How to prepare OSCP?Penetration Testing

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

Home Forums Penetration Testing How to prepare OSCP?

This topic contains 8 replies, has 6 voices, and was last updated by  ycisec 1 year, 9 months ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #65612

    ericmm
    Participant

    Hello folks,

    Have u guys did the OSCP certification? Please tell me your journey here. I want to prepare before the Kali Linux training (OSCP training). How did u prepare? pls guide me

    Thanks.

    #65826

    ycisec
    Participant

    When I was getting ready to take the PWK course to get my OSCP I read through the following books:
    – Metasploit: The Penetration Tester’s Guide
    – Penetration Testing: An Hands-On Introduction to Hacking
    – The Basics of Hacking and Penetration Testing
    – Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning

    I also took the eLearnSecurity Penetration Testing Professional course, and I also poked around with some vulnerable VMs from Vulnhub. Along with this, I spent a fair amount of time reading through the Kali Linux forums as well.

    #65952

    ericmm
    Participant

    Thanks for ur information. I really appreciate it. Should i try to get comptia security + before taking PKW course? Does it need to have basic scripting knowledge like pyton or shell in order to get OSCP>

    #66001

    ycisec
    Participant

    Sec+ might not hurt, but it’s not really directly related for PWK. I got my Sec+ after I received my OSCP.

    Some basic scripting knowledge is definitely beneficial. Being able to read through code and get an idea of what is going on is definitely handy.

    #70934

    breuermar
    Participant

    A good place to find (easy) vulnerable machines is:

    https://www.vulnhub.com/

    You can download them for free and build your own pentest lab. This is a good place to start before taking the OSCP course.

    #71422

    segloser
    Participant

    Hi aungmyomyint,

    Security+ is not needed at all to pass the OSCP certification.

    What you really need is hands-on skills. There is only a way to obtain them. So start practicing a lot.

    Build your own labs. Here in Cybrary you have some recommendations about it. Visit the following links:

    Part 1: Create a Complete Virtual Environment for Penetration Testing
    Part 2: Create a Complete Virtual Environment for Penetration Testing
    Part 3: Create a Complete Virtual Environment for Penetration Testing
    Part 4: Create a Complete Virtual Environment for Penetration Testing
    Part 5: Create a Complete Virtual Environment for Penetration Testing

    At the end of the day, you will need to understand exploiting (do not be afraid, just the 32 bits Buffer Overflow part – the easy one ;)), so you have some pending hard work to do yet. Exploiting requires understanding several disciplines. You have tons of open resources in the Internet. Just to name a few, visit http://www.securitysift.com/ to learn the basics of exploiting. There you will also find hundreds of valuable pieces of advice related to OSCP.

    Do not underestimate the power of the Information Gathering Phase. You will need it to find exploits that maybe do not work “as is”. However, with the knowledge acquired during the course, you will know how to modify them to make them work. I mean, you have to learn how to keep on hacking when Metasploit is not able to do the job automatically.

    Enjoy the path until you get certified. Learn how to automate everything with Python and Bash scripting. It will save you time later on.

    Warning: once you domain the OSCP disciplines, you will want more, much more…

    Best regards,

    #73832

    manishpathak
    Participant

    A good place to find (easy) vulnerable machines is:

    https://www.vulnhub.com/

    You can download them for free and build your own pentest lab. This is a good place to start before taking the OSCP course.

    #111078

    mancusomjm
    Participant

    @ycisec From 1 – 10 How useful was taking the eLearnSecurity Penetration Testing Professional course?

    #111081

    ycisec
    Participant

    If you don’t have any prior pen testing experience, I would put it around a 6-8 depending on how you like to learn, what you already know, what skills you already have, etc.

    I found it helpful because it walked me through the process and gave me some ideas how to approach things, especially around the report.

    If you’re already a pen tester, you likely won’t get much out of it from that perspective.

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel