This was one of the hardest, and most rewarding things I’ve ever done both academically and professionally. Offensive Security is not for the faint of heart and requires a lot of self discipline, perseverance. I highly recommend it if you’re interested in penetration testing or would like to understand how the bad guys think. With Offensive Security, you can begin to understand how to protect your network.
If you are wondering if the OSC Offensive Security is for you, let me give you a little of my background. I’ve been in network/systems administration for about 5 years. I have in depth knowledge of protocols/routing/switching/enterprise applications and TCP/IP in general. My Windows skills are advanced but my Linux skills going into the course were weak. I run Linux at home and have had some exposure to different flavors but by no means, was I an expert in Linux. I am a terrible programmer, but can understand some C and enough scripting languages to get by. You need to bring all these skills and more to the Offensive Security course because you will not be taught these things – and you will be expected to use them while you are hacking the lab and practicing the new concepts.
I have always been interested in Offensive Security but, I wasn’t very well versed in any of the popular open source security tools. This isn’t a necessity because you will become a whiz at them as you work the course. Offensive Security can be taught live or online. I chose the online portion and was given a set of videos and a 300 page lab guide. The videos are incredibly useful and extremely well put together. The lab guide is equally as useful. I will continue to reference both of these resources in the future. These two guides are simply that, they teach you the concepts but you really have to teach yourself how to apply them. You need to be able creatively think about applications, networks and protocols to understand how to apply the concepts you have learned.
This is where the perseverance and hard work comes in. No one is going to show you what to do in the labs, the administrators are not helpful and the IRC channel is full of people who just brag or talk about other things not related to the Offensive Security. Do not assume you will receive outside help when you get stuck. I believe this was done by design, it teaches you to be self sufficient and resourceful. The idea is that if you cannot help yourself you won’t ever be good at this. There are options for help; you just have to find them. There were many times where I would hit a wall, thought I couldn’t penetrate any more servers and thought I hit my technical abilities but stepping away or reading additional resources would often help.
The lab consists of numerous hosts that are also connected to other networks. There are very easy servers and very difficult servers. As you start to penetrate these networks you run into fun things like fake bank databases, usernames/passwords and often the Offensive Security guys taunting you through funny website graphics or smiley faces. These “nuggets” made it fun to work the labs.
They sell the course in blocks of time. I highly, highly recommend getting at LEAST 60 days in the lab. The progress I made throughout the process was a roller coaster. I would go a week without any progress and then get on a hot streak and nail 5 servers in a night. Looking back, my knowledge at 30 days was not even half of what I ended up learning after the 75 days (I bought an additional 15 days).
You are required to pass the “exam challenge” to obtain your certification. The exam is a new lab that you have never seen before and you have 24 hours to exploit the servers in that lab. My test started at 7am and I finished about 14 hours later. You have to submit all your documentation to them within 24 hours of the end of your exam. I read horror stories about this exam, people taking all 24 hours to complete the exam, others taking the exam 3 and 4 times. I believe with my additional lab time, I was better tuned to take the exam. I put an incredible amount of time into this, probably an additional 30-40 hours a week in addition to my full time job. Offensive Security wasn’t like work though, it was extremely fun.
I am also taking this course, as i have wanted to get into the security field / penetration testing. I have read many security/hardening/hacking books, taken courses, even obtained the Ethical Hacker Certification. But this course is just plain balls-to-the-wall, get out and do it. I have never been so addicted to compromising a server, and learning how to do it, as well as stopping OTHERS from doing it. I have yet to take the Challenge, but with what i have learned from the past three months of training, the on-line labs, the IRC chat sessions, and just plain old fashioned research is just invaluable. The guys that put on the training are always available to ask questions, and they dont come out and give the answers, either. They steer you toward your objective, making you do the dirty work, but after you have successfully accomplished your goal, the satisfaction of knowing how you did it, and being able to replicate it, is most satisfying.
I’m not quite sure how to say this; you made it exrtmeely easy for me!
This is the exact info i’m looking for, thanks! Arron
I want to send you an award for most hlepufl internet writer.