21

I am new to this whole Offensive Security field. Also I have not spent much time in IT. 6 months back I started running behind Offensive Security & started studying.

First I studied for C|EH and got some concepts clear. I wish to signup for OSCP & will be my first certification exam. But some confusions in mind about preparation. I have studied CCNA fully, not good in server Admin side. I know C and C++. I am learning RHCE for Linux preparation, Python also.

What do you guys recommend me to do right now. Do OSCP guys teach everything from scratch? Or first I have to do self study everything and then sign the course?

What self study resources are recommended?

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
kriss
  • 337
  • 1
  • 2
  • 4

2 Answers2

24

Edit: I'm an OSCP now, and you can read my review here, but to briefly answer your question.

OSCP is nothing like C|EH, SSCP or any of the other courses I know that are out there. It is extremely practical and leaves tons of opportunities for further research and development on your own.

If you're looking to learn something new or establish ground in I.T. Security, the PWB course is awesome. It teaches you the ropes, but leaves you to climb them ;D.

Generally a 60 day course period is recommended if you can dedicate 3-4 hours daily, or 30 days if you have prior knowledge or can go 8 hours a day consistently.

Rather than another accolade the course is meant you teach you know to deliver offensive security at a practical level, not only in theory. You take this course and there will be countless times you will be frustrated, bogged down, discouraged, but you have to keep going and as they say "try harder". The labs are not difficult, they're challenging. But the high you get when you break through the obstacles is worth it and the cost.

If you're doing it as a cert. then it'll be disappointing, if you're doing it to learn, welcome to the lot.

The course doesn't have any major prerequisites as they teach the basics from ground up. This is what I feel you'll need:

  • Knowledge about TCP/IP
  • Linux Usage & Navigation
  • Basic understanding of exploits and payloads in Info. Sec.
  • Basic Scripting/Programming Knowledge Helps
  • ...and the most important, determination.

Good luck.

Further Research References:

http://proactivedefender.blogspot.in/2012/01/oscp-my-review.html http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/board,58.0/

WhiteWinterWolf
  • 19,082
  • 4
  • 58
  • 104
Rohan Durve
  • 2,321
  • 16
  • 19
  • Thanks Rohan. Nice to hear from someone who is going through the course...In fact I want to join OSCP for knowledge sake only, Cert. is the less important part. The only thing i lack right now is "Basic understanding of exploits and payloads in Info. Sec.". Will be thankful if you could give some hints and links on where to start for this topic ! Thanks again – kriss Jul 08 '12 at 05:06
  • Metasploit Unleashed. http://www.offensive-security.com/metasploit-unleashed/Main_Page Complete that and all your prerequisites for PWB will be met, further more it's free! ;P – Rohan Durve Jul 08 '12 at 06:09
  • 3
    The exam does not let you use Metasploit - so you need to learn how to exploit without it in class. Learning Meatasploit before PWB is a big help to understand concepts, though. The Meterpreter is allowed as a payload, but not the scanners or exploits. – schroeder Jul 08 '12 at 20:26
  • 3
    If you are new consider 60 days the minimum. Be prepared to go for 90 days, and prepare to take the exam more than twice. – schroeder Jul 08 '12 at 20:30
  • Thanks schroeder for reply. BTW how much prior knowledge or experience in InfoSec would i require before taking PWB ? I know OSCP is damn tough. I am not quite clear with all of the concepts in this field, and in fact never tried hacking even. I am planning to signup becoz I am in very hurry to learn, and cant keep wasting time in hit and trial based learning. What do do you say ? – kriss Jul 10 '12 at 17:20
  • currently doing my OSCP and sucking it up! im at exam level now and its slipping through my finger tips by a matter for 5-10 points (you need 70 to pass)...the course is a bit bad IMO but the labs are good, thats what you are paying for when you do PWK – TheHidden Sep 15 '16 at 16:46
10

The first preparation you need is spend time in IT.

As I said some days ago in another question, people is moving to security following news about high cash earns, cyber wars, etc, and do not even want to learn the basics of how everything works.

EDIT as it looks this question keeps getting attention.

I've been in the field now for around 3 years, and my original statement keeps proving. During these years I have met people that wanted to get into the field, or that even are in the field, and can't use a Linux system, or don't even know what's the TCP-handshake...

My advice is to get the more low level you can, that is, forget about Metasploit, sqlmap and other "shits", and really learn what's going on behind the scenes. It's a slower and not as "cooler", but in the long run it's the best option if you really want to be a good professional.

The Illusive Man
  • 10,487
  • 16
  • 56
  • 88