We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Course Of The Month
Become a Premium Member and unlock a new, free course in leading technologies each month.
Solved
OSCP Prerequisite and Advantages
Posted on 2013-01-08
Hi All,
1 - Before going to start OSCP, i want to know what are the prerequisites for doing it. what certifications or language will add advantage in prepration of OSCP. i am CCNP Security,working as a Network Security Engineer, have a sound knowledge in Firewall (ASA/PIX/Juniper). i am also a RHCE during my previous jobs configured nagios,asterisk,cacti. i have no knowledge in any scripting languages. i dont know any thing about pearl,phython,shell,bash.
2 - i want to know from all of experts should i do OSCP ? whats level of scripting is involved in OSCP ? can an unexperienced person in scripting should do OSCP ?
3 - If i do OSCP will my network security skills will add advantage to it ?
4 - What is the scope of a person who is good in security and if he is a OSCP to ?
Experts thanks in advance for any suggestions and advice which will be provided from all of u.
1 - Before going to start OSCP, i want to know what are the prerequisites for doing it. what certifications or language will add advantage in prepration of OSCP. i am CCNP Security,working as a Network Security Engineer, have a sound knowledge in Firewall (ASA/PIX/Juniper). i am also a RHCE during my previous jobs configured nagios,asterisk,cacti. i have no knowledge in any scripting languages. i dont know any thing about pearl,phython,shell,bash.
2 - i want to know from all of experts should i do OSCP ? whats level of scripting is involved in OSCP ? can an unexperienced person in scripting should do OSCP ?
3 - If i do OSCP will my network security skills will add advantage to it ?
4 - What is the scope of a person who is good in security and if he is a OSCP to ?
Experts thanks in advance for any suggestions and advice which will be provided from all of u.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
11
6
4- +1
22 Comments
Answers to your questions:
Pre-requisites according to offensive security ( http://www.offensive-security.com/faq/ ). I would suggest being familiar with the various scripting languages, specifically perl, python, ruby and bash.
If you don't know how to script then now is probably a good time to learn, otherwise you will end up being a person that uses everyones else's stuff and never comes up with their own. In the hacker community this is known as a script kiddie. You could do it and based on your background would probably do well in the course but, I'm just saying this to save you trouble down the road when you want to lets say write an exploit in metasploit, well in order to do so you need to know ruby.
Yes
Not sure what you mean by this but ill take a crack at it anyways: OSCP for anyone that knows anything about security is a highly respected cert. I would say much more respected than CEH or anything that doesnt require you to dig deep. Here is a better, more in depth explanation of the benefits: http://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/
Hope this helps.
1 - Before going to start OSCP, i want to know what are the prerequisites for doing it. what certifications or language will add advantage in prepration of OSCP. i am CCNP Security,working as a Network Security Engineer, have a sound knowledge in Firewall (ASA/PIX/Juniper). i am also a RHCE during my previous jobs configured nagios,asterisk,cacti. i have no knowledge in any scripting languages. i dont know any thing about pearl,phython,shell,bash.
Pre-requisites according to offensive security ( http://www.offensive-security.com/faq/ ). I would suggest being familiar with the various scripting languages, specifically perl, python, ruby and bash.
2 - i want to know from all of experts should i do OSCP ? whats level of scripting is involved in OSCP ? can an unexperienced person in scripting should do OSCP ?
If you don't know how to script then now is probably a good time to learn, otherwise you will end up being a person that uses everyones else's stuff and never comes up with their own. In the hacker community this is known as a script kiddie. You could do it and based on your background would probably do well in the course but, I'm just saying this to save you trouble down the road when you want to lets say write an exploit in metasploit, well in order to do so you need to know ruby.
3 - If i do OSCP will my network security skills will add advantage to it ?
Yes
4 - What is the scope of a person who is good in security and if he is a OSCP to ?
Not sure what you mean by this but ill take a crack at it anyways: OSCP for anyone that knows anything about security is a highly respected cert. I would say much more respected than CEH or anything that doesnt require you to dig deep. Here is a better, more in depth explanation of the benefits: http://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/
Hope this helps.
What binaryevo said is essentially correct. As a former security consultant with an alphabet of certs (CISA, CISM, CRISC, CGEIT, CISSP, CEH, CCNA, ITILF, SFCP, ISO Lead Auditor etc etc) What I would add is that OSCP is really targeted for those with hands-on experience. The test as I'm sure you've seen, is a 24 hr -- here's a network -- go find stuff -- hands-on working knowledge type thing. It's not can you recognize the right answers a-la CISSP/CEH.
I took the training years ago but never took the exam because I quickly realized I need much more hands-on with the systems and tools. Go get BackTrack and play around to learn the basics of scripting and looking at the programs and tools to see what they are doing.
The security community is much more about show me what you can do and that you understand how to secure things, than it is about having the certs. OSCP for those who know is more respected, but it's still emerging in corporate America.
I took the training years ago but never took the exam because I quickly realized I need much more hands-on with the systems and tools. Go get BackTrack and play around to learn the basics of scripting and looking at the programs and tools to see what they are doing.
The security community is much more about show me what you can do and that you understand how to secure things, than it is about having the certs. OSCP for those who know is more respected, but it's still emerging in corporate America.
Thx Binaryrevo,,stea1mic
thx for ur suggestions. as i told u that i am a cisco security engineer i am well aware of firewalls IDS/IPS. these days i am going deep into security and what i found that CCIE security or CISSP only tells you or train u how to secure our corporate networks but these certification dosent explain how hacking happens. according to me if a person dosent know what are the methods or ways a hacker penetrates a network than these certification is of no use in real world.though they can get u a good job.
i googled about CEH or CISSP many gurus of security suggested that OSCP is best as it teaches u from a hacker point of view and provides in depth knowledge of security tools.
from ur suggestions i came to know that a person should be having knowledge of programing languages.
1 Do i have to master all programing language or should i try to master ruby,pearl,bash ?
thx for ur suggestions. as i told u that i am a cisco security engineer i am well aware of firewalls IDS/IPS. these days i am going deep into security and what i found that CCIE security or CISSP only tells you or train u how to secure our corporate networks but these certification dosent explain how hacking happens. according to me if a person dosent know what are the methods or ways a hacker penetrates a network than these certification is of no use in real world.though they can get u a good job.
i googled about CEH or CISSP many gurus of security suggested that OSCP is best as it teaches u from a hacker point of view and provides in depth knowledge of security tools.
from ur suggestions i came to know that a person should be having knowledge of programing languages.
1 Do i have to master all programing language or should i try to master ruby,pearl,bash ?
I would initially focus on shell scripting (bash) and probably python if you wanted to "master" skills. Once you understand one set of languages, the rest can fall into place as they tend to be similar in structure. Perl would probably be next on my list as a lot of installers and programs are written in Perl. If you are getting bored and want to move on to the next challenge ruby would then be good.
But, that all depends on your goals and what you want to achieve in the programming world. As binaryrevo said, ruby would be necessary for metasploit development and such.
Just my $0.02
But, that all depends on your goals and what you want to achieve in the programming world. As binaryrevo said, ruby would be necessary for metasploit development and such.
Just my $0.02
i am in touch with Offset Security, they have sended me the pricing, they charge according to days like 30,60,90 days and in which we have to attempt exam also. this is clear to me.
i am not able to understand whats the use of Back Track, what we do with Back Track.they said i have to download from back Track. is it like a live cd, or any linux iso in which i have to practice ?
i am not able to understand whats the use of Back Track, what we do with Back Track.they said i have to download from back Track. is it like a live cd, or any linux iso in which i have to practice ?
BackTrack is the primary set of tools they have developed for use on penetration testing and vulnerability assessments. It can be downloaded as a live CD or installed on any computer as the running OS and is based on Ubuntu Linux.
If you use it in conjunction with a virtual environment like VMWare you can play and break it and then just revert back to a known working state if you want.
I would consider installing it so you can more easily retain updates and anything you develop in your learning process.
download it here http://www.backtrack-linux.org/
While you don't need this and could install all the tools independently, it just makes sense to use a pre-setup system like this to simplify your training and learning process. This is exactly how Backtrack started. One guy needing these types of tools without the ability to download and install on a client's computer.
If you use it in conjunction with a virtual environment like VMWare you can play and break it and then just revert back to a known working state if you want.
I would consider installing it so you can more easily retain updates and anything you develop in your learning process.
download it here http://www.backtrack-linux.org/
While you don't need this and could install all the tools independently, it just makes sense to use a pre-setup system like this to simplify your training and learning process. This is exactly how Backtrack started. One guy needing these types of tools without the ability to download and install on a client's computer.
ok that means Back Track is just like a Live iso in which we do practice.
My Study plan guide, me is this study Plan good
1 First ill try to master Shell,Python,Ruby
Once i am comfortable with scripting
2 Ill purchase study material from Offensive Security
and than ill try to do their labs
My Study plan guide, me is this study Plan good
1 First ill try to master Shell,Python,Ruby
Once i am comfortable with scripting
2 Ill purchase study material from Offensive Security
and than ill try to do their labs
Seems good.
If you've got access to Cisco (or other network) gear and such where you can setup a bit of a lab, you can really play with a lot of the tools and practice your skills with Backtrack and some computers without breaking production systems. Many of the tools can disrupt network traffic which is kinda bad when you're at work, but necessary to get some of the concepts and/or tools to work.
I'd do your learning on Backtrack and just poke around. That's how you'll learn. Just don't do things on networks you don't have permission to access and test. That's what gets you put in jail.
Best of luck.
If you've got access to Cisco (or other network) gear and such where you can setup a bit of a lab, you can really play with a lot of the tools and practice your skills with Backtrack and some computers without breaking production systems. Many of the tools can disrupt network traffic which is kinda bad when you're at work, but necessary to get some of the concepts and/or tools to work.
I'd do your learning on Backtrack and just poke around. That's how you'll learn. Just don't do things on networks you don't have permission to access and test. That's what gets you put in jail.
Best of luck.
Bro right now i am not having any access to any corporate network neither i dont wanna breake a law (LOL). right now i just have 4 Desktop and i can install different OS in that, but i dont have any router or firewall . i think a router and a friewall is needed if i try to make lab in home. or i can do r/d with my 4 machines.
I'd do your learning on Backtrack and just poke around.
Bro what u mean by this, do u mean to say i should install 3 or 4 backtrack live cd in 4 machines or vms and try to penetrate using coding ?
appologies for asking stupid questions.
Bro what u mean by this, do u mean to say i should install 3 or 4 backtrack live cd in 4 machines or vms and try to penetrate using coding ?
appologies for asking stupid questions.
for your network portion, if you have access to the images, you can use GNS3 to setup ASAs, cisco routers, and even junos routers. there are several tutorials online to setup the ASA, but the router is easy. No switches (not intelligent ones anyway) though unfortunately. It does actual emulation so its just like the real thing and can easily interact with the rest of your network when setup properly. Would just take one of your machines to run it.
And good luck with the OSCP. I look forward to when I get my skills up to where I can start studying for that. Currently planning on that to be in a year. Just one request though. If you run a blog, write about your experience. For a cert of that caliber I'm sure a lot of people would be interested how you went about obtaining it. Again, good luck.
And good luck with the OSCP. I look forward to when I get my skills up to where I can start studying for that. Currently planning on that to be in a year. Just one request though. If you run a blog, write about your experience. For a cert of that caliber I'm sure a lot of people would be interested how you went about obtaining it. Again, good luck.
Yep backtrack is DEFFINATELY the best all in one distro that ive found and thats where ive spent most of my time in the security space. You may want to look into virtualization to increase the number of machines in your infrastructure if your trying to hit a broad range os's. Definitely setup a lab at home behind a decent firewall so that things that you work on (IE: viruses...) don't get out into the wild ( thats something else that will land you in prison ). Stea1mic has sound advice. With that being said, one thing that I have noticed is that without knowledge of the offensive, the defensive is only theoretical and whats really bad is that in most instances, security officers focus so much on defensive tactics that they forget to understand the offensive and their is a HUGE gap between the two. Hackers are smarter, work harder and understand the ways in which to penetrate a network better than the people that set it up.
Now my preference in order of languages to learn would be as follows:
1) Bash scripting
2) Python
3) Powershell / windows CLI
4) .net
5) Perl
6) Ruby
Why windows, well considering most of your targets in the pen test world will be windows boxes, its good to know your enemy per say and be able to write code that executes natively on your enemy. Lots of social engineering & spear phishing attacks can be effective especially if they are made to be "easy" to pull off. Knowing .net for instance or how to execute various powershell commands can greatly aid you elevating your privelage per say on a victim machine.
1) Bash scripting
2) Python
3) Powershell / windows CLI
4) .net
5) Perl
6) Ruby
Why windows, well considering most of your targets in the pen test world will be windows boxes, its good to know your enemy per say and be able to write code that executes natively on your enemy. Lots of social engineering & spear phishing attacks can be effective especially if they are made to be "easy" to pull off. Knowing .net for instance or how to execute various powershell commands can greatly aid you elevating your privelage per say on a victim machine.
First of all Thx Cyclops for joining this discussion. yes i have configured ASA in Gns n played a lot of time making VPNS, Failover etc etc.
@ Binaryevo - what do u mean by this (Definitely setup a lab at home behind a decent firewall so that things that you work on (IE: viruses...), if ill practice in VM machines than how can i break law, ill not connect my vm with internet so how can i break law.
@ Binaryevo - what do u mean by this (Definitely setup a lab at home behind a decent firewall so that things that you work on (IE: viruses...), if ill practice in VM machines than how can i break law, ill not connect my vm with internet so how can i break law.
Sure if you dont connect them to the LAN you will be fine. What i mean is that if you create a "test" network, and have your VM's available for you to run exploits against do MIM attacks or whatever from a different machine ( your hacking box ). Remember you can practice on a closed VM but, if you only have closed VM's that aren't open to your LAN how can you truly tap into the metasploit framework for instance. All im saying is you need variety...
@binaryevo - right now this term metasploit framework looks like alien to me. (LOL) bounced from my head.
From this discussion i cleared the picture of OSCP
How to Achieve OSCP
1 - Have to know Programming Language (Bash scripting,Python,Powershel
2 - Make my own Lab (vms or 3 or 4 desktop) and practice
Final Stage
3 - Purchase the subscription of (30,60,90 days (depends on individual) ) From Offensive Security and study videos and pdf provided by them.
4 - Shedule Exam according to confidence (provide root administrative credentials of lab) to offset guys , = Target Achieved
From this discussion i cleared the picture of OSCP
How to Achieve OSCP
1 - Have to know Programming Language (Bash scripting,Python,Powershel
2 - Make my own Lab (vms or 3 or 4 desktop) and practice
Final Stage
3 - Purchase the subscription of (30,60,90 days (depends on individual) ) From Offensive Security and study videos and pdf provided by them.
4 - Shedule Exam according to confidence (provide root administrative credentials of lab) to offset guys , = Target Achieved
Experts keeping in mind the target (OSCP) plz suggest me (a layman,kiddo,beginner in Programming) programming books.
For the OSCP you will need to know bash scripting, python and windows CLI. I think you can probably get away with those 3. Anything less I hate to say you probably wont be ok. Here is a link with some things to expect:
http://www.techexams.net/forums/security-certifications/72621-calling-all-penetration-testing-backtrack-pwb-oscp-students.html
http://www.techexams.net/forums/security-certifications/72621-calling-all-penetration-testing-backtrack-pwb-oscp-students.html
Here are some good ones:
http://www.amazon.com/Linux-Command-Scripting-Second-Edition/dp/1118004426/ref=sr_1_2?ie=UTF8&qid=1357760846&sr=8-2&keywords=bash+scripting
http://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921/ref=sr_1_1?s=books&ie=UTF8&qid=1357760911&sr=1-1&keywords=python+programming+for+hackers
http://www.amazon.com/Windows-PowerShell-Cookbook-Scripting-Microsofts/dp/0596801505/ref=sr_1_3?s=books&ie=UTF8&qid=1357760960&sr=1-3&keywords=windows+powershell
http://www.amazon.com/Windows-Xp-Carolyn-Z-Gillay/dp/1887902821/ref=sr_1_2?s=books&ie=UTF8&qid=1357760994&sr=1-2&keywords=windows+dos+prompt
http://www.amazon.com/Linux-Command-Scripting-Second-Edition/dp/1118004426/ref=sr_1_2?ie=UTF8&qid=1357760846&sr=8-2&keywords=bash+scripting
http://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921/ref=sr_1_1?s=books&ie=UTF8&qid=1357760911&sr=1-1&keywords=python+programming+for+hackers
http://www.amazon.com/Windows-PowerShell-Cookbook-Scripting-Microsofts/dp/0596801505/ref=sr_1_3?s=books&ie=UTF8&qid=1357760960&sr=1-3&keywords=windows+powershell
http://www.amazon.com/Windows-Xp-Carolyn-Z-Gillay/dp/1887902821/ref=sr_1_2?s=books&ie=UTF8&qid=1357760994&sr=1-2&keywords=windows+dos+prompt
Hi all,
As i told i dont have any knowledge in any of programming language(bash,python,pearl
some of them are good in C, C++ my question is shall i start from C or C++ and than start bash, python pearl by myself, will C or C++ will give advantage in understanding those programing languages.
As i told i dont have any knowledge in any of programming language(bash,python,pearl
some of them are good in C, C++ my question is shall i start from C or C++ and than start bash, python pearl by myself, will C or C++ will give advantage in understanding those programing languages.
One of gentleman gave a very good info what should be done to achieve OSCP.friends plz read below points and provide some more inputs i.e what type of scripting a person should be familiar with.according to him ping sweeps,port scanning, Understanding of buffer overflow is required.
1.) Know a scripting language fluently before starting – perl, bash or python. But be able to automate and feel comfortable making scripts to do things such as ping sweeps and port scanning.
2.) Understand buffer overflows, how they work and write one yourself. Check out Smashthestack.org and try some of their challenges. Up through level 9 of the IO wargame will give you a good idea of what to expect.
1.) Know a scripting language fluently before starting – perl, bash or python. But be able to automate and feel comfortable making scripts to do things such as ping sweeps and port scanning.
2.) Understand buffer overflows, how they work and write one yourself. Check out Smashthestack.org and try some of their challenges. Up through level 9 of the IO wargame will give you a good idea of what to expect.
Featured Post
We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP, Windows Server…
- Ransomware
- Experts Exchange
- Windows XP
- Windows OS
- Windows Server 2008
- Windows Server 2003, Security
With the rising number of cyber attacks in recent years, keeping your personal data safe has become more important than ever. The tips outlined in this article will help you keep your identitfy safe.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message.
In the To field, type your recipient's fax number @efaxsend.com.
You can even send a secure international fax — just include t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month3 days, 15 hours left to enroll
630 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.