First of all, thank you for the kind reception I received on my first blog post about the CompTIA Security+. Although I am satisfied with what I gained from that certification, I have decided to push forward and take on a new challenge to continue my learning.
This post can be considered a ‘pilot’ to the upcoming blog series covering my study towards the Offensive Security Certified Professional (OSCP) certification. In a sense, this is a Zero to Hero series as I am starting from absolutely no prior penetration testing experience and working towards one of the hardest certifications in the InfoSec industry. I expect this to be a series that will span multiple months, but I will strive to update weekly with what I learned, what I found difficult and where I am heading next.
For those who weren’t aware, before sitting the OSCP exam candidates must have first completed the Penetration Testing with Kali Linux training course. The training course is entirely self paced and comes in 30, 60 or 90 day variants. Upon completing the training course, candidates then have a 30 day period to schedule and sit the 24 hour long OSCP exam. Passing this grueling exam is the last step in becoming officially OSCP qualified!
But before all that, I am going to be taking some time to learn the fundamentals of penetration testing on my own so that I can begin the training course fully prepared and capable. Given my lack of experience, I do not believe it would be wise to jump straight into the training course without having first built up some knowledge beforehand.
Having researched the best way to accomplish this, I quickly realized just how extensive the OSCP curriculum is, and how little I know about penetration testing. Feeling slightly overwhelmed, I decided to reduce the workload I was planning to give myself by taking a small, yet significant, first step.
To do this, I will be using the following two resources:
1. Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman.
This book has been widely recommended by the InfoSec community as a good starting point for beginners. The book offers a practical approach alongside theoretical concepts to introduce a beginner to penetration testing and provide a solid introduction to move forward. Many people have praised this book as being invaluable when they were beginners, and I hope it will serve me similarly well
However, it has been noted that this book can be a little difficult to follow along to, and has become slightly outdated. There are reports that some environments in the book are no longer supported, so some of the practical exercises are no longer available. Nevertheless, I still expect it to be a worthwhile starting point.
2. Advanced Penetration Testing by Georgia Weidman.
This brings me to my second resource. Georgia has also created a free Crybary course containing video modules that can be used as a supplement to the content contained in her book. These modules are broken down into many smaller videos averaging around 10 minutes long each, making them easily digestible. Using both text and video resources alongside practical exercises should result in a solid foundation that I can take into the official OSCP training course.
Keeping consistent with my study for the CompTIA Security+, I will be dedicating 10 – 15 hours per week as I balance other aspects of my life. My initial estimate is to have both this book and the corresponding Crybary course completed within a month. Once these are completed, I will reassess my position to decide if further study is required (and what areas I may need to touch on). Otherwise I will be ready to dive into the OSCP course and start working my way toward becoming a qualified penetration tester!
Stay tuned for next week as I go through setting up my first virtual lab, and begin experimenting with Kali Linux.
All the best,