0x2 Course Review: Penetration Testing with Kali... http://www.primalsecurity.net/0x2-course-review-...

0x2 Course Review:

Penetration Testing with Kali
Linux (OSCP)

0x2 Course Review: Penetration Testing with Kali Linux

(OSCP)

This course review will be discussing my experiences with the Penetration Testing with

Kali Linux (PWK) course, as well as the Oensive Security Certied Professional (OSCP)

exam and certication. This course has been designed by the Oensive Security team,

and is instructed by Mati Aharoni (Muts).

The overarching view of this course is to introduce students to the oensive side of

information security, specically geared toward penetration testing. Please see the

course syllabus for an overview of the topics covered Link.

1 of 9 09/16/2017 06:33 AM
0x2 Course Review: Penetration Testing with Kali... http://www.primalsecurity.net/0x2-course-review-...

Am I ready for OSCP?

Home Blog Talks Tutorials Podcast

Reviews About Us

This course is Oensive Securitys introductory penetration testing course, so little

prerequisite knowledge is necessarily required. Having said that, I would strongly

suggest completing the free course Metasploit Unleashed.

If you would like further experience with Oensive Securitys testing/teaching style, you

2 of 9 09/16/2017 06:33 AM
0x2 Course Review: Penetration Testing with Kali... http://www.primalsecurity.net/0x2-course-review-...

might nd it helpful to rst look into OSWP. This is a much smaller time investment,
Home Blog Talks Tutorials Podcast
and is arguably signicantly easier than OSCP.

Anyone
R ewilling
v i e w s to put in
A bthe U s to Try Harder is capable of being successful in
o u ttime
PWK/OSCP, you must be prepared to jump into the course and start learning. If you are

just getting started, you will likely need to supplement the course materials with

signicant additional research. At the end of the day, problem solving and the ability to

learn new concepts on the y is one of the most important skills to have as a

penetration tester, and this is an excellent opputunity to develop these skils. With that

said, Oensive Security is known for pushing their students and refusing to hold your

hand, so if your self motivation and self study skills are lacking, you are unlikely to be

successful.

Course Format:

This course is structured as a full network penetration test in a virtual environment. The

student is provided with a full written pdf copy of all topics covered, as well as

numerous hands on videos further detailing the course modules.

The student is provided VPN access to the network, as well as a virtual machine for

testing/research purposed during the allotted lab time.

Course Experience:

The OSCP labs have a large number of systems, ranging from very easy to mind

bendingly dicult. If youre a beginner going into the labs, you will start to see a few

early wins, but will quickly nd yourself scratching your head. Based on my experience,

I recommend adding the additional challenge of not leveraging any pre-packaged

exploits in Metasploit, with the goal of not relying on automated tools. I began to

develop my own scripts for many tasks, which led to me developing an extremely

valuable skillset with Python that I now leverage heavily day to day.

3 of 9 09/16/2017 06:33 AM
0x2 Course Review: Penetration Testing with Kali... http://www.primalsecurity.net/0x2-course-review-...

While youre allowed to use almost any tool currently available during the lab, I
Home Blog Talks Tutorials Podcast
signicantly leveraged the following tools most frequently:

1) Nmap
R e vwith
i e w various
s NSE
A scripts
bou t Us

2) Netcat, Netcat, and more Netcat

3) Python and Bash scripting

4) Metasploit (MSF Database, msfpayload for Shellcode/Meterpreter binaries)

5) Burp Suite for manual testing

6) Google/Exploit-db for vulnerability and exploit research.

Another recommendation is leveraging Metasploits database to keep track of lab

targets. This proved very useful as you could use simple commands within msfconsole

(hosts, vulns, services, creds, etc.) to list information gathered from Nmap or Metasploit

auxiliary modules, and potentially assisting with the development of your lab report.

1 List Hosts:
2 msf > hosts
3
4 List any credentials gathered through meterpreter:
5 msf > creds
6
7 List successful exploits launched via msfconsole:
8 msf > vulns
9
10 Import Nmap scan data:
11 msf > db_import [nmap_scan].xml

I found that taking screen shots and verbose notes while tackling systems, rather than

after completion of the labs, will benet greatly you in the long run. After completing

full exploitation of a box, I was able to walk back through each step I took to get

SYSTEM/root taking screen shots and notes within KeepNote. I found it solidied my

understanding of the material, and made it much easier to compile my report towards

4 of 9 09/16/2017 06:33 AM
0x2 Course Review: Penetration Testing with Kali... http://www.primalsecurity.net/0x2-course-review-...

the end of my lab time. Lastly, I learned to always remember that getting your shell
Home Blog Talks Tutorials Podcast
does not mean you are nished with a target, because you might nd something very

useful to leverage and further compromise the network or system.

Reviews About Us
Okay, so I tried everything I can think of.Now what?:

It is very likely during the course of the labs you nd yourself stuck on a particular box

and not know what to do next. I often asked myself the following question when stuck

on a box:

What do I currently know about the target, how can I learn more, and what can I do

with this information?

It may seem like an overly simplistic approach, but after you have exhasted every

option you can think of for multiple days at a time, circling back to the basics can be

very helpful. I learned to take every piece of new information I acquired as a win

rather than focusing solely on a shell as a win, as this started to wear on my

condence once the low hanging fruit in the lab was completed.

Exam Experience:

The exam is formatted as a 24-hour active pentest against a small simulated network

challenging the skills you developed during the course of your PWK lab time. The

complexity of the targets in the test range from easy to exploit to extremely dicult

and points are awarded accordingly. Upon completion of the exam, you will have an

additional 24 hours to submit your documentation (from the exam and lab) for grading.

Recommendations:

First and foremost, if youre considering this course, ensure you have the time to

dedicate to it. You will need to spend several hours and multiple days per week in the

labs, developing new skills, researching, etc. The number one thing I learned from this

course is how easily you can put learning o for a few days, only to realize youre

5 of 9 09/16/2017 06:33 AM
0x2 Course Review: Penetration Testing with Kali... http://www.primalsecurity.net/0x2-course-review-...

quickly behind the progress curve required for the examination. If you do not have the
Home Blog Talks Tutorials Podcast
time to dedicate to this journey, do not try to convince yourself you will be successful.

Be comfortable
R e v i e w s divingAdeep
b o u tinto
U s unfamiliar waters. Unless youre (very) experienced in
the oensive security realm, there will likely be topics covered or skills required that are

foreign to you, and youre going to have to learn things that will seem overwhelming at

rst glance.

Throughout this course you will be required to think like a pentester: How can

someone misuse this?, How can I benet from this information?, Am I overthinking

this?, etc.

No matter how much you want to jump into getting that shell, do not neglect the

information gathering process as it is usually the missing link to successful exploitation

99.99% of the time. Endlessly throwing exploits at a system will usually not benet you

and will usually result in nothing new learned and wasted time.

You Will Need to Try Harder:

My experience with the Try Harder methodology paid o after working on a particular

box for several days. I had tried every technique and obscure skill I knew, and nothing

6 of 9 09/16/2017 06:33 AM
0x2 Course Review: Penetration Testing with Kali... http://www.primalsecurity.net/0x2-course-review-...

was working. I was so xated on guring out the solution, I began to lose sleep. After
Home Blog Talks Tutorials Podcast
several days, I was hacking away with The Hobbit playing in the background.. Just as

Thorin Oakenshield faces down the Azog the Deler and the song The beginning of the
R eThorin
v i e w s starts A
end for tobplay,
out U s shell spawns. The experience was amazing; as all my
my

hard work nally paid o and the epic music played in the background. These are the

types of experiences I had during OSCP labs, ones earned through the mindset of Try

Harder.

Conclusion:

I have had extensive experience with industry certications, and I can say without a

doubt that Oensive Security trainings and certications are in a league of their own.

The training they provide develops real technical skills, forcing you to leverage what you

learned to solve complex problems, rather than the traditional multiple choice question

format. I think that more organizations should follow the Oensive Security style of

hands-on labs and testing, and move away from a multiple choice exams during the

certication process.

Make no mistake, you will leave OSCP a changed person, you will think and look at

problems dierently. You will nd that the persistence that was burned into you

through the course has made you someone who will forever Try Harder. This mindset

will carry over into other areas of your life and career other than just hacking, making

you more willing to walk into unknown scenarios with complete condence, knowing

that with enough persistence, anything is possible.

Additional Resources:

http://www.fuzzysecurity.com/tutorials.html Exploit tutorials

https://www.corelan.be/index.php/articles/ Exploit tutorials

7 of 9 09/16/2017 06:33 AM
0x2 Course Review: Penetration Testing with Kali... http://www.primalsecurity.net/0x2-course-review-...

http://www.securitytube.net/ Training videos

Home Blog Talks Tutorials Podcast
http://www.oensive-security.com/blog/ Oensive Security blog

http://blog.g0tmi1k.com/ Security blog

Reviews About Us
Share this:

64

Related

0x5 Course Review: 0x0 Course Review: WiFu - 0x1 Course Review: SEC660
Cracking The Perimeter OSWP and Finding Evil - Advanced Penetration
(OSCE) GCFA Testing, Exploit Writing, and
December 22, 2014 December 14, 2013 Ethical Hacking (GXPN)
In "blog" In "blog" August 18, 2014
In "blog"

Share This Story, Choose Your
Platform!

Related Posts

8 of 9 09/16/2017 06:33 AM
0x2 Course Review: Penetration Testing with Kali... http://www.primalsecurity.net/0x2-course-review-...

Home Blog Talks Tutorials Podcast

Reviews About Us

Copyright 2012-2016 Primal Security|All Rights

Reserved|Powered by Coee

9 of 9 09/16/2017 06:33 AM