You may remember that in some of my previous blog posts I mentioned that I was studying for my Security+ exam, well the good news is that I passed the exam nearly 2 weeks ago (there isn’t any bad news). The Friday just gone, I had a meeting with my big boss at work and he agreed that I could get funding for my next certification, what’s even better is that he was happy for it to be the OSCP (Offensive Security Certified Professional) course… 🙂

It’s going to take a few weeks before all the necessary work related paperwork is sorted and I can start the course. Not wanting to wait I’ve already started researching and studying some of the areas I know I need to understand better before I start the course and I’ve started preparing the necessary “environments” so I can practice.

1. Download the PWB (Pentesting with Backtrack) syllabus, so I can work out my “weak” areas.
2. Build a virtual test lab so I can practice, this includes an installation of Backtrack 5 R2, Windows XP, Metasploitable 2 and LAMP Security VM’s. I am using VMware Workstation (perk of being a VCP) so I can configure multiple networks and all my VM’s run off a 32GB SD card in my laptop.
3. Read other people’s reviews of the OSCP exam just to get an idea of what to expect.
4. Practice my documentation skills in my lab environment.

Now there are a couple of things that both worry me and excite me about this course (and the exam), I’ve read some post OSCP reviews and the general theme is “It’s not easy”, but you learn a LOT, the other thing that worries me is the report writing that you MUST complete at the end of the exam in order to pass. Now I’ve never written a report like this before so for me it’s a worry, not something I can’t overcome, I just need to practice and get familiar with.

In a weird way I’m actually really looking forward to the exam, 24 hours to break into a number of hosts using all your skill, imagination and determination sounds like awesome fun. I’ve already accepted that I won’t sleep during those 24 hours but I don’t care (the joys of working overnight means it doesn’t bother me much anymore). I’ve also accepted that leading up to the exam I will spend many many many hours in front of my laptop studying and practicing but again to me that’s fun as well..

I obviously can’t post anything about the actual course or the exam content but I will post updates on how I am doing and if I find a new technique along the way I will try to post it up on my blog.

Just remember if first you don’t succeed, “Try Harder..”