I have some background in IT and security, with a dream of becoming a penetration tester. I currently work in vulnerability intelligence, and have a lot of exposure to what vulnerabilities exist in software. From here I determine the risk it poses to the company by understanding the way an attacker would exploit the vulnerability, so I decided to go through the Penetration Testing Student course to learn how to exploit these machines. I have had my eye on the OSCP so I figured this would be a good certification to start off with. I had already obtained the Security+ and CEH prior to taking this certification, but I don’t think they are necessarily required as a pre-requisite.
Looking through the syllabus you get exposure to programming languages, networking, web application penetration testing, and network penetration testing. I think this course did a great job explaining the methodologies. I recommend creating a notebook in OneNote and keeping track of all your notes in there. For each section I created a new page with the section name. In there I had items I thought were important and then took screenshots as I went. I also used this for the labs so I could refer back to something later, like when taking the exam.
I really like having the labs with this course, because it provided a hands-on experience. I got used to performing the attacks and learning what to look for when I wanted to perform each attack. While you could try to stand up your own vulnerable machines, covering all these various topics would prove a challenge. The end black-box tests provide for a simulated environment testing a machine. These were super valuable as they covered some methods not covered in the materials, and also make you think throughout the entire hacking methodology. This should be enough to prepare you for the exam. I had been working through machines on Hack the Box, which I think greatly benefited me.
Exam Preparation
The exam is a maximum of 72 hours, with 20 multiple choice questions you have to answer. You can only gain these answers by hacking through the network. You are not given any background information, basically just dropped on a network and told go hack. I think this was a great simulation to performing a black-box penetration test, because many times you may only be given the public IP addresses of the client, or given access to a single machine that is sitting on the internal network. From there you have to scan and enumerate, until you find a way in. I thought the exam was challenging, but I enjoyed working through it. I prepared by having meals prepped, plenty of Red Bull, and some music selection. There was construction going on outside my house, so it was nice to have some headphones listening to music. Be sure to take breaks otherwise you won’t make it through the exam. I took several walks to clear my head when I was hung up, and did get 4 hours of sleep. After about 32 hours I had enough points I was pretty sure I was good. I did a final look through and submitted my exam. You get your results immediately and I was very excited to see the note that I had passed the exam!
I recommend taking this course for anyone that is interested in penetration test. You will learn all you need in this course to make it through the exam. If you wanted to get additional learning prior to signing up, I would recommend taking The Cyber Mentor’s Practical Ethical Hacking – The Computer Course on Udemy. This will give you all the knowledge you need and more! I think eLearnSecurity put together a great course and I can’t wait to take another!