The cybersecurity industry has been growing rapidly in recent years, and with this growth, cyber security-related certifications are also gaining attention as an advantageous qualification to have for changing jobs in Japan. The most common cybersecurity-related certification in Japan is the "Registered Information Security Specialist Examination," but because it is relatively easy to obtain, many people who are responsible for the technical aspects of the cybersecurity industry, such as pen testers, have this certification. However, resources for OSCP certification in Japanese are still limited in terms of information and preparation methods. As such, many struggle to find a way to prepare for it.
In this article, we will provide basic information about OSCP and detailed tips on how to prepare for it.
What is OSCP? What does this certification consist of?
OSCP is a certification for penetration testing developed and administered by Offensive Security, and this certification allows you to prove your technical skills in penetration testing where you successfully attack and penetrate various live machines in a safe lab environment.
One of the most important features of this exam is that it is a practical-only examination method in which the candidate actually executes and penetrates a vulnerability exploit on a target system.
Features of the OSCP certification:
- Only practical skills are required
- The exam duration is approximately 48 hours, with the first 23 hours and 45 minutes spent attacking the test servers (basically 5 hosts), and the remaining 24 hours spent writing up the results of the attacks in PDF format
- The exam can be taken online (PC screen sharing and webcam monitoring will be used during the exam)
- The exam is administered entirely in English, and a score of 85 or higher on the 100-point scale is required to pass the exam
- The fee depends on the rental period of the practice server (you can choose from 1 to 3 months), it is recommended to register for 2 months or more for first-timers
Pre-requisite for OSCP certification:
There are no specific qualifications to take an OSCP certification, but the following requirements should be met prior to the exam to help you prepare for it:
- Knowledge that is at least equivalent to that of a Certified Information Security Professional
- Basic security knowledge as OSCP is a practical examination
- A minimum of about 200 hours of study time. As mentioned above, the exam will give you a huge amount of assignments with a time limit of about 48 hours. As such, you will need at least 200 hours of study time to cover all the necessary knowledge and practice to prepare for the real exam.
- Programming skills as OSCP requires the ability to understand and customise codes published on the Internet. The programming languages covered are diverse, and you will need to be able to understand Java, C, Python, PHP, Ruby, and a handful of other languages.
- Ability to research and verify as the OSCP certification does not have definite answers, and you cannot pass the exam by memorising a textbook. Therefore, you must be able to search for answers on your own and verify them.
- Concentration and perseverance to complete a huge number of tasks in a set time period of 48 hours. In addition, the OSCP has a wide range of attack targets, and the most difficult point is to know where the vulnerabilities are located. Therefore, it requires not only simple technical skills, but also the patience to keep trying new possibilities in the process of enumeration and search to find vulnerabilities.
Recommended study methods to prepare for the OSCP certification
Here are some steps and tips on how to study for the OSCP certification, which can be divided into three main areas: basics with textbooks, practice servers, and assignment reports.
Basics with textbooks
After registering for the OSCP certification, candidates will receive a PDF textbook and access to a practice server. 18 chapters and several hundred pages of the PDF textbook make it an excellent tool for engineers with no limited experience to learn the techniques systematically. There is no need to memorise the content, and keep in mind that what is written is just the foundation and that the exam will require the use of applied techniques that are not described in the PDF. So you might want to give yourself about 50 hours to finish reading all the chapters.
Once you have gone through the textbook, it is time to start working on the practice server. The goal here is to get root privileges on a prepared server, and use the textbook and Google, etc. to enumerate and verify all possibilities. There are about 50-60 practice servers available, and you can start on any of them. But because it is a very time-consuming process, it will take about 5-20 hours per server for a beginner. As a rough guide, you should conquer approximately 10-15 servers before taking the certification.
In the second half of the OSCP certification, you will be required to write an assignment report. This report must include "answers to all of the assignments in the textbook" and "political strategy steps for 10 practice servers” where you will receive up to about 5 points for completing it. The OSCP certification is graded very strictly, so every point counts. More importantly, the assignments themselves are easier than the actual exam, so it is a good idea to start practicing.
OSCP study and preparation flow
The following is an explanation of the OSCP certification preparation flow, divided into "before applying for the certification" and "after applying for the certification (lab environment strategy)”.
Before applying for the OSCP certification
If you are a beginner of pen testing and have limited knowledge about the exploitation of buffer overflow, you need to cover the following points before applying for the certification.
Firstly, it will be good to get familiar with Linux. For example, you need to learn a set of basic Linux commands. If you have time to spare and want to learn Linux commands in a fun way, you can take advantage of online learning platforms in the form of games.
Recommended online games:
If you are still relatively new to programming languages, we also recommend strengthening your knowledge of languages such as python. There are many resources on the web and on YouTube where you can learn the basics of port scanning, web application testing, and more. Learning these basic concepts will give you a broader insight into enumeration, such as how SSH works, how services run on ports, and how sockets work.
Metasploit is one of the most important tools for working as a pen tester. Although the use of Metasploit is limited to only one machine during the OSCP certification, this is a good time to learn more about its usage.
Recommended online tutorials:
A buffer overflow is an anomaly in the operation of a computer programme in which data longer than expected is written into an area (buffer) provided to receive or store certain data, causing the overflow data to illegally rewrite adjacent areas.
Because buffer overflow is used only once in the OSCP certification, many people tend to neglect learning about buffer overflow. However, this often leads to mistakes in the certification. And since this concept is very important not only in the certification but also in actual work, it is a good idea to learn to the extent that you are 100% capable of exploiting buffer overflows on your own before the certification.
Recommended Online Tutorials
After applying for the OSCP certification – via PWK course material
There are two possible ways to proceed with the course material – "first use the course material to learn before jumping into the lab environment”, or "jump into the lab environment and proceed with the course material as needed while attacking the lab machine”.
PWK Course Study Tips
If you have no prior knowledge of penetration testing, it is recommended that you first go through the course materials that you receive.
On the other hand, if you already have some knowledge of penetration testing, you may want to refer to the PWK Labs Learning Path. This is the official lab machine strategy guide published by Offensive Security; 11 of the lab machines have been picked out, and you can see the strategy steps and tips for each machine. While there is no direct way to find out how to solve the lab machines, the Offensive Security forum, accessible only to test takers, allows for discussion among test takers. You may want to take advantage of this to get tips when you are completely stuck.
It is recommended that you practice notetaking during the lab machine invasion; the OSCP certification requires that you record all information for the report writing during the invasion without omission. Specifically, a good and hassle-free way to do this is to record the commands required for the intrusion by copying and pasting the results of each execution and saving them with a screenshot if necessary. Don't forget to back up your notes with a cloud service so you don't lose them.
In addition to the Public Network, you can also use the networks that students can access, such as the IT Department Network, Development Department Network, and Administrator Department Network, as appropriate.
Frequently Asked Questions about OSCP
The following is a list of frequently asked questions and answers about OSCP:
What is the difference between CTF and OSCP?
CTF (Capture The Flag) is a well-known contest for information security skills, but many CTF players may also be interested in OSCP. Both certifications certify the same hacking skills, but there are differences in the direction of the hacking skills tested.
CTF – In CTF, the technical areas tested are divided into genres, so the scope of attack targets is often narrower. Rather than identifying vulnerabilities, CTFs are designed to require an in-depth understanding of the system structure and the ability to write complex exploit code.
OSCP – In OSCP, the technical areas tested are not divided into detailed genres, so the examiners are required to be able to identify vulnerabilities from a large number of candidates. On the other hand, the attack part of the vulnerability can be done simply by utilising attack codes that are available in the market, so it is not necessary to have a deep understanding of the system structure.
In the OSCP certification, where the scope of the attack is much broader, finding out where the vulnerability is located is a very difficult point. Therefore, compared to the CTF, the content of the exam requires more preparedness and perseverance to keep trying in finding vulnerabilities.
Are there any OSCP study courses available in Japanese?
As of May 2022, the only OSCP learning course in Japanese is the "IERAE Academy" offered by IERAE Security, Inc.
Are there any other pen-tester or security-related certifications other than OSCP?
Overseas pen-testing related certifications include the following:
- CEH (Certified Ethical Hacker): An internationally renowned American certification that must be renewed every three years.
- GIAC (Global Information Assurance Certification): An American certification that is domain-specific and relatively expensive.
Many people may feel that the OSCP certification is challenging, not only because of its high level of difficulty, but also because there is little information available in Japanese on how to study for it. However, for those who are new to pen testing, the OSCP certification covers everything from the basics to an advanced level. For those who are experienced, the OSCP certification will enable them to differentiate themselves from those around them, making it a recommended certification for those who are looking to advance their career as a pen tester.
Are you a pen tester or striving to be one?
If you are considering a career change to a pen tester, please feel free to contact us using the form below. Our consultants specialising in the cyber security field will be happy to assist you with no obligation. Alternatively, you can check out our available job openings by clicking on the button below.