#offsec #pentest #training #tryharder
(Note to all who have read Part I on my other page — yes, I’m in the midst of shifting my blog; this is a replication of Part I on my previous site, with very minor edits.)
(WARNING: This review is very cheesy. If you can’t take it, try harder.)
Many a penetration tester today would have heard about the OSCP and its reputation. I have finally obtained my certification after failing numerous times! Let us reminisce the good times. A year of sufferance, tears and eventually, we obtain our proof.txt file.
Caring mentors, comprehensive support and close instructional guidance form the basis of a good course for many. This course prefers throwing the student into a deep, dark forest, which are the PWK labs. Lab machines range from the easy to the mind-bindingly confusing ones. To me, it was a playground. It was free play, much like how a child would approach new challenges. The inner child in me refused to give up, and kept on trying harder. With such a fun playground where we could hack, who wouldn’t cherish the time there?
And just like an innocent child, one easily loses sense of time in the labs, easily burning weekends and late nights head-banging.
One more interesting piece of trivia: the “Try Harder” phrase is trademarked.
The First Few Weeks
I started the course with hardly any fundamentals, because I was not a traditional computer scientist or electrical engineer. A physicist will probably have coded quick and dirty Python, but touching C, or Java is something we do not do much, if at all.
We probably do some quick and dirty Bash scripting too, but that is it. It suffices to say that the first few weeks being immersed in the deep, dark forest was nothing except sheer sufferance. Imagine being stuck in Rome without knowing a word of Italian! For the first time in my life, I had to squint at a debugger, looking out for what was going on in memory! At times, I felt like giving up, and just exclaiming, “Shikata Ga Nai“, which is Japanese for “nothing can be done”.
Slowly, though, I built a relationship with the labs, especially when the relationship became rocky…
The labs felt like puzzles. At first, one had no clue on how to solve them. However, one eventually got better at them, and started feeling more comfortable.
With really limited knowledge, learning was extremely painful, even for the experienced folk.
And each time I want my comfort… I get gently nudged…
“Bash-ing” Around the Forest
This course aimed to simulate a real-world penetration test: one where there was extensive information gathering. Sometimes, we had to even think how a human might interact with the network to attack him/her! Just like a black-box, no one mentioned where the start line should be, and all they mention about the finish line:
- Some aim to gain access to one, two or three networks.
- Some aim to root all machines in a network.
- Some aim to gain access to the Administrative network.
- Some aim to root every machine in the labs.
Essentially, there are no instructor-defined objectives, or rather, “KPIs”.
(skipped are the recounts of numerous episodes of sufferance)
The “Big Four”
To many OSCP students, the boxes “pain”, “sufferance”, “humble” and “gh0st” comprise the Big Four. Ask any student who has taken the course, and the term “sufferance” should probably stick. Worse, ask for a hint, and all you get is:
Sometimes, you just feel like raging at the bot, only to realise the bot also has something to say about rage!!!
If the laboratory machines were real physical servers, one might be tempted to simply take a pair of scissors and snip away at the network cables in frustration.
On my first lab stint, I was too poorly equipped. I did not get any of the Big 4, and I did not pass the exam. But I would try harder… and eventually return.
Apologies to the Poor Friends
Some friends were on the unfortunate receiving end of the frustration and agony suffered from the labs. To those I vented at, or had appointments severely delayed just so that I could maximise lab time, I must say sorry. I hope I am forgiven.
*Easter egg alert: I have designed a vulnerable machine in dedication of Offensive Security’s inflicting of pain and sufferance. And in true OffSec spirit, the name of the machine will probably scare you. I shall call the machine’s hostname… MERCY.*
BOOMZ! The Exam
Me: I’m taking an exam. It lasts for 24 hours.
Friend: What kind of crazy course is that?
Me: Well… (inserts what the course is really all about)
Friend: You’re crazy, but all the best.
Predictably, the lack of preparation and sheer rawness led to the exam blow-up. It was somewhat expected. From nothing to exam-ready sounded like a miracle. I would need to suffer this multiple times if I was to get my certification.
The only time Offensive Security gave a fluffy bunny:
Discouraged I wasn’t. I decided to dive back in with almost a singular focus to obtain this certification.
I had some personal targets, which kept on moving as I moved along. Here are some of the memorable ones. (No spoilers here; don’t bother looking.)
The “feeling of completion” machine: There was one particular machine sitting right in front of me. He laughed each time I looked at him. It made no sense. Throughout the labs, this machine stood with a grin, taunting me to pwn him. I had no clue. The only clue was that I had to go all the way to the deep end just to find something that would help me. RAGE!!! And try harder I did! Within the lab environment, there are some stories about the corporate environment, which illuminated the relationships across the network. Each machine in the story arc that was rooted meant one step closer to knowing the whole network’s backstory!
SUFFERANCE: It was a decision made out of sheer ego; I must finish the labs with a big: finish it off with the “Big Four”. Only then could I claim to finish in style. When I returned to the labs with a vengeance, other machines started dropping like grapes. This one, however, was left for last. And once it dropped… (with quite a bit of hair-pulling)
It was a moment of bittersweet tears. Bitter, because of the year spend just to get competent at this. Sweet, because, it was finally all done!!!
The OSCP taught one extremely important life lesson over and beyond just being able to conduct a penetration test — never giving up, and never letting myself down, and most certainly not deserting adversity. It’s probably all too easy deciding to give up at multiple points, especially when all Offensive Security does is to nudge you to try harder. But if I do not try harder, will I ever improve? No pain, no gain!
What Will be in Part 2?
Part 2 will be a more technical review. It will state some basic requirements one should have before embarking on the journey of sufferance. I will also make brief mentions about the approximate mental preparation required (for the exam).