

It’s been a while since I became RHCE certified and now almost a year later I’ve decided to undertake the OSCP (Offensive Security Certified Professional) certification. I’ve been motivated to pursue this goal for several reasons.



The principal reason to undertake this certificate as a systems administrator is the huge financial impact that security breaches are having on corporations and the rapid increase in the amount of breaches occurring or being attempted. Although a very difficult number to obtain with any assurance of accuracy, several estimates put the financial loss due to Cybercrime in the USA at around $250B[1][2]. Yes, that’s a quarter of a trillion dollars! A similar amount of money could be spent maintaining a state healthcare policy or fighting wars in the middle east.



Recently I read a comment on a social networking site where an employee described how his employer was dealing iron ore to a Chinese company. The Chinese company infiltrated his/her employers network, compromised their email and discovered the lowest bidding price the employer would accept for the product. Needless to say when the employer discovered this breach ‘heads rolled’ according to the post author.



With such large financial losses occurring how much longer can it be before large businesses take notice and discover they need to take security seriously? How much longer before governments begin to regulate web application security and network security?



What better time to become an info sec professional and what better way than to learn how to protect your data and information than learning how the people who take it, take it.



As I was planning to study something regardless to maintain my relevance in the industry it was just a matter of which area which grabbed my attention the most. Originally my plan was to head down the dev-ops path. I already have skills with Puppet configuration management, Amazon AWS and Python and I have a strong passion for automation so it seemed like the common sense approach. Unfortunately in practice I came to an unfortunate realisation every time I was staring blank at my study material that there are some things which people just don’t find interesting.



On another note when I discovered the article above regarding the large financial losses I wanted to learn more about how to protect a network or web application from unwanted and illegal intruders. I had already studied the incredible (and free to download) NSA’s guidelines for securing Red Hat Linux[3] and several other areas and methodologies required to prevent breaches or minimise their impact. While researching preventative measures I would always wonder to myself the reasons behind the security measures outlined in the material. Eventually this led me to research ethical hacking certifications and it wasn’t long before I discovered the OSCP[4], an offensive penetration test certification.



So now the OSCP has my interest because first of all I’m motivated by the concept and also I feel that it could be a wise career decision for the future. There were other choices though, such as the CEH[5] - Certified Ethical Hacker which is a low level certification consisting of basic theory material to be achieved by a multiple choice exam or alternatively the CISSP[6] Certified Information Systems Security Professional certification which seemed very promising but I was not convinced that it would hold my attention until completion also it appears to be tailored to management roles. Thankfully the OSCP stood out from the crowd. It is a live practical course which features thorough reading material, over 8 hours of video tutorials, live labs for practicing skills and finishes with a 24 hour lab exam in which the student has to compromise enough areas of security to reach the amount of points required to pass. The student is also required to provide a lengthy report of how all labs were compromised leading up to and include the exam. Automated tools are not allowed on the exam (unless you create your own) so a thorough understanding of the processes is required. This is exactly what I was looking for.



The course recommends a custom Kali Linux virtual machine provided by Offensive Security however I’ve elected to install Kali Linux locally as a primary OS because I suspect the extra CPU and RAM resources will reduce the time taken to perform certain repetitive tasks significantly. I’m not a fan of working within virtual GUI environments either and many of the tools require a GUI. As an added bonus there are less distractions to disrupt my studies if my work is being actioned outside of my entertainment environment. Prior to beginning the course I’ve configured the 'Metasploitable 2’ virtual machine, a Linux distribution configured to maintain a multitude of vulnerabilities to be exploited for educational purposes. This is my pre-certification trial lab.



Once again I’ll be updating #!/bin/bash with my experiences and what I have learned, whether it’s useful tips regarding some of the hundreds of tools embedded into Kali Linux or some philosophical thoughts towards obtaining the certification. I won’t provide any information that could compromise the integrity of the certification by prospective students so if you’re looking for a brain-dump then this isn’t the place.



The start date for my course is this Sunday. I have chosen the 60 day course with options being 30, 60 and 90 days. My previous experience within Debian and Redhat environments should give me a nice head start compared to a student lacking this knowledge but from my research into the study requirements of this certifiation I believe I will be a very busy man during the next two months.



[1] http://www.ibtimes.com/americas-top-cyberwarrior-says-cyberattacks-cost-250-billion-year-722559



[2] http://www.mcafee.com/sg/resources/reports/rp-economic-impact-cybercrime.pdf



[3] http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf



[4] http://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/



[5] http://www.eccouncil.org/Certification/certified-ethical-hacker



[6] https://www.isc2.org/CISSP/Default.aspx



