I recently competed the PWB (Penetration Testing With Backtrack) course and the OSCP (Offensive Security Certified Penetration Tester) certification. Many people have asked what I thought about the class and the certification, and so I decided write a brief post about my experience.
When you start the PWB class, you receive over eight hours of training video. The videos are very professional. I was surprised at amount of information that was jammed into the videos. The topics ranged from Information gathering, exploit development (including exploit development and creating shellcode from scratch), application fuzzing, web application vulnerabilities, post exploitation, etc…
Although very helpful, the videos are not enough to become competent in any of the needed topic areas. I have never seen a “boot camp” style class that can teach security efficiently. I do not believe that it is possible to watch videos or listen to a lecture, and then become competent enough to call yourself a security expert (I know many CISSPs who say they value the OSCP cert far more than anything else they have [nothing against CISSP]). The videos, fortunately, are accompanied by a lab guide consisting of around 700 pages filled with in depth examples and exercises.
I spent hours pouring over the information and trying all the examples (and the extra examples). I felt like many of the things I previously understood became much more solidified, and the few new topics were very well presented and easy to pick up. So, do I think that the videos and guide are enough to make a security professional? No, I do not. Understanding how to exploit a computer and pivot through a network is great. Being able to do it is something entirely different.
The fine folks at Offensive Security must have realized that all the videos and book work in the world will not make a good security professional. They have something no one else seems to have. The most valuable part of my time spent on this class and certification was the lab time. The PWB/OSCP lab is setup to mimic a local network for a midsized company. Unlike many hacking challenges I have played with before, the Offsec lab doesn’t just consist of obvious flaws that can be pwned with Metasploit or a simple SQL Injection. Many of the computers that I exploited during my time in the lab, required customizing exploit codes (including shellcode). Basic programming is a must for many of the exercises.
The lab work is not simple. At no point does the lab guide say…check out the computer at 192.168…..it is vulnerable to MS0… They expect that you find all hosts, evaluate their vulnerabilities, leverage them to get access to the system, and then find ways to escalate your privileges. Many of the systems are setup in such a way, that they require more than just a surface level understanding of the concepts to gain access. Target vulnerabilities included a wide range of server flaws, web vulnerabilities, brute force attacks, and more. I was fortunate enough to take two months off of work to focus on this class (among some other security research). I spent around eight or nine hours a day, four or five days a week, for around five weeks. I kept extensive notes of all hosts. I still was not able to get into all of them. A few tricky ones evaded me. Some hosts are dual-homed (sitting on two networks) so there were plenty of opportunities to practice pivoting, tunneling, evading firewalls rules etc.
The OSCP certification test is one of a kind. It is the only test (beyond the OSCE) that I know of, which is not based on questions, but on ability to successfully preform penetration testing duties. Offensive Security gives you access to a network for 24 hours. In that time, you must exploit multiple hosts and gain root/administrator access. As noted in the PWB forums, the use of automated exploit tools is significantly limited in the testing environment. No point-and-click exploitation for this certification.
The PWB class is by far the best computer security class I have taken. However, successfully completing the class in no way guarantees a passing grade on this certification. Although the concepts were presented in the lab, workbook, and videos, none of the exploits needed for this test (at least that I know of) came directly from them. The OSCP certification, in my opinion, proves that it’s holder is able to identify vulnerabilities, create and modify exploit code, exploit hosts, and successfully preform tasks on the compromised systems over various operating systems.
One last thing that makes this certification an A+ is it’s emphases on reporting. After completing the PWB class and the OSCP exam a formal penetration testing report must be submitted. My final report was over a hundred pages long (and I was trying to avoid repetition as much as possible). There are many people who know security, there are some who can use that knowledge to take over systems, there are few who can present these finding to both technical and non technical audiences. PWB and OSCP make sure that the tester can report findings effectively to audiences of various technical backgrounds.
If all of this was not convincing enough, I should point out that there is always a wonderful community of OSCPs and other security professionals in the #offsec IRC channel (freenode). There are plenty of people to help, if help is needed (I have seen many people ask for answers, but I have never seen anyone give anything but direction).
If anyone else has taken this class, I would love to see your comments in the comments section below.
i just received my certification recently and agree–it’s a fantastic course! congrats!
Hi!
Can you share some info to make my learning more productive! pls cotanct me in a janis.rubenis@inbox.lv
In this moment I’m an student in these course, but i have extremely limited time
I’m currently taking the course (after having to use an extension due to unforeseen work circumstances) and I’ll agree it’s so far better than any cert I’ve done.
Nice review. I finished mine about the same time you finished your OSCP. I put my review here: http://networkadminsecrets.blogspot.com/2010/12/offensive-security-certified.html
I’m now in OSCE, it is blowing my mind and is equally as rewarding.
Hi,
Congratulations,
After my cissp certification, I’m asking for myself to train to PWB.
I looked on Offensive Security, I didn’t understand very well the time that you can spend on the security labs ?
When you subscribe for example 30H, how does it works:
Does it the time that you spend really on the labs ?
Or, Could you only to connect to the labs until a certain date ?
Hey,
The PWB class is a lot of fun. I would highly recommend it. When you subscribe for the 30 Days option, you will get VPN access to the labs. The time starts when you receive your access credentials (usually at the start of the class). You will continue to have access for the next 30 Days (or however long you registered for). Once the time is up your credentials will no longer give you access to the lab.
I hope that answers the question….let me know if you have any more.
-kno
would you recommend this course to someone new to linux and security?
This is a great course, however it is challenging. Even if you are new to Linux and to security, I would encourage you to take the class. I would also encourage you to plan on spending a lot of time in the lab. Even if you don’t make it through the OSCP Cert, the PWB class is still worth the cost and the lab is a great way to get experience with both linux and penetration testing concepts. Feel free to post any more questions here.
Good luck!
Hi,
I want to do the course.
Can you please tell me the prerequisite things for this course.
Regards,
Manish
Thanks for your review.
I have basic knowledge in Ethical Hacking and Linux. Also, i am very good in programming(c,java,python,php,…).
I planned to do the OSCP cert..