Confused between choices?
What to do, OSCP or, CEH or, CISSP? If you have decided to focus on becoming an Offensive Security Certified Professional (OSCP) or just want to find out more about it this article is a good start for you to get ahead. It will show you the right direction on your path to OSCP by attempting to find answers to some of your doubts and questions, as we shall gain first hand knowledge about it from an OSCP.
Are you just keen to know more regarding what the buzz for OSCP is all about but don't find the right person to whom you can ask?
Read below to find out more about it and the experience of someone who has passed it.
OSCP is considered as one of the top certifications in the IT security industry owing to the fact that this contains practical problems unlike CEH, and the likes. This means a rigorous examination from the context of the student. One needs to solve 5 Vulnerable Virtual Machines in this exam, and gain 70 points out of a total possible 100, in order to pass it. The exam usually spans over 24 hours and is therefore quite grueling for the individual.
However, if you are an OSCP, you can demand very high paying jobs in the industry provided you have the right skills and experience. The nature of real-world challenges this exam has makes it definitely the best in its class. Thus, OSCP can take you from unremarkable to privileged escalation, and data ex-filtration simulating real world scenarios to near perfection.
In this post, we will seek answers to some questions from a 17 year old, Kunal Khubchandani, who recently passed OSCP. We will try to learn how to achieve this ourselves by understanding the challenges, problems and how to approach this exam in general, in terms of preparing for it from ground up.
If you are an aspiring OSCP or, just an enthusiast interested in it, this shall help you gain valuable insights from someone who passed this exam on the very first attempt at a young age.
Q&A with Kunal Khubchandani, a 17 year old OSCP
(Link to the interview gist)
OSCP is considered one of the toughest exams when it comes to cybersecurity certifications, how do you feel now that you have passed it?
To be honest I never expected to complete OSCP certification this year as It takes a lot of time to prepare and I was already busy with my University admission procedures due to which I was scared that I might fail my first attempt but since I managed to get through I was really happy that I passed OSCP exam which is considered as hardest 24 exam in the industry.
What do you consider as the main significance and merits of this certification?
There are lot of plus points for the people who pass this exam this fetches a lot of job opportunities for people in Infosec industry. Overall this course is a mind opener.
What are the overall pros and cons of OSCP certification?
Pros - It is a great entry level course for exploit development, improves your enumeration and exploitation techniques and teaches you how to 'try harder'! :P .
Cons -: Less focus on WebApp flaws.
How hard was OSCP in your opinion and when should one be attempting it, starting from ground up?
It was hard for me as I had very less experience with system pentesting before enrolling to this course. My advice for people don't take this course if you are lazy to Google and are not ready to be frustrated. If you want to save time and money both, get very good experience with Vulnhub and HTB Active and retired machines. Most of my friends who have practised HTB machines, their OSCP exams got over within few hours while some of them are enjoying OSCP lab because of HTB.
What's your general opinion about the course content and how has the preparation for OSCP benefited you in course of time?
The course does not teach everything you need to know. Remember that, PWK/OSCP is not a beginner course and you need to be prepared with various things before enrolling. During my OSCP Preparation, I have improved my exploitation and privilege escalation skills and developed a habit of googling wherever I got stuck.
What's the most important aspect of OSCP and how does it differ from all other certifications in general, in your opinion?
One of the most important aspect of OSCP is labs itself as there are variety of machines about 53 of them having different level of difficulty. If you have not rooted at least 40-45 machines then you have missed all the fun. Overall this course provides complete hands on experience unlike CEH which is just theory based.
OSCP is all about system penetration testing, so how do you generally approach a system and what are your tips and tricks for system/network enumeration?
Well it depends on the target . I approach the target first by nmapping it and using masscanner which help in getting the open ports and the services. Running services give you hints. To enumerate a web service, there are tools such as Dirb,Dirbuster,GoBuster and Nikto. When you see smb service running use smbclient, enum4linux they can fetch interesting information such as shares. While some services like FTP , you can check if anonymous logins are allowed which may get you some interesting information. I recommend everyone to read G0tm1lk's blog which has more detailed techniques.
What are the things you love to do when you are not hacking?
Apart from hacking I love playing musical instruments such as piano and guitar. I spend some time going to the gym and when I don't feel like hacking, I learn new things.
Since you are also a Bug Bounty Hunter, has OSCP helped you in Bug Hunting?
OSCP has helped me in enumeration WebApps but not helped me in bug hunting. Bug hunting does not have a limited scope like OSCP. Bug hunting is skill that is developed by one's strong passion and creativity. However OSCP does not teach you how to look for bugs instead just focuses on some flaws which you require to complete this course.
Would you recommend this certification to our readers, if so, tell us why?
Getting OSCP Certification will give a boost to your infosec career. Certificate holders gain a lot of skills.
What have you so far achieved in this field apart from OSCP and what are your plans for the future?
I do not have any other certifications apart from OSCP. I have not been an active bug bounty hunter since a long time after my school ended, so I would now shift my focus on bug bounty. I have one challenge in my bucket list that is completing OSCE next year at any cost. It will be hard for me as I'd be pursuing my higher studies at university.
Thanks for answering our questions and also, helping countless others in doing so, by the insights and advices you have given to them. Wish you all the best!
Have you completed OSCP? Tell us about your experiences and any advice you would pass on to those aspiring to achieve the certification in the comments section. Let us know your thoughts on this article below.
Posted from my blog with SteemPress : https://latesthackingnews.com/2018/09/25/qa-with-17-year-old-oscp-kunal-khubchandani-his-thoughts-on-oscp/
Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit