Is OSCP a good place to start pen-testing certification?

2021-08-05 07:46:00

Someone on Discord recently asked me: "Is OSCP a good first cert for someone who wants to go into pentesting?"

I thought I'd share the response I gave them. I hope it's still a valid viewpoint, what with my OSCP being a few years ago.


Yes, but no.

OSCP is entry-level stuff when you look at it from a technical perspective. All the exploits and vulns we need to work with during the exam are relatively clear-cut and you don't have to do any development yourself. 

What makes OSCP a heavy-hitter is the non-technical aspects: you are under incredible pressure (X boxes in Y hours, plus a full report), you are given a black-box environment with targets that could be (almost) anything. OSCP is about research skills, about time management, about perseverance.

If you do the PWK class work before the exam, you are almost fully prepped for the technical aspects (vuln types, exploiting vulns, etc). Doing a large part of the PWK labs will prepare you for the research part of the exam. Which leaves time management and perseverance, which are personal skills that you need to bring yourself. 

If you were to ask me for a better place to start, I'd look at eJPT first. 

Get your feet wet with the basics and something that's also recognized as a solid first start. 

I personally think OSCP isn't a good first cert because, if you're still getting to know your way around the tech basics, then you won't have enough time to learn-on-the-job during the exam. 

If you have a good background on Linux/Unix and Windows, knowing how their services can be abused and how privesc can be done, and you've actually done it a few times, then you're on the way. Ditto for vulns and exploits in webapps or other network services: if you understand them and can apply them, then at least you have the basics out of the way.

With the OSCP exam, there's no telling what you're getting! It could be relatively new software on a new OS, or it could be an antique application in a weird old language. 

If you know the basics of vulns and exploits, then you at least know what you're looking for. You will only have to learn the actual target on-the-fly. tags: ,

View or add comments (curr. 0)