Sign in Subscribe
3 min read oscp

Offensive Security Certified Professional

All the Things You Want to Know About the OSCP Journey!

Ah, the OSCP—that elusive, brain-melting certification. If you're reading this, chances are you've heard whispers of "Try Harder" in the shadows of the pentesting world.

So here’s a peek behind the curtain at the PWK (Pentesting with Kali) course and life-changing OSCP certification, presented by none other than Mati Aharoni (aka Muts) and his team at Offensive Security.

First things first: If you’re serious about becoming a pentester or just want to strut around with some next-level skills, this course is an absolute MUST. It's an all-consuming, mind-altering experience that will probably change how you look at life, networks, and even your toaster.

Let’s dive in, shall we?

The Course Format

The PWK course gives you all the tools (and headaches) you’ll need, neatly packaged into:

  • Course documentation (yep, PDFs for days!)
  • Course videos (because who doesn’t love a good hacking montage?)
  • A live student lab (via VPN—get comfy with it)
  • And finally… the OSCP exam! 🎉

You get to choose how long you’ll suffer in the labs—15, 30, 60, or 90 days. My advice? Go for 90 days unless you’re already bending networks to your will like a pro.

Course Experience

Let me introduce you to the phrase that will haunt your dreams: Try Harder. The admins love to say it, you’ll hate to hear it, but eventually, you’ll embrace it. Balancing this course with a full-time job, sports, and a life was... umm, challenging. But was it worth it? Oh, absolutely.

The labs? They’re a buffet of pain and joy, with targets ranging from baby’s first hack to WHAT EVEN IS THIS?!. Beginners will enjoy a few quick wins at first, but soon, the rabbit hole opens, and down you go. Here’s a key reminder: Every box is vulnerable. Yes, even that one. The trick is to stay motivated when a box like Ghost, Pain, or Sufferance decides to laugh at your misery for days.

Pro tip: Mix it up! Use pre-packaged exploits from Metasploit but also build your own. Trust me, tinkering with your own scripts not only gets you through the labs but also leaves you with a Python skillset you’ll cherish forever.

Tools of the Trade

By the end of this course, your toolkit will look something like this:

  • Nmap (with those fancy NSE scripts)
  • Netcat (nc)—aka the Swiss Army knife of networking
  • Nikto and dirb for web enumeration
  • Bash & Python scripting (your new best friends)
  • Metasploit (but don’t lean on it too much)
  • Proxychains (get ready to chain like a boss)
  • Exploit-db (aka your cheat sheet)
  • GDB & Immunity Debugger (because debugging is an art)
  • Burp Suite, and so much more.

The Lab Survival Guide

Let’s be honest, you will get stuck. Probably more than once. When that happens, here’s the mantra:

  1. What do I actually know about the target system?
  2. How can I dig up more dirt?
  3. Have I really enumerated everything? (Spoiler: You haven’t.)
  4. Enumerate some more.

Oh, and one more thing—DON’T move on without looting. Nothing stings quite like realizing you left valuable breadcrumbs behind.

Pro tip: Keep notes. Take screenshots. Document everything. Future you will thank present you during the LAB report grind.

The Exam

The exam. The mythical 24-hour test of grit, skills, and caffeine tolerance. You’ll face five targets, with points allocated based on difficulty (10 to 25 points each). Once the clock runs out, you get another 24 hours to compile and submit your report.

Some folks finish in under 10 hours (they might be robots), but for most, it’s a full 24-hour marathon. Whether you crush it or crawl across the finish line, you’ll emerge victorious—or at least slightly broken, in a good way.

Final Thoughts

If you’re considering this journey, know that it requires serious time and dedication. You’ll spend hours (more like weeks) in the labs, researching, breaking, and fixing things. Extensions might be your friend, but so will persistence.

Remember: “Try Harder” isn’t just a phrase—it’s a lifestyle.

Additional Resources

Here are some gems that helped me along the way:

Now go forth, hack all the things, and may the root shells be ever in your favor.

Published by:

Jeff Blane

You might also like...

07
Jan
2025

Web Application Security: Balancing Depth and Efficiency

2 min read
01
Jan
2024

So you wanna to be a Hacker?

11 min read