I started with the PWK course to go for my OSCP. This series documents my progress. I hope to give some insight into brutal proces and examn that goes into obtaining the coveted certificate.
At the end of the week I am almost through the reading materials, videos and exercises. The only real thing left to do is the Metasploit chapter. I watched the videos, but still have to do the exercises. This week I learned a lot:
- Linux Buffer Overflow
- Existing Exploits
- Privilege Escalation
- Client side attacks
- Web Application Attacks
- Password Attacks
- Port fun
- Metasploit Framework
- Simulated Pentest
As before, I will not go into details of each topic, as that is against Offensive Security policy.
I was already quite familiar with a large group of these topics, so they went by quite fast. If you have no background you will probably spent a lot of extra time on the topics. Most of the time was spent on the web application attacks as there were some attack vectors in it that I did not fully understand. Spending time to understand the topic is a large part of the courseware.
Some exercises also depend on performing them in the PWK Lab environment. I added a TODO marker for those and will revisit them lateron when I find suitable targets for them.
In week 2 I spent 754 minutes on the course, which is about 12 and a half hours. I actually spent a sunday evening and skipped the wednesday evening (valentines day). Here is the distribution of time over the syllabus topics: