I've been asked a couple of times now, "What do I need to know to become OSCP certified?". It's a hard question to answer. For people who don't know, OSCP stands for Offensive Security Certified Professional. It's a grueling course by the folks over at Offensive Security, but the payout is extraordinary! You can read my story over here. Anyways, here's my list of recommendations:
- Understand Windows operating systems (especially command line).
- Understand Linux operating systems.
- Extensive knowledge in networking.
- Be familiar with Wireshark and be able to read through packet captures.
- Be familiar with Nmap.
- Don't rely on vulnerability scanners like Nessus or OpenVAS. You won't be able to use these for the exam. You can use them in the lab, but try to maximize finding vulnerabilities on your own with nmap and poking around on the server.
- Understand how to read through code, especially C, Python, Perl, PHP, Ruby, and Shellcode. If you have zero experience in programming, I'd suggest taking a beginner course in Python. You won't be writing code from scratch, but you need to know how to read it.
- Be familiar with Assembly and a debugger. Don't dive heavily into this, as the course will guide you through this part. I had no experience in Assembly or a debugger going into OSCP but it wasn't a major problem.
- Be familiar with database applications like MySQL, MongoDB, MSSQL.
- Understand how CMS web applications work, like Drupal and Wordpress.
- Keep detailed notes. Even if the information seems irrelevant, copy and paste it. You'll never know when the smallest detail is the answer to the riddle. Offensive Security recommends using a program called KeepNote. I used it and it was great.
- Take lots of screenshots. KeepNote can take screenshots as well.
- Teaching yourself is huge. Be prepared to treat this course like a second job. You'll be putting in a lot of time. Some weeks I was putting in over 20 hours on top of a full time job.
- Take regular backups of your notes.
- Be sure to join the IRC channel for Offensive Security. You can chat with admins there and get hints. However, be sure you did your work before asking for help. You need to show the admins you are trying hard before they'll help you out. You can also vent with other OSCP students! Offensive Security no longer maintains the IRC channel. All help is done through their online support page and student forums.
- Download and install Kali and play around with it.
- Download virtual machines from Vulnhub.com and play around with them
- Most importantly, try harder and have fun!
This course is heavy. You'll feel overwhelmed and tired. Be sure to take lots of breaks and sleep. Being well-rested will give you a clear mind to work in the labs. Good luck!!