This article originally appeared on Sep 24, 2019, posted by Samuel Whang and has been republished unedited and in its entirety with permission from the author. Original post: https://medium.com/@klockw3rk/my-oscp-guide-a-philosophical-approach-a98232bc818
About a year and a half ago from the time of writing this blog, I ventured on a journey towards achieving the coveted Offensive Security Certified Professional (OSCP) status. At this point, I had no penetration testing experience and I quickly learned that I was way in over my head after my first exam attempt. I attempted the exam a few more times with slight improvements, but OSCP still seemed like a Goliath to me and I contemplated giving up.
I took a break lasting about a month or two after which I began casually working on Hack The Box (https://www.hackthebox.eu) since penetration testing was still a skillset I wanted to foster. It wasn’t until I adopted a switch in mindset when approaching these machines that I began to see real progress in my ability to enumerate a machine, identify vulnerabilities, and develop solutions to produce shells.
This blog is geared towards those who are struggling through their OSCP aspirations. What I intend on communicating aren’t tools or scripts I used to obtain my OSCP. Frankly, within the larger scope of things, that information is irrelevant. What I intend on communicating are philosophical changes I adopted in how I approach penetration testing that ultimately led me to developing and refining my methodology that resulted in passing my OSCP exam.
Adopt the Motto: “Penetration Testing is a Lifestyle”
The approach to viewing penetration testing as lifestyle originated as an inside joke among me and my coworkers. It seemed silly at the time, but there is a lot of value in approaching penetration testing as part of your lifestyle by integrating this trade into your day to day life.
To approach penetration testing as a lifestyle is to approach it as not just something you want to do, but as something you want blended into your identity. When you look at how people become experts in any field, one thing that’s common is that they have a level of obsession with the topic — it becomes part of who they are. This obsession is a driving factor that leads people to really learn the nuances of their trade, eventually leading them to become experts. Penetration testing is a self-driven research intensive field that requires a lot of dedication and time. Without a personal driving catalyst to develop fundamental penetration testing knowledge, skills, and methodology, OSCP will always be a giant.
I made penetration testing my lifestyle by not caring whether or not I achieved my OSCP. I made a decision to focus on learning the trade, dive deep into vulnerabilities, and learn to understand the exploitation process. I started focusing on becoming a solid penetration tester instead of focusing on becoming an OSCP holder. By shifting my focus, the way I approached penetration testing inherently changed because my objective was no longer to pass an exam, but to learn the penetration testing tradecraft. At the end of the day, OSCP is designed to demonstrate the necessary skills and knowledge of a penetration tester. Getting OSCP does not necessarily make someone a penetration tester; rather, becoming a penetration tester leads to a successful OSCP exam attempt.
Focus on the right things
Often times, I notice that people struggling along their journey towards OSCP ask the wrong types of questions. They tend to focus on the exploit proof of concept (PoC), scripts, and tools instead of focusing on learning the mechanics of vulnerabilities and thinking critically about how to leverage the vulnerability into code execution. Generally, focusing on understanding the mechanics of vulnerabilities, tools, and scripts produces a more solid foundation when approaching a machine. Tools and scripts should be viewed as a way to automate tasks that you already know how to do, not as a solution to your problem.
For those coming from a background with no penetration testing experience, the journey towards OSCP is a marathon. It requires diligence, dedication, and passion. I see penetration testing as a practice, not something you can learn to do by reading books or watching videos alone. I often jokingly compare it to approaching calculus problems, but I think it’s an accurate analogy. If you want to pass a calculus exam, you need to practice solving a bunch of calculus problems. Likewise, if you want to pass your OSCP exam, you need to practice working through a bunch of machines. Of course, there are a lot that is implied in the analogy such as putting in the time and effort to understand how to accurately identify vulnerabilities and develop solutions based on your data, instead of trying to root machines without learning anything from it.
My journey towards OSCP is by far among the most rewarding accomplishments that I’ve achieved in my life. For those reading this blog, please do not be discouraged if you are struggling along this journey. Approach penetration testing as a lifestyle, and OSCP will become a by-product of that.