As a developer for over 20 years with an interest in security, hacking and vulnerabilities, I had played around with OverTheWire, done some boxes on VulnHub, and participated in some CTF’s here and there, so I decided it in 2020 that was time to up my game and go for the OSCP certification. ☠️ This would be a proof to both myself, and the company I work for that I am serious about steering my careerpath from a senior developer to a penetration tester. I also think that being a developer helps me as a penetration tester.
I went through the video course, the pdf documents and learned lots of new stuff along the way. I also completed CompTIA Security+ certification and an IBM QRadar course in 2020 to get a broad security foundation, and to see if there was other parts regarding security that interested me even more than penetration testing (there was not).
It is not an easy certification, as you need to learn penetration testing on both linux and windows, and learn a bit about everything. Especially the windows bits was new to me, such as windows buffer overflow explotation, client side attacks with HTA and office macros, cross-compiling exploit code, antivirus evasion, windows privilege escalation, active directory attacks, pass the hash, overpass the hash/pass the ticket, mimikatz silver and golden tickets and powershell empire. I procrastinated on the labs, so I did not take more then about 15 of the 50 boxes in the lab, so I based myself on hackthebox to continue my learning.
Exam, report and result
Last week I had my exam, 24 hours on 5 machines. I used a total of 22 hours, where 2 hours was spent on doublechecking that all requirements was met and adding som more documentation to my notes, 5 hours was lost on stupid mistakes and I had about 2 hours in total breaks for dinner, coffee and general relaxation. So effectively 13 hours of work. I managed to root 4 of the 5 machines.
I spent 12 hours the next day to write a report totalling to about 50 pages. 2 of those hours was spent on triple checking that I had included all that is required, and had not missed anything. I based the report on the template from Offensive Security. I knew I would not get any points for the last machine, but still included my findings for that machine, It couldnt hurt.
Then the gruesome wait. 🥶 Fortunately Offensive security was quick and just after 2 days, I got a mail congratulating med with passing the OSCP certification exam! 🥳🤩