Hi kids!! It’s been a few weeks now since I resat the OSCP exam. GOOD NEWS!! I PASSED!! Now I guess I should chronicle the trials and tribulations of journey that was the Offensive-Security Pentesting with Backtrack course. Grab a drink, make yourself comfortable and read on!
The road to the OSCP certification is a long and intense one. I went into it after completing a few SANS courses that I really thought would have given me the basics for this cert, and to a point, they did .. but it was only the very basics. Now don’t get me wrong, the SANS courses are excellent, and I will always be a massive fan of the great work they have done, but this my friends, was something totally different!
Full of bravado I looked at the overview of the course and secretly thought to myself “pinch of piss” (thats an Australian term by the way – I’m not sure how I could translate it into other languages) and signed up for 4 weeks of lab access. That was the easiest part! I was about to have my ass handed to me in ways that I have never experienced before in my life! I was about to hear the term “try harder” more than I ever expected, at my most confused/annoyed/frustrated states, those 2 words can send you over the edge! Heading into the IRC channel to discuss things often resulted in someone typing !bob, this triggers the channel bot to message you with “Bob is laughing at you!” EFF BOB!!
But, these things, as annoying as they sound, are what in fact make you try harder, and understand things that little bit more. When you research something and work it out yourself, you stand a much better chance of remembering it. The basics in the lab book (which to most people aren’t really basic) gives you the foundation to do so much more. The basics, along with your own crazy imagination, are what will get you through the exam. Did I mention that the exam was 24 hours? Oh yeah .. it’s 24 hours!
I did all the course work, did most of the “Extra-mile” work (the extra-mile questions are the really good juicy questions that get you ready for the exam .. if you don’t do them, you won’t pass – I promise you), extended my lab time by another month and felt real good going into the exam. WRONG!! I spent 24 hours going around in circles. I went in with a game plan, got a rush of blood, put my game plan in another pair of pants, washed that pair of pants, and then lent said pants to a friend! My friend Chris has done an awesome write up of this event! Now, I did manage to get a root on a couple of servers, and shell access on a couple more, but it was never going to be a pass (my exam was actually just before Christmas, I was praying on the Christmas spirit to pass me hahaha).
I was never in the mindset of giving up anywhere along the line, after 24 hours with no sleep I was still really excited about how much I had achieved! Sure, I didn’t pass, but who would have thought that after 8 weeks I would be able to do what I was doing (I don’t want to tell you .. it’ll give away too much information). I was pumped and I was going to redo the exam and pass!! This is where poor Chris fell apart, it was ok, we sat him down, slapped him stupid and got him back on board! Getting Chris back on track was the best thing .. he really helped motivate me when I really couldn’t be assed to study. When I got stuck on stuff, he was there to try and explain stuff. Try and get a study buddy if you can, it makes a heap of difference!
We booked our exam again, and gave ourselves a bit of time off before getting back into it. This time we were a lot more focused. We knew what we had to do, and we had a great plan (that we wouldn’t blow away this time). We both did a lot of pre work for this second attempt (Chris probably did more than me, but who’s keeping track – hahaha). Then the big day came …
WE BOTH SMASHED IT!!!
It all paid off for! I managed to get quite a lot done in the first 45 mins (to the point where I could have passed), but I wanted to get the lot, I was going to get all the machines! The final machines were tough, tough because one was so blindingly easy that I missed that my exploit I did had actually worked (RETARD!!), I believe that I did the exact same thing on my first attempt and only realised about an hour before my exam was up hahaha. The other machine was just hard .. hard, hard, hard!
The end result is, I got all of the goals! I passed the exam, I am now an OSCP! The exam was the most rewarding thing I have done, and I am proud to say this is the first security related exam that I have EVER failed! This course has already given me opportunities I would have never had before, It was one of the best things I have done and I couldn’t be happier.
If you’re reading this and thinking about taking the course, DO IT! Leave yourself enough time to go through the material a few times, leave yourself enough time to try and get root on ALL the lab machines, have fun and don’t get too bogged down in things. When it’s all too hard, go and get some fresh air or move on to something else. I hope everyone enjoys the course as much as I did!! I actually enjoyed it so much, that I have just signed up for the WiFu course that is offered – but that’s a post for another time!

