This will be the beginning of a series of posts (hopefully) detailing Phil's journey through the new 2020 OSCP (Offensive Security Certified Professional) course from Offensive Security. Good or Bad, you'll be able to find out what it's like from an inside perspective. Don't worry - no spoilers!
To OSCP Or Not To OSCP?
That is the Question…
So the background is this:
I’ve been getting into Ethical Hacking for around 18 months now, and I’m getting to a point where I am running out of excuses to put off OSCP any further. The main excuses I’ve been running with for the last 6 months or so revolved around the day job (Electrical Maintenance Engineering) and the fact that I have been progressing down the CREST route since last summer (incidentally when I first met Matt!)
However, I’m now at a point where my go-to excuses might be disappearing - or at least fading into the summer/autumn thanks to the dreaded COVID19!
So rather than shift my excuse to COVID19, do I take a leap of faith and dive into PWK and OSCP?
Editor's Note: Hell yes you do!
To explain a little further: I took a 3-week course with Crucial Academy in Brighton in May/June last year, where I was introduced to a realistic path to CHECK Team Member status (government standard penetration tester, for the uninitiated) by sitting the CREST CPSA (Practitioner Security Analyst) and CRT (CREST Registered Penetration Tester). Little did I know at that time how intense those 3 weeks would be!
The course was fantastic, the instructor Joe (now an ex-bootneck) had an incredible depth of knowledge and drive to support the learning of the dozen ex (and still serving) members of the British military who were sat wide-eyed in front of him.
Alas, his efforts came to naught as far as my attempts at the certifications were concerned, as I failed to pass either the multi-choice CPSA or the practical element of the CRT.
It did however, show me where the substantial gaps were in my knowledge and I set about filling in these gaps and retaking the CPSA. To my delight, I passed the CPSA last December and was set to retake the CRT practical element at the end of April. That was until a little-known bug known as corona-virus (aka COVID19) scuppered the booking along with so many other aspects of life and society. As I write this, my 11-year-old son is taking a break from his homeschooling and blabbering some crap about the cost of enchanted iron ore while waving a blocky sword at an equally blocky pack of wolves.
Editor's Note: Not like us techies to pour larger amounts of time into something with no visible benefit from the outside, eh? ;)
I digress…
So here I am, armed with a fairly fresh pass at CPSA but with no prospect of taking the CRT.
Admittedly, the country continuing to delve deeper into lock-down measures is a solid excuse for that one! Also, expecting to be told any day that my work will be closing which means, as a self-employed engineer means my income could be severely limited. And in any case, I probably shouldn’t be leaving the house. That’s the story of how I got to this dilemma.
Do I wait it out, hoping for some communication from CREST telling me when I might be able to re-book my CRT?
(Ed: For those unfamiliar, CREST CPSA and CRT together allow you to gain CHECK Team Member status when coupled with a UK Security Clearance. With these three, there are very few companies in the country that won't snap you up quickly)
Or do I dive in and purchase 30, 60 or 90 days lab access to PWK, gambling that the lock-down will include me - presenting me the gift of enough time to learn what is required to pass OSCP before the country starts to wake from its slumber?
Answers on a postcard, lads and ladies!
If anyone has any questions - ask away