I recently competed the PWB (Penetration Testing With Backtrack) course and the OSCP (Offensive Security Certified Penetration Tester) certification. Many people have asked what I thought about the class and the certification, and so I decided write a brief post about my experience.
When you start the PWB class, you receive over eight hours of training video. The videos are very professional. I was surprised at amount of information that was jammed into the videos. The topics ranged from Information gathering, exploit development (including exploit development and creating shellcode from scratch), application fuzzing, web application vulnerabilities, post exploitation, etc…
Although very helpful, the videos are not enough to become competent in any of the needed topic areas. I have never seen a “boot camp” style class that can teach security efficiently. I do not believe that it is possible to watch videos or listen to a lecture, and then become competent enough to call yourself a security expert (I know many CISSPs who say they value the OSCP cert far more than anything else they have [nothing against CISSP]). The videos, fortunately, are accompanied by a lab guide consisting of around 700 pages filled with in depth examples and exercises.
I spent hours pouring over the information and trying all the examples (and the extra examples). I felt like many of the things I previously understood became much more solidified, and the few new topics were very well presented and easy to pick up. So, do I think that the videos and guide are enough to make a security professional? No, I do not. Understanding how to exploit a computer and pivot through a network is great. Being able to do it is something entirely different.
The fine folks at Offensive Security must have realized that all the videos and book work in the world will not make a good security professional. They have something no one else seems to have. The most valuable part of my time spent on this class and certification was the lab time. The PWB/OSCP lab is setup to mimic a local network for a midsized company. Unlike many hacking challenges I have played with before, the Offsec lab doesn’t just consist of obvious flaws that can be pwned with Metasploit or a simple SQL Injection. Many of the computers that I exploited during my time in the lab, required customizing exploit codes (including shellcode). Basic programming is a must for many of the exercises.
The lab work is not simple. At no point does the lab guide say…check out the computer at 192.168…..it is vulnerable to MS0… They expect that you find all hosts, evaluate their vulnerabilities, leverage them to get access to the system, and then find ways to escalate your privileges. Many of the systems are setup in such a way, that they require more than just a surface level understanding of the concepts to gain access. Target vulnerabilities included a wide range of server flaws, web vulnerabilities, brute force attacks, and more. I was fortunate enough to take two months off of work to focus on this class (among some other security research). I spent around eight or nine hours a day, four or five days a week, for around five weeks. I kept extensive notes of all hosts. I still was not able to get into all of them. A few tricky ones evaded me. Some hosts are dual-homed (sitting on two networks) so there were plenty of opportunities to practice pivoting, tunneling, evading firewalls rules etc.
The OSCP certification test is one of a kind. It is the only test (beyond the OSCE) that I know of, which is not based on questions, but on ability to successfully preform penetration testing duties. Offensive Security gives you access to a network for 24 hours. In that time, you must exploit multiple hosts and gain root/administrator access. As noted in the PWB forums, the use of automated exploit tools is significantly limited in the testing environment. No point-and-click exploitation for this certification.
The PWB class is by far the best computer security class I have taken. However, successfully completing the class in no way guarantees a passing grade on this certification. Although the concepts were presented in the lab, workbook, and videos, none of the exploits needed for this test (at least that I know of) came directly from them. The OSCP certification, in my opinion, proves that it’s holder is able to identify vulnerabilities, create and modify exploit code, exploit hosts, and successfully preform tasks on the compromised systems over various operating systems.
One last thing that makes this certification an A+ is it’s emphases on reporting. After completing the PWB class and the OSCP exam a formal penetration testing report must be submitted. My final report was over a hundred pages long (and I was trying to avoid repetition as much as possible). There are many people who know security, there are some who can use that knowledge to take over systems, there are few who can present these finding to both technical and non technical audiences. PWB and OSCP make sure that the tester can report findings effectively to audiences of various technical backgrounds.
If all of this was not convincing enough, I should point out that there is always a wonderful community of OSCPs and other security professionals in the #offsec IRC channel (freenode). There are plenty of people to help, if help is needed (I have seen many people ask for answers, but I have never seen anyone give anything but direction).
If anyone else has taken this class, I would love to see your comments in the comments section below.
i just received my certification recently and agree–it’s a fantastic course! congrats!
Hi!
Can you share some info to make my learning more productive! pls cotanct me in a janis.rubenis@inbox.lv
In this moment I’m an student in these course, but i have extremely limited time
I’m currently taking the course (after having to use an extension due to unforeseen work circumstances) and I’ll agree it’s so far better than any cert I’ve done.
Nice review. I finished mine about the same time you finished your OSCP. I put my review here: http://networkadminsecrets.blogspot.com/2010/12/offensive-security-certified.html
I’m now in OSCE, it is blowing my mind and is equally as rewarding.
Hi,
Congratulations,
After my cissp certification, I’m asking for myself to train to PWB.
I looked on Offensive Security, I didn’t understand very well the time that you can spend on the security labs ?
When you subscribe for example 30H, how does it works:
Does it the time that you spend really on the labs ?
Or, Could you only to connect to the labs until a certain date ?
Hey,
The PWB class is a lot of fun. I would highly recommend it. When you subscribe for the 30 Days option, you will get VPN access to the labs. The time starts when you receive your access credentials (usually at the start of the class). You will continue to have access for the next 30 Days (or however long you registered for). Once the time is up your credentials will no longer give you access to the lab.
I hope that answers the question….let me know if you have any more.
-kno
would you recommend this course to someone new to linux and security?
This is a great course, however it is challenging. Even if you are new to Linux and to security, I would encourage you to take the class. I would also encourage you to plan on spending a lot of time in the lab. Even if you don’t make it through the OSCP Cert, the PWB class is still worth the cost and the lab is a great way to get experience with both linux and penetration testing concepts. Feel free to post any more questions here.
Good luck!
Hi,
I want to do the course.
Can you please tell me the prerequisite things for this course.
Regards,
Manish
Thanks for your review.
I have basic knowledge in Ethical Hacking and Linux. Also, i am very good in programming(c,java,python,php,…).
I planned to do the OSCP cert..
This course is killing me. I’m into it for almost two grand now and have only penetrated 8 lab machines. There is no help to be had from the IRC channel other than “try harder hahahahahahaha.” Questions posted on the forum are generally ignored.
Have you actually tried trying harder yet?
Shoot me an email at morr.drew |at| gmail.com and I’d be happy to give you some direction.
Thanks for this article plus the several others that I’ve read through your site. Have you ever considered about being a guest contributor. My tiny website could surely use a person with your qualifications to post every now and then. You truly know your stuff.
Guys can any1 temme whether Penetration testing with backtrack course is the material for Offensive Certified Security Professional?
PWB (pentest with Backtrack) is the basic course from offensive security. The point where you have to start.
Is a very good course, because they teach you how to think about problems and not simply how to use tools. I have really tried harder, and now i’m a better people (and also a better pentester….)
Trenton! congrats on OSCP, I am also planning to go for OSCP. I already know C, C++. presently learning Linux, Python. Well, before going for OSCP I dont want to leave any scope for struggle during course. Neither I can afford to just waste the course fee. Any other thing you could suggest me!!! Can you provide me some material on BackTrack? Will be thankful…
Hello , I also want to do OSCP, I think in India there is hardly a center giving training on the exam. So i have a query that at which place the exam is scheduled like on prometric Or VUE ???????
you have written that we will get 24 hours access to lab but where at home?
Hey i wanted to ask that i m not that good in programming so is their any need to be good in the programing that much????????
Sumit: The exam is done at your place of choosing. It is not written, it is a practical exam in which you are expected to break into several machines within a 24 hour period. You then submit a report with your findings and methods. Everything you need to know is at offensive-security.com
I have about 1 month working in the laboratory and following the course of PWBv3 and for me, I have to balance work and studies, has been exhausting, but also recommend it, but not to everyone because you need intermediate or advanced knowledge on computer security and programming, both are required throughout the course, unless you intend to take the course and have no certification, in this case, it seems perfect, but certainly not easy and you need to some very good background.
Hi,
I want to pass the exam OCSP and I see that it cost about $ 4000, do you think it is a good investment?
And for those who already have the OSCP certification is that this certification will help in your career?
Thunk you
How much is the cost of PWB class+OSCP certification in India?
what is the best working environment? backtrack as host OS and windows as guest or vice-versa?
thanks a lot
Luc