Background
Penetration testing has always been a topic of interest for me. Dating back to my teenage years, wanting to “hack a system” was something I always wanted to do. I tried to tinker with a few things here and there over the years, but I was usually too intimidated to do anything. My interest in cybersecurity grew in college, but my program focused more on the business aspects of cyber and not the technical.
During my junior year of college, I decided to pursue my dream of penetration testing. I didn’t have much to go from, so I decided it was best to sign up for collegiate cyber competitions such as the National Cyber League. This was my first real encounter with anything “hacking”-related. The competition features a host of challenges, such as password cracking, dissecting pcaps, web app and cryptography challenges. My participation cemented my dream of wanting to learn everything cyber, which is why I decided to participate in CCDC. Perhaps I can talk about this in another post, but for now, let’s move on.
Between college and April 2017, I didn’t do much to pursue my dream of penetration testing. I can make all the excuses in the world, but I simply dropped the ball. It wasn’t until I joined my current employer that I saw other penetration testers pwn organization’s, that I decided to pursue my OSCP. Besides my experience with collegiate cyber competitions, I didn’t have any other experience. It’s safe to say I was pretty nervous walking in with almost zero experience.
The PWK Course
Before starting, I read several blogs of folks saying how difficult the course and exam were, but found the entire experience rewarding once completed. I was nervous, but ready for the challenge. If you aren’t aware, the OSCP can be earned by completing the Penetration Testing with Kali Linux online course by Offensive Security, which features a series of videos and labs designed to test your knowledge of penetration testing. Depending on the package you purchase, you are sent the videos and have either 15, 30, 60, or 90 days of lab time to hack as many machines in the lab as possible. I decided to go for it and submitted my purchase.
May 27, 2017 was the official start of my PWK/OSCP journey. As soon as I received my email from OffSec, I decided to jump right in. I think I spent around 8 hours the first night alone watching videos and feeling completely lost in the labs. A good friend of mine was already in the labs and was gracious enough to help guide me in the right direction to not waste my time. He recommended I review the entire video series first, then jump into the labs.
I took his advice and for the first couple weeks focused on nothing but the videos and lab exercises. Some of the lab exercises consist of open source intelligence, buffer overflows, web app exploitation, and much more. A full description of the course can be found on the OffSec’s PWK course page. I documented some of this, which would later come back to haunt me because I should have done a much better job of documenting notes.
About three weeks in, I popped my first box, bob. Thinking back, I was fairly nervous running basic nmap scans, because I thought I was going to break something! Luckily, I got over that quickly when I reminded myself this was a private course with VPN access into a protected network. Bob took me over a week to figure out, but when I did, I knew I was hooked. The next box I popped was Alice, which took me just as long. Over the course of 90 days I spent many hours in the lab, averaging 4 hours Monday through Thursday and 8+ hours during the weekend. As my lab time was approaching an end, I had around 20 boxes rooted, but I didn’t feel ready to challenge the exam, so I decided to extend my lab time by another 90 days.
It was over the next 90 days that I really built my confidence. I remember a couple weeks of multiple boxes getting popped over the course of a few days. At this point, I was ready to challenge the exam. My first exam attempt was scheduled for October 19, 2017, five months after I started.