2017-05-07 14:38:00
It's traditional to do a huge writeup after finishing the OSCP certification, but I'm not going to. People such as Dan Helton and Mike Czumak have done great jobs outlining the whole process of the course, the exercises, the labs and the exam. So I suggest you go and read their reviews. :)
In the mean time, here are the few things I would suggest to anyone undertaking PWK+OSCP.
- Do all the coursework and document each exercise completely while you're working. Submitting your exercise documents may qualify you for five bonus points on the exam.
- While working in the pen-test labs, write the pen-test report for each host the moment you finish it. Don't race through twenty systems only to start reporting by the end of it all. Writing the report simultaneously ensures that you don't forget details and it creates good habits! You'll get in the habit of screenshotting and of writing a good narrative.
- Prepare a pen-test report template that you can work with. OffSec provide a template of their own, but I think it's heinously ugly and impractical. :) Thus I've made a report template from scratch, including our own corporate branding, which might come in handy later!
- Submit your lab report as well! It might qualify you for five more bonus points!
- Accept that failure is always an option, you'll be a lot more relaxed during your exam. Being relaxed helps you think clearer and thus you stand a better chance of passing. Failure is NOT a disgrace, it's a learning experience!
- It's been stated so often: take breaks. Clear your head for a little while, talk to friends and family. One of my biggest break-throughs came to me during dinner, halfway through a mouthful of bami noodles, while rubber-duckying with my wife.
The day after finishing the exam was one of elation: I couldn't be more happier. But not a day later, I'm already missing the grueling work! I want to go back to the labs, to finish the remaining 30+ servers I hadn't cracked yet. I even want to retake the exam, to get more challenges!
For now, my plan is as follows:
- First, I'm going to study to upgrade my RHCSA and RHCE to RHEL7.
- When I'm between assignments again, I will invest in more PWK labtime to practice with more target hosts.
- Once I have finished the labs I will continue my journey with OffSec's CTP (Cracking The Perimeter) course and the OCSE exam.
Back in college, René was right: "That guy just doesn't know the meaning of the word 'relaxation'."
kilala.nl tags:
work,
sysadmin,
View or add comments (curr. 2)
All content, with exception of "borrowed" blogpost images, or unless otherwise indicated, is copyright of Tess Sluijter. The character Kilala the cat-demon is copyright of Rumiko Takahashi and used here without permission.
2017-05-08 12:30:00
Posted by The Saint
Maybe I was wrong back then Thomas, maybe you get your 'relaxation' from such things? I admire your drive to get these things done, a lot, and I am impressed you manage to do this with family and work.
Congratulations on this excellent result!