The Offensive Security Certified Professional (OSCP) is the world’s first completely hands on offensive information security certification. The OSCP challenges the students to prove they have a clear practical understanding of the penetration testing process and lifecycle through an arduous twenty four (24) hour certification exam.
The OSCP exam consists of a dedicated vulnerable network, which is designed to be compromised within a 24-hour time period. The exam is entirely hands-on and is completed with the examinee submitting an in-depth penetration test report of the OSCP examination network and PWB labs. The coveted OSCP certification is awarded to students who successfully gain administrative access to systems on the vulnerable network.
The truism “anything worth having doesn’t come easy” is one I have often remembered when on a particularly difficult path to a goal. Never have the words rung quite so true when applied to my quest for [the] OSCP certification. – ProactiveDefenderhttp://proactivedefender.blogspot.com/2012/01/oscp-my-review.html
Real World Exams
The OSCP examination consists of a virtual network containing varying configurations and operating system. The successful examinee will demonstrate their ability to research the network (information gathering), identify any vulnerabilities and execute tools, including modifying exploit code, all with the goal to compromise the systems and gain administrative access. The candidate is expected to submit a comprehensive penetration test report, containing in-depth notes and screen shots detailing their findings. Points are awarded for each compromised host, based on their difficulty and level of access obtained.
Real World Benefits
An OSCP, by definition, is able to identify existing vulnerabilities and execute organized attacks in a controlled and focused manner, write simple bash or python scripts and modify existing exploit code to their advantage, perform network pivoting and data exfiltration, and compromise poorly written PHP web applications. The twenty-four hour examination also demonstrates that OSCP’s have a certain degree of persistence and determination. Perhaps more importantly, an OSCP has demonstrated their ability to think “outside the box” and “laterally.”
OSCP Holders Can
- Use information gathering techniques to identify targets.
- Write scripts and tools to aid in penetration testing.
- Analyze, correct, modify and port exploit code.
- Deploy tunneling techniques to bypass firewalls.
- Demonstrate creative problem solving and lateral thinking.
The OSCP certification, in my opinion, proves that it’s holder is able to identify vulnerabilities, create and modify exploit code, exploit hosts, and successfully preform tasks on the compromised systems over various operating systems. – Trentonhttp://www.hackyeah.com/2010/12/brief-review-of-the-pwb-class-and-the-oscp-certification/
In order to enroll for the OSCP certification exam, you must first complete the Penetration Testing with BackTrack course.