The OSCP certification course was provided by Offensive Security first offered in 2006 under the name “Offensive Security 101”.
The OSCP certification is considered the most difficult and demanding entry-level certificate in the field Penetration testing/ IT security that you can earn. This is partly because the OSCP certification was the first certificate to rely on a practical test and partly because of the try-harder mentality. This is a major special feature that is reflected in all Offensive Security certificates:
This is an online self-study course that provides insights into penetration testing tools and techniques through practical experience. Since there is no official training to become a penetration tester, the OSCP certification is not only respected and well-known, but also required for many jobs in the IT security sector.
The course is not aimed at beginners, but at information security experts who already have experience in the area of penetration testing. At the end of the theoretical part of the training as part of the OSCP certification, which takes place either via video conference or via video on demand and includes many practical exercises in the “practice laboratory”, you can take part in the final test.
In the 24-hour final exam, which takes place in an unknown VPN environment, participants must collect points by compromising hosts. Furthermore, a comprehensive, professional penetration test report, including screenshots and comprehensive notes, must be submitted as part of the final audit. In addition, the OSCP certification exam is completely monitored. No prior knowledge or assistance with the lab is provided.
After successfully passing the final exam, graduates are able to identify existing vulnerabilities and carry out organized attacks in a controlled and targeted manner. In addition, the OSCP certification shows that you not only belong to the technical elite, but also have endurance and assertiveness and can competently face new and unknown situations.
As mentioned in the section above, the course is aimed at information security professionals who want to take a serious and meaningful step into the world of professional penetration testing. This course is specifically aimed at:
It is absolutely necessary to master time management. The 24-hour OSCP certification exam must be planned carefully in advance. If you don't master the balance of active exploiting, scanning and note-writing, you won't be able to pass the exam successfully.
According to Offensive Security, in order to successfully complete and thus obtain the OSCP certification, candidates still need a solid understanding of TCP/IP networks, adequate experience in the administration of Windows/Linux systems and familiarity with Bash scripts. Basic knowledge of the scripting language Python or Perl is also required. In reality, however, we can say that experience shows that there is a lot more involved. In addition to the time management and personal attitude already mentioned, extensive knowledge and skills in many areas of IT are necessary.
Practical tools
Bash scripting
Passive information gathering
Active information gathering
Vulnerability scanning
Attacks on web applications
Introduction to buffer overflows
Windows buffer overflows
Linux buffer overflows
Client-side attacks
Finding public exploits
Fix exploits
File transfers
Antivirus bypass
Privilege escalation
Password attacks
Port redirection and tunneling
Active Directory attacks
powershell empire