OSCP Certification Exam

If you have a career in Information Security and are intrigued by defensive and offensive techniques, consider becoming an Offensive Security Certified Professional (OSCP).

What is an OSCP certification?

OSCP is an ethical hacking certification offered by Offensive Security (OffSec). Holding this certification validates a professional’s knowledge of penetration testing methodologies using tools inherent in the Kali Linux distribution. Kali is an open-source, Debian-based Linux distribution that enables security and IT professionals to assess the security of their systems. Hiring cybersecurity professionals who have the knowledge required to deploy malicious hacker tools and methods is especially valuable to any security team. Intimate knowledge of the offensive strategies likely to be used against their systems is vital to building an effective defense. Holding an OSCP certification indicates the holder has acquired essential skills required to work in any of the following roles, among others:
  • Security analyst
  • Computer forensics analyst
  • Security specialist
  • Penetration tester
  • Security engineer
  • Security code auditor
  • Malware analyst
  • Security consultant
The growing acceptance within the security industry of offensive security certifications reinforces the belief that ethical hacking is a respectable profession, not just a practical ability. This acceptance has created a demand for the subset of computer and network skills once pursued only by malicious actors.

How does an OSCP differ from a CEH certification?

There are currently two prevalent penetration testing certifications available, the Certified Ethical Hacker (CEH) and the OSCP. Each fills a unique role in the cybersecurity industry, although jobs requiring one of these certifications will often accept either. Individuals holding a CEH certification are qualified from a vendor-neutral perspective. The CEH validates their ability to think and act like malicious hackers. This certification is suited for non-penetration testers and people who lack detailed security knowledge as it focuses less on hands-on labs and is considered more of an entry-level certification than is the OSCP. The OSCP certification is more hands-on and is highly focused on penetration testing using Kali Linux. It is typically recommended for more experienced information security professionals who want to make a profound and meaningful move into professional penetration testing. OSCP candidates should be able to enumerate a machine, identify vulnerabilities, and develop solutions to produce shells. It is fair to say that the OSCP is the gold standard certification for penetration testing. According to Payscale, the average salary for a CEH is $82,966, while an OSCP brings down $96,000.

What are the OSCP exam requirements?

OffSec’s Penetration Testing with Kali Linux (PWK/PEN-200) course packages include one or more exam attempts. After completing the course, or when the student feels ready, they can sit for the OSCP certification. Unlike some professional certifications, there are no educational or work experience prerequisites for taking the OSCP exam. OffSec suggests that candidates should have a solid understanding of TCP/IP networking, reasonable Windows and Linux administration experience, and be familiar with basic Bash or Python scripting. Candidates take the exam as the concluding portion of the OffSec training course. Students or professionals considering an OSCP certification should be problem-solvers and analytical thinkers. OffSec has designed the preparation course and exam to test candidates’ ability to apply critical thinking to problem-solving.

Documentation Requirements

You are required to write a professional report describing your exploitation process for each target. You must document all of your attacks including all steps, commands issued, and console output in the form of a penetration test report. Your documentation should be thorough enough that your attacks can be replicated step-by-step by a technically competent reader. The documentation requirements are very strict and failure to provide sufficient documentation will result in reduced or zero points being awarded. Please note that once your exam report is submitted, your submission is final. If any screenshots or other information is missing, you will not be allowed to send them and we will not request them.

Exploit Code

If you have not made any modifications to an exploit, you should only provide the URL where the exploit can be found. Do not include the full unmodified code, especially if it is several pages long. If you have modified an exploit, you should include:
  • The modified exploit code
  • The URL to the original exploit code
  • The command used to generate any shellcode (if applicable)
  • Highlighted changes you have made
  • An explanation of why those changes were made

Exam Proofs

Your objective is to exploit each of the target machines and provide proof of exploitation. Each target machine contains at least one proof file (local.txt or proof.txt), which you must retrieve, submit in your control panel, and include in a screenshot with your documentation. Failure to provide the appropriate proof files in a screenshot for each machine will result in zero points being awarded for the target. The valid way to provide the contents of the proof files is in an interactive shell on the target machine with the type or cat command from their original location. Obtaining the contents of the proof files in any other way will result in zero points for the target machine; this includes any type of web-based shell. On all Windows targets, you must have a shell running with the permissions of one of the following to receive full points:
  • SYSTEM user
  • Administrator user
  • User with Administrator privileges
On all Linux targets, you must have a root shell in order to receive full points.
Your connection to the exam is to be done with Kali Linux using OpenVPN. We are unable to provide any VPN connectivity support if you choose to use another setup. Your exam connection pack and details will be sent by email at the exact start time of your exam and not in advance. 1) Download the exam-connection.tar.bz2 file from the link provided in the exam email to your Kali machine. 2) Extract the file:
┌──(kali㉿kali)-[~]
└─$ tar xvfj exam-connection.tar.bz2
OS-XXXXXX-OSCP.ovpn
troubleshooting.sh
3) Initiate a connection to the exam lab with OpenVPN:
┌──(kali㉿kali)-[~]
└─$ sudo openvpn OS-XXXXXX-OSCP.ovpn 
4) Enter the username and password provided in the exam email to authenticate to the VPN:
┌──(kali㉿kali)-[~]
└─$ sudo openvpn OS-XXXXXX-OSCP.ovpn 1 ⨯
[sudo] password for kali: 
2022-01-11 04:15:50 Note: Treating option '--ncp-ciphers' as '--data-ciphers' (renamed in OpenVPN 2.5).
2022-01-11 04:15:50 OpenVPN 2.5.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 28 2020
2022-01-11 04:15:50 library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10
🔐 Enter Auth Username: OS-XXXXXX
🔐 Enter Auth Password: *********** 
2022-01-11 04:16:01 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
2022-01-11 04:16:01 UDP link local (bound): [AF_INET][undef]:1194
2022-01-11 04:16:01 UDP link remote: [AF_INET]x.x.x.x:1194
2022-01-11 04:16:01 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2022-01-11 04:16:02 [offensive-security.com] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
2022-01-11 04:16:03 TUN/TAP device tun0 opened
2022-01-11 04:16:03 net_iface_mtu_set: mtu 1500 for tun0
2022-01-11 04:16:03 net_iface_up: set tun0 up
2022-01-11 04:16:03 net_addr_v4_add: 192.168.xx.xx/24 dev tun0
2022-01-11 04:16:03 Initialization Sequence Completed

Exam Control Panel

The exam control panel is available via a link provided in your exam email. Through the exam control panel you will be able to:
  • Submit proof files
  • Revert target machines
  • View specific target objectives and point values

Machine Reverts

You have a limit of 24 reverts. This limit can be reset once during the exam. All of the machines have been freshly reverted at the start of your exam so you will not be required to revert the machines when you begin. Please wait patiently for the machine to revert and only click the button once per attempt. Note that reverting a target machine will cause it to return to its original state and any changes you have made to the machine will be lost.

Exam Proof File names

  • proof.txt - This file is only accessible to the root or Administrator user and can be found under the /root/ directory or the Administrator Desktop.
  • local.txt - This file is accessible to an un-privileged user account.
Note that the targets containing these files are detailed in your exam control panel.

Point Disqualification

You will receive no points for a specific target for the following:
  • Using a restricted tool
  • Using Metasploit Auxiliary, Exploit, or Post modules on multiple machines
  • Using the Meterpreter payload on multiple machines
  • Failure to provide the local.txt and proof.txt file contents in both the control panel and in an interactive shell screenshot
  • Lack of documentation

Reviews

There are no reviews yet.

Write a review

Your email address will not be published. Required fields are marked *

Your review must be at least 50 characters.
$899$3,999
Clear

What’s included

Open chat
1
Need Help?
Hello,
How can I help you?