Avatar of pawanopensource
pawanopensource
 asked on

OSCP Prerequisite and Advantages

Hi All,

1 - Before going to start OSCP, i want to know what are the prerequisites for doing it. what certifications or language will add  advantage in prepration of OSCP. i am CCNP Security,working as a Network Security Engineer, have a sound knowledge in Firewall (ASA/PIX/Juniper). i am also a RHCE during my previous jobs configured nagios,asterisk,cacti. i have no knowledge in any scripting languages. i dont know any thing about pearl,phython,shell,bash.

2 - i want to know from all of experts should i do OSCP ? whats  level of scripting is involved in OSCP ? can an unexperienced person in scripting should do OSCP ?

3 - If i do OSCP will my network security skills will add advantage to it ?

4 - What is the scope of a person who is good in security and if he is a OSCP to ?

Experts thanks in advance for any suggestions and advice which will be provided from all of u.
SecurityVulnerabilities

Avatar of undefined
Last Comment
pawanopensource

8/22/2022 - Mon
SOLUTION
binaryevo

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
stea1mic

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
pawanopensource

ASKER
Thx Binaryrevo,,stea1mic

thx for ur suggestions.  as i told u that i am a cisco security engineer i am well aware of firewalls IDS/IPS. these days i am going deep into security and what i found that CCIE security or CISSP only tells you or train u how to secure our corporate networks but these certification dosent explain how hacking happens. according to me if a person dosent know what are the methods or ways a hacker penetrates a network than these certification is of no use in real world.though they can get u a good job.

i googled about CEH or CISSP many gurus of security suggested that OSCP is best as it teaches u from a hacker point of view and provides in depth knowledge of security tools.

from ur suggestions i came to know that a person should be having knowledge of programing  languages.

1 Do i have to master all programing language or should i try to master ruby,pearl,bash ?
ASKER CERTIFIED SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
pawanopensource

ASKER
i am in touch with Offset Security, they have sended me the pricing, they charge according to days like 30,60,90 days and in which we have to attempt exam also. this is clear to me.

i am not able to understand whats the use of Back Track, what we do with Back Track.they said i have to download from back Track. is it like a live cd, or any linux iso in which i have to practice ?
stea1mic

BackTrack is the primary set of tools they have developed for use on penetration testing and vulnerability assessments.  It can be downloaded as a live CD or installed on any computer as the running OS and is based on Ubuntu Linux.

If you use it in conjunction with a virtual environment like VMWare you can play and break it and then just revert back to a known working state if you want.

I would consider installing it so you can more easily retain updates and anything you develop in your learning process.

download it here http://www.backtrack-linux.org/

While you don't need this and could install all the tools independently, it just makes sense to use a pre-setup system like this to simplify your training and learning process.  This is exactly how Backtrack started.  One guy needing these types of tools without the ability to download and install on a client's computer.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
pawanopensource

ASKER
ok that means Back Track is just like a Live iso in which we do practice.


My Study plan guide, me is this study Plan good

1 First ill try to master Shell,Python,Ruby
   Once i am comfortable with scripting

2 Ill purchase study material from Offensive Security
    and than ill try to do their labs
stea1mic

Seems good.

If you've got access to Cisco (or other network) gear and such where you can setup a bit of a lab, you can really play with a lot of the tools and practice your skills with Backtrack and some computers without breaking production systems.  Many of the tools can disrupt network traffic which is kinda bad when you're at work, but necessary to get some of the concepts and/or tools to work.

I'd do your learning on Backtrack and just poke around.  That's how you'll learn.  Just don't do things on networks you don't have permission to access and test.  That's what gets you put in jail.

Best of luck.
pawanopensource

ASKER
Bro right now i am not having any access to any corporate network neither i dont wanna breake a law (LOL). right now i just have 4 Desktop and i can install different OS in that, but i dont have any router or firewall . i think a router and a friewall is needed if i try to make lab in home. or i can do r/d with my 4 machines.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
pawanopensource

ASKER
I'd do your learning on Backtrack and just poke around.

Bro what u mean by this, do u mean to say i should install 3 or 4 backtrack live cd in 4 machines or vms and try to penetrate using coding ?

appologies for asking stupid questions.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
binaryevo

Yep backtrack is DEFFINATELY the best all in one distro that ive found and thats where ive spent most of my time in the security space.  You may want to look into virtualization to increase the number of machines in your infrastructure if your trying to hit a broad range os's.  Definitely setup a lab at home behind a decent firewall so that things that you work on (IE: viruses...) don't get out into the wild ( thats something else that will land you in prison ).  Stea1mic has sound advice.  With that being said, one thing that I have noticed is that without knowledge of the offensive, the defensive is only theoretical and whats really bad is that in most instances, security officers focus so much on defensive tactics that they forget to understand the offensive and their is a HUGE gap between the two.  Hackers are smarter, work harder and understand the ways in which to penetrate a network better than the people that set it up.
binaryevo

Now my preference in order of languages to learn would be as follows:

1)  Bash scripting
2)  Python
3)  Powershell / windows CLI
4)  .net
5)  Perl
6)  Ruby

Why windows, well considering most of your targets in the pen test world will be windows boxes, its good to know your enemy per say and be able to write code that executes natively on your enemy.  Lots of social engineering & spear phishing attacks can be effective especially if they are made to be "easy" to pull off.  Knowing .net for instance or how to execute various powershell commands can greatly aid you elevating your privelage per say on a victim machine.
Your help has saved me hundreds of hours of internet surfing.
fblack61
pawanopensource

ASKER
First of all Thx Cyclops for joining this discussion. yes i have configured ASA in Gns n played a lot of time making VPNS, Failover etc etc.

@ Binaryevo - what do u mean by this (Definitely setup a lab at home behind a decent firewall so that things that you work on (IE: viruses...), if ill practice in VM machines than how can i break law, ill not connect my vm with internet so how can i break law.
binaryevo

Sure if you dont connect them to the LAN you will be fine.  What i mean is that if you create a "test" network, and have your VM's available for you to run exploits against do MIM attacks or whatever from a different machine ( your hacking box ).  Remember you can practice on a closed VM but, if you only have closed VM's that aren't open to your LAN how can you truly tap into the metasploit framework for instance.  All im saying is you need variety...
pawanopensource

ASKER
@binaryevo - right now this term metasploit framework looks like alien to me. (LOL) bounced from my head.

From this discussion i cleared the picture of OSCP


                                             How to Achieve OSCP

1 - Have to know Programming  Language (Bash scripting,Python,Powershell / windows CLI,.net,Perl,Ruby)  Plz suggest any one or two because i cant master all.

2 - Make my own Lab (vms or 3 or 4 desktop) and practice

                                              Final Stage

3 - Purchase the subscription of (30,60,90 days (depends on individual) ) From Offensive Security and study videos and pdf provided by them.

4 - Shedule Exam according to confidence (provide root administrative credentials of lab) to offset guys , = Target Achieved
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
pawanopensource

ASKER
Experts keeping in mind the target (OSCP) plz suggest me (a layman,kiddo,beginner in Programming) programming books.
binaryevo

For the OSCP you will need to know bash scripting, python and windows CLI.  I think you can probably get away with those 3.  Anything less I hate to say you probably wont be ok.  Here is a link with some things to expect:

http://www.techexams.net/forums/security-certifications/72621-calling-all-penetration-testing-backtrack-pwb-oscp-students.html
pawanopensource

ASKER
@binaryevo - plz suggest me some books for  bash , python, windows CLI.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
pawanopensource

ASKER
Hi all,

As i told i dont have any knowledge in any of programming language(bash,python,pearl,ruby) so i decided first to have knowledge on those therefore i have gone to many training institues where i can join and start understanding those, but unfortunately in my city no institutes r capable.  

some of them are good in C, C++ my question is shall i start from C or C++ and than start bash, python pearl by myself, will C or C++ will give advantage in understanding those programing languages.
pawanopensource

ASKER
One of gentleman gave a very good info what should be done to achieve OSCP.friends plz read below points and provide some more inputs i.e what type of scripting a person should be familiar with.according to him ping sweeps,port scanning, Understanding of buffer overflow  is required.

1.) Know a scripting language fluently before starting – perl, bash or python. But be able to automate and feel comfortable making scripts to do things such as ping sweeps and port scanning.


2.) Understand buffer overflows, how they work and write one yourself. Check out Smashthestack.org and try some of their challenges. Up through level 9 of the IO wargame will give you a good idea of what to expect.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.