An introduction to the Offensive Security Certified Professional (OCSP) Certification

For a career in information technology (IT) that encompasses defensive and offensive roles, you might want to consider becoming an OSCP: Offensive Security Certified Professional. This is a well-recognized certification for information security professionals that touches on hacking techniques that are being used in pentests today. Those who choose to be OSCPs can demonstrate the practical knowledge of attack methods on systems and devices that is crucial to work in today’s security teams. They also show themselves to be well-versed in finding vulnerabilities due to software or hardware flaws or configuration mistakes. OSCPs can be the go-to individuals in infosec because they are problem-solvers and analytical thinkers.

Those that look forward to a career in ethical hacking and/or pentesting (a skill that is invaluable today) can look at the Offensive Security (OffSec) course curriculum and training approach for its certification program that are the most rigorous and therefore the most well-respected in the industry. This sector, as OffSec states, was born out of the belief that the only way to achieve sound defensive security is through an offensive approach — i.e., to proactively test security measures before a real intruder does. If this is your philosophy, then it’s time to know what it takes to become an OSCP who provides security solutions, network testing and more.

The OSCP certification: An overview

Putting theory into practice is where the OSCP really shines, and it is also what separates it from other certifications. The OSCP process provides professionals with penetration testing/ethical hacking skills and sound concepts of their application abilities. In order to become certified, the candidate must complete the Offensive Security’s Penetration Testing with Kali Linux (PwK) course and subsequently pass a hands-on exam. Successful OSCP test-takers will need a strong understanding of security principles and practice as they will be running exploits and recognizing common attack vectors in an online penetration testing lab that enables them to research a network, identify vulnerabilities and act as if they were really attacking their organization’s IT environment.

Exam takers will need to apply various tools for pentesting within the Kali Linux operating system and learn how to work with different kinds of exploits, all while documenting any vulnerabilities in the lab exercises. (This can help you earn an extra five points in the exam). It is essential for professionals to document all they can during the time being connected to a system that detect weakness and identify areas for improvement. In fact, test takers will be required to compose and submit a real-life pentest report of all the activities in the lab. This means that the candidate will not only have to prove technical abilities but also the professional communication and proper documentation skills that are a requirement for the majority of IT roles.

A great feature of this certification is that OSCP holders do not need to re-qualify. OffSec’s certifications do not expire and they do not need to be renewed. However, anyone who is found engaging in any unethical practices (such as cheating on the exam or divulging test material) will have their certification revoked and receive a lifetime ban from any future courses or offerings by Offensive Security.

Another interesting aspect of becoming an OSCP is that Offensive Security does not require its students to maintain their certification status by earning continuing education credits periodically or by paying an annual fee.

The OSCP exam

We’ve already seen how, to become certified, professionals must complete the Offensive Security’s Penetration Testing with Kali Linux (PwK) course and pass a 24-hour hands-on exam. The online course exposes IT security practitioners to the latest ethical hacking tools and techniques, while the OSCP exam consists of successfully hacking/penetrating various live machines located on different networks with various vulnerabilities.

The exam is designed to test one’s ability to think outside the box with the very mindset necessary to be good in this professional role. The OSCP certification challengers learn to put themselves in the shoes of an attacker by using the same tools and techniques that they will later apply to defending applications against real-world attacks.

The exam lasts 24 hours to prove that the candidate has the right degree of persistence and determination to be successful in this role. During that time, the professional is exposed to real world, hands-on penetration testing on an isolated VPN exam network with five victim hosts. This is to demonstrate their ability to successfully defend a system.

Once the tester has completed the exam, it is important he or she follows the submission guidelines. An email will inform them about the certification exam results (pass/fail) within five business days after submitting the documentation. However, no digital versions of the certificate are issued, as successful candidates will be mailed their credential proof.

Possession of a current certification can also be verified by emailing a request to orders@offensive-security.com, including the full name and OSID or student Certification ID.

Is the OSCP certification worth the effort?

The OSCP credential is becoming a respected and sought-after designation within the information security realm, thanks to its unique way of testing applicants that really targets their technical ability. Unlike many other related certifications, OSCP is truly 100 percent hands-on, so it is extremely valuable to employers looking for professionals who not only have a solid theory background but the practical skills necessary to identify weaknesses in their IT environment.

Who should earn the OSCP certification?

  • Defenders: Helps better understand how attackers work and think! Able to truly understand what threats and attack vectors you are defending against, plus detect exploitation attempts
  • Attackers: Helps better skills and methodology! It helps them understand the importance of executing organized attacks in a controlled and focused manner, while doing so to improve a workplace’s existing security posture by reducing the risk of a successful exploit

Any person in IT security that would like to step into the world of ethical hacking or advance as a penetration tester could benefit from the OSCP certification.

What is the best way to prepare for the OSCP exam?

Those preparing for the OSCP exam are required to attend the Offensive Security in-house training. The Penetration Testing with Kali Linux (PwK) course offered by Offensive Security is self-paced and online and costs $800. The course consists of PDFs and videos with attached lab time and one exam voucher. OffSec’s curriculum includes hands-on exercises to try out and practice sessions in a lab environment to learn various attack techniques safely and legally.

The course focuses on real-world applications employing modern techniques used by pentesters; the included lab environment is a critical component of an offensive, hands-on approach for the OSCP exam taker to be familiar with the Linux distro, common networking terminology, and basic Bash/Python scripting, which will help later when tackling the test to be certified. The PwK syllabus covers the following topics in detail:

  • Passive information gathering
  • Active information gathering
  • Vulnerability scanning
  • Buffer overflows
  • Win32 buffer overflow exploitation
  • Linux buffer overflow exploitation
  • Working with exploits
  • File transfers
  • Privilege escalation
  • Client-side attacks
  • Web application attacks
  • Password attacks
  • Port redirection and tunneling
  • The Metasploit framework
  • Bypassing antivirus software
  • Assembling the Pieces: Penetration Test Breakdown

Included in the PwK course:

  • 44 hands-on exercises in PDF
  • Four networks/five machines with a number of points ranging from 10 – 25 in the networks
  • 50 systems in the lab to practice your ethical hacking skills on. Note: “The operating systems on these hosts vary from Windows XP, Windows 2008 server and Windows 7 to different Linux/Unix based operating systems such as Debian, Ubuntu, CentOS, FreeBSD, Fedora and more,” as Hacking Tutorials mentions

Course + Lab + Certification Costs are as follows:

  • Penetration Testing with Kali + 30 days Lab access + Certification: $800.00
  • Penetration Testing with Kali + 60 days Lab access + Certification: $1,000.00
  • Penetration Testing with Kali + 90 days Lab access + Certification: $1,150.00

The exam is expected to be tough with many professionals having needed to take the exam multiple times. After all, the Offensive Security motto is “Try Harder.” Exam retakes cost US$60.

Pen-Testing Training

Conclusion

Pentesting is a growing field. If you’re looking for a proper certification, then you should seriously consider the OSCP credential. This credential is particularly geared towards evaluating skills in identifying and exploiting vulnerabilities and is relevant to jobs in many different industries and work environments.

The OSCP is particularly challenging; being a very hands-on certification, it requires real-world experience with scripting expertise and hacking training, familiarity with exploit methods and the ability to put knowledge into practice.

Becoming an OSCP will take much self-study and preparation for the exam. In addition to OffSec’s courseware, it is wise to consider additional learning from reputable training companies. Options like Infosec’s ethical hacking and pentesting courses and labs can augment the preparation of professionals and help nail the exam on first attempt.

 

Sources

  1. Offensive Security Certified Professional (OSCP) Overview, Offensive Security
  2. OSCP Certification Exam Guide, Offensive Security
  3. Offensive Security Testimonials and Reviews, Offensive Security
  4. What it means to be an OSCP, Offensive Security
  5. How to Prepare to Take the OSCP, AT&T Cybersecurity | Blade Soriano
  6. Review: Offensive Security Certified Professional (OSCP), Hacking Tutorials
  7. A Detailed Guide on OSCP Preparation – From Newbie to OSCP, Network Intelligence
  8. Salary for Certification: Offensive Security Certified Professional (OSCP), PayScale
  9. InfoSec Institute Guarantees IT Certification with InfoSec Flex Courses, Business Wire
  10. What is ethical hacking? How to get paid to break into computers, CSO