Kirkian Computing

Tag: OSCP

  • My first 50 certifications

    I did my first (vocational) IT exam in 1999. This was after an annual appraisal from my (then) manager, who said “I’ve spoken to lots of people, and they’re all very impressed with your work. However, there’s no way for me to quantify your performance, so you don’t get a pay rise.” Based on that, I decided that it would be useful to have some objective evidence of my abilities from a neutral 3rd party, so I took the Visual Basic 5.0 exam and became a Microsoft Certified Professional.

    Fast forward to 2023: I’ve now passed 41 exams and earned 50 certifications. In all honesty, this process has been a bit haphazard; I’ve picked certifications based on what looked interesting at the time, or what related to a skill I’d been using at work, rather than having a clear roadmap of where I wanted my career to go. I’ve also sometimes leant towards the Pokémon approach of “gotta collect them all!” So, I think it’s time to look back and review which of these were worthwhile, and which I’d recommend to other people.

    NB I’m not including my university degrees in this list, because they’re academic rather than vocational. I’m also not including the European Computer Driving License (ECDL), because that’s aimed at end users rather than IT professionals.

    (more…)

  • OSCP

    In March 2023, I passed the OSCP exam, to become an OffSec Certified Professional. Combined with the CPSA, this also made me a CREST Registered Penetration Tester (CRT).

    The OSCP is sometimes described as an “entry level” pen testing certification, which can be a bit confusing. It’s certainly not aimed at beginners to IT! For context, I’ve passed 40 other IT exams on my first attempt; this is by far the hardest exam I’ve taken, and it took me 3 attempts to pass, after 6 months of full-time study.

    However, the OSCP is entry level for pen testing, in the sense that it’s a de facto standard. There are lots of job adverts which list the OSCP or CRT as requirements. I’ve previously done the PenTest+, OSWP, and eJPT: those are all easier exams (i.e. more accessible to beginners) but none of them helped me to get any job interviews.

    The OSCP is also entry level in the sense that there are more advanced certifications out there, e.g. the OSEP (OffSec Experienced Pentester). So, this certainly isn’t the end of my learning journey; it’s a new beginning.

    Before I dig into details, just a general note. There have been various changes over the past few years, e.g. the exam format changed in Jan 2022, and the syllabus changed in Mar 2023. So, if you’re looking at blog posts, Reddit threads, YouTube videos, etc. then keep an eye on when they were published; the information might have been true at the time, but no longer relevant. (That also applies to this post.)

    Also, at the risk of stating the obvious, I’m not going to share anything that would breach the non-disclosure agreement. In particular, I’m not going to reveal any details about my exam machines, so please don’t ask!

    (more…)

  • OSCP: Try Harder

    I recently passed the OSCP exam, on my third attempt. OffSec’s slogan used to be Try Harder, and I’ve been thinking about what that means. (The slogan has recently been replaced by a 5-step learning approach: trial, failure, adaptation, growth, and triumph.)

    I’m quite active on the OffSec Discord server, and I’ve spent a lot of time helping other people out with exercises. That’s partly because I like to be kind, partly to “pay it forward” (after other people have helped me), and partly to reinforce my own learning. There’s a phrase I heard a while back: you don’t truly understand something until you can explain it to someone else.

    However, I do sometimes despair at the lack of initiative I see from other people. There’s a hint bot on the server, and pinned messages in each channel, and you can search for previous messages about a particular topic. Even after all that, the same questions come up over and over again. I blocked one person after they outright refused to do a search: they said that they’d get the answer more quickly by asking the question, i.e. they wanted other people to do the work for them. That’s an example of someone who certainly could try harder.

    I think the slogan is most relevant when it comes to a “black box” machine, e.g. one of the PEN-200 lab VMs. That’s where you’re simply given an IP address, and you have to figure everything else out for yourself. How long should you bash your head against the wall before you look for hints/walkthroughs?

    (more…)

  • OSCP: Windows Buffer Overflows

    I’m currently preparing for the OSCP exam. As part of that, I’ve spent a lot of time on OffSec’s Discord server, where I’ve helped other students and been made a “Community Companion”. I noticed that a lot of people got stuck on a particular exercise (section 11.2.8, question 3) so I made a video walkthrough:

    NB OffSec have a blogging policy, which says:
    “We encourage you to blog about your overall experience, however we must request that you do not publish any scripts or solutions for systems within our labs.”
    In this case, my solution applies to a topic exercise rather than a lab VM. However, I emailed OffSec before I made the video, and they reviewed it before I made it public.