It’s probably ironic considering one of my earlier blog posts is titled “Infosec is more than pentesting”, but I’ve decided to try my hand at the Offensive Security PWK course and OSCP certification.
I haven’t published a blog post in nearly a year, and a lot has changed since then. The biggest change came last September when I left my employer of over 12 years to start a new job in the government sector. It was hard to leave, but I felt like I’d exhausted my room for growth and was in a stagnant place. I had built some great relationships with co-workers there, but it was time to move on.
I’m now in an information assurance-slash-risk management role, and while the work is interesting it’s not all that technical most of the time. So, to keep myself sharp I decided to challenge myself with the PWK course and OSCP exam.
On Your Mark…
I’ve read many people’s OSCP stories over the years and had become pretty intimidated by it, to be honest. Then earlier this month I had lunch with a coworker who was already enrolled in the course, and we were talking about the syllabus. This is when I realized that I should probably just dig in and try it.
I have well over a decade of experience with Linux and TCP/IP networking, and am comfortable with simple scripts and at least reading through Bash and Python code. I’m less comfortable with the Windows command line, but my glaring weakness is my inexperience with buffer overflow and crafting exploits. I feel like this gives me clear direction on what to familiarize myself with before my lab time begins next month.
I registered for the course this weekend and have a start date of March 16. In the mean time I plan to go through Georgia Weidman’s book on penetration testing and review the videos and other content recommended in this blog post.
I hope to keep track of my experience here via more regular posts. Reach out to me on Twitter if you’d like to talk more about the OSCP or Infosec in general.