So a few months back I decided to invest in a penetration testing certification. Of all certs available Offensive-Security’s OSCP seemed the safest bet in terms of acquiring knowledge but right now seems to lack market recognition. People are still asking for EC-Council’s Certified Ethical Hacker in most job postings regarding security.

Comparing the two side by side there’s no question which one will prepare you better for what the future might hold, and I for one predict a shift in the near future regarding the OSCP’s market credibility. Another serious player in the security cert’s game is SANS, I wandered away from any SANS certification on the basis of cost alone. Wile it would be fantastic to have a GPEN from SANS I just can’t justify the investment right now.

So I went with OSCP.

The course consists in written documentation and videos, both are of very acceptable quality and I personally think that CBTnuggets could take a few pointers from Offensive Security when it comes to keeping your viewers engaged. There is also access to a VPN connection where you’ll have access to a decent number of servers (several platforms and flavors) and a XP workstation that will be used not only to explore commercial vulnerability assessment tools (namely Core Impact) but also to develop win32 exploits.

The course leverages on backtrack for all of it’s exercises, I personally used backtrack 3 for all the exercises and most of the exam, but I met a lot of people who did all of it with backtrack 4 beta running on a VM. During the exam I actually switched from the physical computer with BT3 to a VM under Fusion with BT4 a few times, taking advantage of the updated tools and some new tools not included in BT3.

Everything is very well planned out, skipping chapters is not a bright idea. It starts slow with something as simple as configuring your nic in backtrack and ends talking about rootkits and XSS attacks, after a journey of buffer overflows, ssh tunneling and SQL injections.

I would advise anyone taking up this cert to brush up on his/her python skills. even though their site states that it’s not required, it sure helps if you intend to finish the course within the 30 or 60 day time frame. I would say that you don’t need that much programming skills to pass this course, but you do need to understand what is happening when you look at source code (perl, c, python, ruby…) rudimental knowledge of programming principles is certainly a huge help.

So you spend a few weeks doing all these exercises and then comes the exam. The exam is a 24 hour long multiple challenge, you are connected to another network via VPN where you have a certain number of servers and workstations, you’ll receive documentation as to what the objectives are. Be prepared for a long night, frustration and despair. The challenges vary from what I gathered (as the machines in the network) so there’s no saying what you’ll encounter, but from my experience I can say the exam is not a walk in the park by any means. you don’t need to necessarily get every machine in the exam, there are points associated with each challenge and just need to sum up to a passing score.

I think it’s important to mention that you should consider this course as self-study. I came across a people who assumed that because there is a forum and an IRC channel that there is some sort of guarantee of support if you cant figure something out. Reality is: no. You can stop by the IRC channel and ask for help, you might get it or not. Same with the forums. I myself had some question that went unanswered, some exercises I didn’t finish as the documentation said I should. At the end of the day it’s about “whatever works”.

So is it worth doing? yes. no question about it. it’s a fraction of the price of most courses out there and the sheer amount of information contained in the course material is staggering. the exercises make sure you know what you are doing. the exploit development makes sure you don’t come out of this course depending on precompiled exploits and easy hacks. A fantastic investment even if having this cert does not give me any advantage in the job market when it comes to getting an interview.

Someone in the IRC channel said that “CEH might get you the job, but OSCP will certify that you keep your job”. I tend to agree.