“Offensive Security Certified Professional” or OSCP. What does it mean? And how will you get this certification? Well, read this post to get an overview of the so-called OSCP.
What Is Offensive Security Certified Professional?
It is a certification designed for network security professionals. Especially those who want to show how good they are when dealing with network security vulnerabilities.
Normally, it’s a penetration testing exercise. And the candidates act as a white-hat hacker. They will need to identify weaknesses in a network system.
Additionally, it is a certification program that focuses on hands-on offensive information security skills. And this training consisting of two parts:
- A nearly 24-hour pen testing exam, and
- A documentation report due 24 hours after the pen testing exam.
So, OSCP is a very hands-on examination.
Is It Hard To Pass The OSCP Certification?
If you try to ask OSCP-taker about the difficulty of the exam, most likely, you will get varying answers. But, most of them will say that the OSCP exam is the most difficult. Which they have taken in their lives.
That’s why it’s crucial to prepare well before taking this exam. PWK course is the official OSCP certification course. But it doesn’t teach you everything. However, there are enough materials to help you get started.
What You Need To Learn In Preparation For The OSCP
Below is the list of things you need to learn before the OSCP exam:
- Linux and Windows Environment – You must be familiar with these two. Because both of these will help you spot clues for privilege escalation.
- Linux and Windows Commands – Knowing Linux and Windows commands help a lot. So, brush up on them!
- Basic Programming Skills – You need to expect debugging and rewriting exploits. Thus, learn Bash Scripting. It will help you to automate repetitive tasks.
- Web application attacks (SQLi, XSS, Local File Inclusion, Remote File Inclusion, and Command Execution) – You have to expect lots of web application content in the labs. Moreover, practice bypassing web security filters for injection attacks.
- Metasploit Framework – Brush up on creating payloads with various formats. Do it by using multi handlers. And also by using staged vs non-staged payloads. These things will save you time during the exam.
- Nmap – during your lab or exam, different scanning techniques and Nmap NSE Scripts will help you a lot.
- Netcat and Ncat -Knowledge of these is also important. Because you’ll be using them a lot of times during the OSCP.
- Wireshark and tcpdump – These two are essential because you will be using Wireshark to debug your exploit. Or the tcpdump, when machines do not have a GUI.
- Windows and Linux Privilege Escalation – Besides using kernel exploits, learn well on misconfigurations like weak service/file permissions and NFS/Shares.
- Escaping restricted shells and spawning shells – You will also face a lot of these during your OSCP examination.
- File transfer – You need to know the different techniques on how to transfer files to a target machine.
About The OSCP Examination
Offensive Security exams “rely entirely on demonstrated ability and merit.” Thus, it is not a standard multiple-choice exam.
The candidates are expected to demonstrate that they can identify threats and secure networks. Moreover, no external testing company handles the exam. But, Offensive Security handles them all themselves.
Rate this post: