I have working on breaking into the field of cybersecurity for some time now. One of the most popular ways to do so is to earn certifications. I did some research on which certifications might be the most beneficial to me, and discovered that the best technical certs are from Offensive Security (to nobody’s surprise I’m sure- they also created Metasploit and Kali Linux). The Offensive Security Certified Professional cert is probably the most widely known of their offerings, so that is what I decided to shoot for first.
PEN-200 Penetration Testing with Kali Linux#
Purchasing the PEN-200 Penetration Testing with Kali Linux (PWK) course costs about $1500. It comes with a few items: a textbook, videos, access to exercises, and access to the PWK labs.
The course materials consisted of the textbook and the videos. I really didn’t find these very helpful, but I still read and watched everything. There were a lot of walkthroughs of different enumeration and exploitation techniques, as well as instructions for various penetration testing tools.
The exercises followed along with the course materials. In a chapter focusing on web attacks, you’d be given the ip address of a server running a webapp, and be asked to get a flag from the server using a relevant method to the chapter. These exercises were a helpful way to practice the things I had been reading
The PWK labs are basically the same idea as Proving Grounds or Hack The Box. You are given a list of ip addresses an you have to submit user and root flags to mark them as complete. I got through about 20 of the 75 (maybe 100- I don’t remember anymore) included machines. I would have liked to get further, but as a full time engineer and part time student, my schedule was pretty busy.
Exam Attempt 1#
During my first attempt at the exam, I raced through user and root on the first two standalone boxes in about 45 minutes. Sitting at 40 points, I was feeling great. Then, I redirected my focus to the Active Directory set. I tried for about 6 hours to get an initial foothold into the first client machine, to no avail. From there, I chose to take a break from AD and worked through the third standalone box, which was a Windows buffer overflow. I was able to complete this in less than an hour, and again went back to the AD set. After trying everything I could possibly think of, I took a nap for two hours. When I woke up, I felt determined to figure out the entrypoint, but still found myself completely stumped at the 23 hour mark of the exam. I took a quick breather and got back to work. At the 23:30 mark, I found the foothold. Unfortunately, I only had 15 minutes left to finish the entire AD set, so I failed the attempt.
Exam Attempt 2#
After about a month, I decided to take another attempt at the exam. I practiced with HackTheBox between attempts, and felt more confident the second time. I started the exam and again quickly finished the first 40 points of standalone boxes. This took me about 2 hours. Then, I got to work on Active Directory. After 3 hours, I got a foothold into the first client. After another 3 hours, I had Administrator on both of the clients. Unfortunately, I hit a roadblock at that point. I spent the rest of the exam frantically searching for a foothold into the domain controller, which I never found. This attempt was disappointing, since I was extremely close to passing, but still came up short.
I would like to attempt the OSCP exam again. It’s frustrating to fail repeatedly, but I believe the hard work I put into preparing for my previous attempts is valuable and will help me succeed eventually. I’ll probably try again in a few months, maybe after my next grad school class (binary exploitation) ends. I will also try to prepare more with Hack The Box and TryHackMe.
I am also interested in a couple other certs at the moment:
OSED (Offensive Security)
CPTS (Hack The Box)