Well, I’m coming to the end of my lab time. Ten more days to go. So this post will be both a rant and also a sort of review on my experience so far.
Well to not spoil something I will use another methaphor. Lets talk about diving 😉
There are several ways to make your diving license. You could join the seals or just make a 2 day course in some holiday resort. While one of the both options will teach you maybe something more, about the limits of diving, dry suits, diving in limited visibility and technical diving and how to use re-breather and the other gets you just under water. But both will get you into diving.
Most tech certs I did were in the holiday pool category. Just do some courses in the path to MSCE with a major provider. It will be a week of powerpoint warfare and after that you get a multiple choice test and you are a pro diver .. ehhh Microsoft expert.
On the other hand I did some quality courses with hpm (if you ever need a german forensics course http://www.4n6.de/ ). While it was just about some tools, these courses were on the spot and just around the tools with a lot of examples and practice.
Like when I did my dry suit brevet. I trained with my dry diving suit and got a lot of theories about dry suit diving. Deep diving course ? A lot about the effects on pressure on your brain (hint not to positive). A lot about funny ways to die with funky stuff in your pressure bottles etc etc. And of course a lot of practice. And after that I got the tools and knowledge to dive deeper then most recreational scuba divers. And the insight that a lot of nice wrecks and diving spots are in a spot where I gladly would stay in the safe zones.
If you look into diving forums everybody will give you tips (okay if you honest some are just better ways to die) and banter with you.
How does the oscp course compare to diving ?
Well imagine you sign up for a diving course. You are flown to one of the most beautiful diving spots in the world. Nice hotel, in the middle of the reefs. On the first day you are shown the facility, all the best diving gear of the world. You name the brand, they have it. Sounds cool or ?
Well only problem. They show you how to use some parts of the gear (not enough for a proper training) and then say : “Well her you go, enjoy”.
In my two months in the labs, I ENJOYED THE LABS, but if I’m honest I learned about that amount of stuff a good course would cover in a week. It could be a better experience with a little bit more guidance for the beginning of the labs.
Right now you just have a bunch of exercises with you personal vm, then you are in the wild. So basically going from the hotel pool into a seal course, where the instructor just dumps some guns and equipment in front of you and just says “see you in two months for you final exercise”.
This is actually not the problem of offensive security. It is a general problem of the it security branch. Just have a look at these two essays: https://danielmiessler.com/blog/fixing-the-culture-of-infosec-presentations/ & http://grugq.github.io/blog/2014/05/11/the-episode-17/
Here we have the wiki page on the scuba training: https://en.wikipedia.org/wiki/Recreational_diver_training
A wiki page on pentesting training or on digital forensic training ? NOPE .. sorry .. it is still in the magic phase ….
How could you make the oscp course better ?? Well just imagine that in the course material would focus more on methodology .. and you would have a kiddie pool. So lets say 10 hosts or so where each vector etc is described in the course material. And how to get to the attack vector from your recon output. Then a section with “good” exploits of the last years, and WHY they are good exploits from a pentester perspective.
Right now I will go to the certification test, knowing that I will fail without luck. After that I will do 1-2 months of vul hubs and redefining my tool chains, pre compiling exploits etc. And after that round 2 of lab time.
Because if you have pentesting experience you will love the lab, but if you are from the it security management side, with the last pentesting experience a while back. Well you will get a better mileage out of a good book first.