Tuesday, March 20, 2012

Short Story about Offsec Training: OSCP

After 30 Days, right after pwning my PAIN and SUFFERAENCE, and taking exam two week after that and last night i was sending the exam report, and this morning i obtained my OSCP Certification. Well, It was me who said that certification program useless, now im taking back a half of what i said, although i believe there still be many kind of certification that useless, but this kind of course that offsec had was different, they didn't teach about how to hack or become a hacker, but they made us hack to learn.

This is not the type of course for "spoon-fed" people type. You got your materials, you got your connections and the labs access, and go "hack as many as you can pwn", you got "try harder" as  your one and only manifesto and google as your beloved friends. In my 30 days of lab, i've pwned all machine in the student and IT network, some of machine in dev and admin network. It was huge networks, but yeah it was a lots of fun, i do really had Phun.

The exam was exactly 23 hours and 45 minute, that was the time you can use to pwned all machine that available as target in new network, and need to find some "flag file". After you've finish the exam time, you need to submit the report in another 24 hour, well, i tell you its a really tight schedule, and the bad thing for me, my report goes up in a really big size, and with our beloved country general type of home inet connection "slow upload stream speed", i failed many time in sending the report. 

So, if you had enough spare time, and hard to find a legal machine to pwn3d (when you off-the-job), you best try it; don't bother the certificate, it will come as prize if you really deserve it.

I know i can't share more about the course (especially the technical), but here are the non-technical tips that i believe also usefull:

1. Use 32 bit backtrack because all your target would be 32 bit, i use 64 backtrack and that do give a lot of trouble :D
2. Don't take exam time too close with the day you've finished your lab time.
3. When you pwned a machine, make sure you copy all the command and capture all of the screen.

Anyway, Goodluck!

image credit: offsec, found it on one server and look nice :D


  1. hi,

    1. vm will do fine in 32bit.
    2. it's standard, not too close yet not too far.
    3. if you already work in the field, than that is part of the SOP. :)

    congratz anyway, mate ;)

  2. hi too,
    the non-techie tips are for users that are not aware of it and not in the field, hey the irc and the forum full of that kind of their regrets. Hope it help somebody out there.

    yeah, thxs :)

  3. cie cie, oescepe niye :D
    congrats gan.

  4. @hmadrwx: hahahaha yoa gan, ga mau kalah dunk kita ma ente, tengkyu gan :)

  5. Gak ambil CEH, CISA, CISSP mas?

  6. @sumodirjo: Kagak kayaknya Ji, agak berminat ambil osce tapi mungkin nanti-nanti aja.