USMC Boot Camp would say "Un-Fuc#ing myself". My plan is pretty simple...
- I am setting up a LAB environment to host vulnerable virtual machines.
- Putting together an extensive and ongoing reading list.
- As well as taking advantage of as many free and available on-line training resources that are out there.
So the clock is ticking and from my understanding I have approximately 10 months to complete my plan and re-take the certification.So stay tuned and I will post some details and references to valuable resources that I find and feel may be useful to others.
Credits and Thanks
Offensive Security - Founding authority on this subject.