Offensive Security PWB OSCP – The OffSec Labs Are No Joke

Well today marks the end of my time in the offensive security labs. This would definitely be the best course of ever undertaken. Better than any university course, postgraduate study or continuing professional development courses. Penetration Testing With BackTrack (PWB) was fantastic, it is challenging and rewarding. It is hard to find anything negative to say about it.

My failure

Of my 60 days of lab time there were 22 days in which I did not even do any real work in the labs. This was due to work commitments, family commitments and a few health issues. I will discuss this in more detail in an upcoming post.

Before You Start PWB

When doing this course you will need to make it your top priority. The course is challenging and requires a significant time investment. Unfortunately I was unable to invest in the course properly. So I will be signing up for another 30 days in January/February.

  • Speak with your wife, husband, cat, dog or significant other about the course before starting.
  • Ensure you have limited work commitments or the ability to take time off to complete the course. (Or sign up for a minimum of 90 days.)
  • Install BackTrack VMware image and get your environment configured before starting.
  • Complete Metasploit Unleashed (Free Course)
  • Bookmark the Corelan Team’s exploit writing tutorials
  • Be prepared to have no life for the duration of time in Offsec labs.

The course is called Penetration Testing with Backtrack. To get the most out of the course I recommend following the instructions and using the VMware image. For the most part it is a trivial process to complete in Kali Linux however there are a few gotchas. Your time is better spent owning computers in the labs rather than solving small technical issues. Remember the course is called Penetration Testing with BackTrack for a reason.

Buffer Overflow Example PWB, OSCP

The standard Buffer Overflow Example PWB

The Typical Cycle

When trying to own machines in the lab I found myself going through a range of emotions.

Confidence – Excellent, I have found the service to attack, find exploit and send exploit + payload. Easy.

Questioning – Why is my exploit not working?

More Questioning – Lets try a different exploit.

Frustration – Dam, this new exploit is not working either.

Try Harder – Look at the big picture. Look at all attack vectors and try a different method.

Success – Now your in let the post exploitation begin.

Understanding – It is only after going through the trial and error process do you truly understand.

Rinse and Repeat

Any fool can know. The point is to understand.

― Albert Einstein

Some of the lab machines had me really questioning  my own abilities and knowledge. The process of doing things the hard way is what sets OffSec training apart from other training providers. As you move through the lab machines you will realise that resets are both a blessing and a curse. This will become evident on the dual homed machines you use for a pivot.

Gaps in My Knowledge and Laziness

This course highlighted some glaring holes in my knowledge particularly in the area of web application exploitation. Also I hadn’t realised how lazy Burp Suite, Nessus, Open VAS, Metasploit, Nikto, havij and sqlmap  have made me. It is good to go back to basics and do a lot of this stuff manually.

Where to from here

There is no point in me undertaking the OSCP until I fix the gaps in my knowledge and complete another thirty days in the labs. The goal will be to get into Admin and Development networks. I really enjoyed the course as a whole and am looking forward to putting some real time into the labs. I highly recommend this course to any one who is serious about InfoSec. The course is challenging yet achievable don’t make the same mistake I did and put the hours in and you will be rewarded.