Offensive Security Certified Professional (OSCP) review



What is OSCP?

Offensive Security Certified Professional (OSCP) is the certification you can obtain by doing a practical exam after completing Penetration testing with Kali Linux (PWK). It is the worlds first completely hands on penetration testing certification. This means that it does not matter how much you know in theory about IT security, it’s what you can do practical that really matters. The course will throw many devious challenges in your way and while they might seem hard or on the border to impossible at first do remember that there is always a way.

While ordering the course you get to decide a date that you start, this is also the same date when you’ll get all the material.



  • Instructional PDF
  • Instructional videos
  • Kali Linux VM
  • a massive lab

The PDF and the videos compliment each other. While I do think the videos were easier to learn from (in general); the PDF gave a better understanding of the topic due to the possibility to be more technical. A complete syllabus of the PDF can be found here.

I recommend first watching the videos for a chapter and then read the same chapter in the PDF. When watching or reading make sure to write down notes with pen and paper. This will both help you remember what you learn as well as having good notes that you can refer to later on. Another good tip is to leave space on each subject so you can fill in new bits of knowledge you come across later on in the lab (and believe me you will).

As a student you also get the option to download a customized Kali VM. It is not very different from the regular Kali VM but it is customized for the PWK course. I do recommend using it since it does make the experience smoother. After getting the VM up and running you should perform a backup and then update Metasploit.

After finishing the study material you get to connect to the Offsec lab through a VPN tunnel. I’m not going to write a lot about it but there are some things I’d like to point out. First of all it is a massive lab and in my opinion this is what you pay for. There are a lot of different operating systems as well as various versions of the different operating systems. When placing your order you get the option to buy either 30/60/90 days. I went with 90 due to the fact that I’m very new with practical it-security (more about this later), however I could probably have done it on 60 days if I had stressed a bit more. I managed to gain root/system access on every of the machines but it sure was a wild and sometimes painful ride.

I’ve heard others saying that the material is a bit lacking due to it not covering everything in depth. While this is partly true, I’d like to point out that the material covers the basics of how the attacks work and it is up to the student him/herself to gain deeper knowledge. This is something that you will notice in the lab. For example: changing exploits, combining attacks or going from a basic version of an attack to a more advanced.


My previous experience and who should do it

I’ve long been interested in the security field and had a lot of theoretical knowledge prior to buying the course, something that helped me a lot. I rarely had to research theory behind attacks so I could instead focus on learning how to execute and tweak attacks. Another thing that helped me were programming knowledge in cpp, python and some assembly. While nothing of this is required per say it does help you a lot, especially programming.

Decent networking knowledge and good knowledge about Linux and Windows is also something the student should have as a very minimum. You can of course study up on this during the course but doing it prior to the course will give you the opportunity to use that to study relevant material instead.

This is also my very first security exam and I decided to pick it since I heard its the best if you want to learn how to actually perform these attacks instead of which multiple choice question is the correct one. I bet there are things that you can learn from the more theoretical certification but at this moment it did not interest me.


I had a terrible examination day personally. It started with the neighbor keeping me awake for way too long and me barely getting 5 hours sleep. When the time came to start the examination the e-mail with the information did not arrive but the helpful admins on the Offsec IRC informed me that I was 1 hour early, go me. In the end I made it through with eating painkillers and downing Red Bulls and Mountain Dews all day.

The exam itself though was great! While being doable in a 24 hour period it still was as challenging as I had heard. I roughly used 15 hours out of the 24 hours and then ended up writing the report in roughly 3 hours the day after. A couple days later I got an e-mail that declared that I passed the examination and that I have received my OSCP certification. Happy days!


I cannot stress how much I’ve learned from this course. This might be because I’ve tried to use as little Metasploit as possible and instead done everything I could manually. Enumeration, hunting vulnerabilities and compiling exploits. It felt more reasonable to go with this approach to gain a deeper understanding on how stuff really were executed and finally exploited. While Metasploit makes life easier and various vulnerability scanners save a lot of time when doing penetration tests they are both equally useless when they do not work or report false postives and/or true negatives. If you can’t sort through that information you will not be very successful in the field.

Depending on how much you’ve studied the material owning the “low hanging fruit” will not be very hard. However, when they are owned and forgotten things will start to become a lot harder. In fact, sometimes it will feel like someone hit you on the toe with a sledgehammer. This is when you got to remember that pain is only the weakness leaving the body and you need to try again and this time, try harder.

Overall this is a very good course that will (probably) teach you a lot! However it does take a lot of time for new individuals to the security field (like me) to get through the material and all the machines in the lab. Roughly I spent 3 weeks reading through the material and doing all the exercises and then 2 months to get root all the lab machines.



Last I want to leave you with a few good links to help you on your way through the Offsec network.

g0tm1lk basic linux privilege escalation, in fact this blog is great in general

pentestmonkey, shells and other good stuff

vulnhub, boot2root linux vm’s to practice your skills. Prior and post examination.



Enumeration is key

Tags: , ,