Update: Passed my OSCP exam in mid December. Check out my little writeups.
Honestly, where to start? How to start so I won’t waste my effort or doing things in wrong order. I would like to have a general idea on how I may progress into gaining more knowledge & hands-on experience gradually.
I have no idea where to start at this point. So my very first step: Information gathering
Reddit is your friend
Reddit OSCP subgroup. Great place to start. Reddit has been the place I go to in regards to questions and resources about certifications like CEH & CCNA I earned. Looking through many posts and you will start to find many great resources, information, links and blogs. Following those links and blogs would lead you to all the wonders about penetration testing.
After going through many posts, websites & blogs, I got a pretty good picture on how I may progress.
- A Homelab
- Kali linux
- Book: A hands-on introduction to Hacking
- War games and WebGoat
- vulnhub.com
- Hack the Box
- So when to sign up for OSCP?
- Other resources
A Homelab
You need a homelab. A homelab is a setup/environment where you can conduct your network/security experiment safely. It doesn’t have to be fancy. It can be a simple as a single computer. However, it’s important to setup your homelab in a separate vlan/subnetwork or an isolated network. It should be separated from your home network so that if anything bad happens, your home network is not affected. Check out Protect home network using subnets with pfSense if you only have a single network.
Minimally, you need a single computer with multi-core CPU that supports virtual machines. You need to be able to run VMware. 8GB+ RAM and 120GB+ HDD/SSD are recommended. The CPU doesn’t need to be top of the edge. A typical Intel i3/i5/i7 would be enough.
VMware Workstation Player is free for personal use. One drawback is that you can’t make snapshot like VMware Workstation Pro. You will run some virtual machines (VMs) where you can download from the Internet. Some of these VMs are vulnerable in nature and should not be trusted. Therefore, these VMs should have no Internet access by default.
Kali Linux
Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Test and Security Auditing. It is the platform you will use for your OSCP exam. Offensive Security has a custom version Kali Linux Virtual Machine tailored for the labs & exams. They highly recommend that for the most streamlined experience.
Offensive Security also offered a free course called Kali Linux Revealed if Kali is new to you.
Book: A hands-on introduction to Hacking
This is a great book by Georgia Weidman. It’s kind of dated so some of the software used are no longer available and it would be difficult to mimic the exact same settings described in the book. A new edition is in the making as of this writing. Unfortunately, I couldn’t wait for the new edition and have to go with the first edition. It’s still a great book to get the concept and some hands on.
Georgia Weidman also has a free video course Advanced Penetration Testing offered at Cybrary
Wargames and WebGoat
This is where I started getting some hands on.
Wargame is a cyber-security challenge in which you must exploit a vulnerability in a system to gain access, or defend to prevent access. There are plenty of wargames. The following are quite good:
OverTheWire: Bandit: This wargame helps you understand how to play wargames and focuses on linux commands.
OverTheWire:Natas: Natas teaches the basics of server side web-security.
Exploit-Exercises: Nebula (v5): Focus on linux local privilege escalation. While some of them I believe are outside the scope of OSCP, I still thing it’s worth while to go through it. This one is a VM you need to download and run locally. exploit-exercises.com website is not in operation anymore. Instead, check out https://exploit.education/nebula for Nebula’s different level information.
WebGoat: a deliberately insecure web application maintained by OWASP to teach web application security lessons. A great application but requires some setup before you can start working on it.
All in all, these are some great exercises to warm up. If you really have difficulty and get stuck on a particular level after great efforts, I would google the writeup, Study the writeup or try to get some hints from the writeup, learn it, practice it and move on.
vulnhub.com
After some warm up from wargames, this is where you can start gaining experience by gaining access to boxes.
vulnhub.com is a great website that hosts a vast amount of vulnerable VMs waiting for your challenge. They also pair with writeups/walkthrough where you can read through how other people gained access to the systems. However, starting at this point, I strongly suggest you don’t read any writeups/walkthrough until you gained root access yourself.
I started out the easy ones, only use some essential tools (e.g. nmap, zap/burp, searchsploit) and avoid using some automated tools like metasploit, sqlmap, nessus (some of them are not allowed in OSCP exam anyway). This forces myself to do most things manually. It’s for sure going to take more time but I also think the time is well spent to pick up skills better at early stage. Once I completed a box, I will read and learn from others’ walkthrough to see how others break through the system, what tools were they using and any other attack vectors I missed.
Once I completed enough boxes (maybe 10+ boxes), I would start incorporate more tools I learned and picked up from others’ walkthrough.
Checkout CTF Difficulty Cheatsheet, it classified about 200 VMs based on their difficulty (Easy, Medium, Difficult)
Also checkout abatchy’s blog where he listed some OSCP-like Vulnhub VMs.
Hack The Box
Hack the Box is a pen-testing labs where you connect through VPN to their network to access their vulnerable machines. They have active machines (no writeups allowed) and retired machines (have writeups) where you can try to hack and gain access to. Retired machines are great resources where you can get your hands on and many youtube and walkthrough you can learn from.
Catch: free membership can only access active machines (and maybe couple retired machines as far as I know). You need a paid subscription ( £10/mo which is fair price) to access retired machines.
Challenge: You won’t be able to simply register and become a member. You need to hack your way in.
I already hacked my way in and got the free membership. Once I get enough experience from vulnhub, I will start my paid subscription here to earn my experience to the next level
So when to sign up for OSCP?
Remember that when you sign up for OSCP, it’s not immediate. It depends on availability. It would be a couple to a few weeks away before the course starts. When the course starts, that’s when you receive the course pdf, videos and access to the lab. So you would have at least a couple weeks to setup and gain some experience first.
If you think what I do is useful, you can follow the steps and start getting the experience. As you progress and fill confident that you are ready, sign up for OSCP!
Other resources:
Do you have other great resources to share? Please comment and let me know!
