**Update (11/4/2016) – added a few bits back in from this post
A few weeks ago, I “tried harder” and was awarded the Offensive Security Certified Professional (OSCP) certification.
— Dan Helton (@ch1kpee) September 19, 2016
As many people before me have done, I decided I’d post a little writeup of my experience with the Pentesting With Kali (PWK) online training and taking the OSCP exam (twice).
As you probably know by now, the OSCP is Offensive Security’s certification for penetration testing using the Linux distribution they maintain, Kali Linux. The accompanying course, Pentesting With Kali (PWK), gets you a PDF lab guide and a series of instruction videos covering the different topics of the guide, from basic network enumeration to writing buffer overflow exploits. You’re also purchasing VPN access to their hands-on lab environment of dozens of different vulnerable hosts for you to probe and exploit. To attain the OSCP certification, you take a hands-on exam in which you’re given VPN access to a special exam network and are alotted 24 hours to compromise as many systems as possible, plus an additional 24 hours to write up and submit your exam penetration test report.
I signed up for the 90-day course, bought a one-month extension after I ran out of time (mostly for going back over machines to write the huge lab report…more on that later), I bombed my first attempt at the exam, purchased a two-week extension in order to bone up on some stuff and get a retest attempt, then passed it on my second try.
The Cost, Signing Up, and Getting your Employer to Pay For It
I’ve wanted to take OffSec’s training for a long time and I should’ve just sucked it up, ponied up the money, and took it years ago. I fought for over a year at my previous employer to get them to finance it. I was ready to give up arguing with them and buy it myself before I landed in my current job. Thankfully, where I work now has a healthy training budget for its pentesters and all I had to do was put it on the corporate card. Continue reading