One of the most frequently asked questions in the field of cybersecurity and especially in the practice of penetration testing by specialized agents is: what does obtaining the OSCP certification mean for your professional profile, therefore, in today's article we come to solve all your doubts about this topic and above all, the qualitative leap that an organization achieves by having professionals with this certificate.
What is OSCP Certification?
The Offensive Security Professional Certification (OSCP) is one of the main certifications in the field of cybersecurity in Ethical Hacking issued by Offensive Security. This title recognizes the evidence of skills of those professionals who have successfully passed different tests and penetration examination methodologies using specific tools in this area, including the BackTrack penetration exam, as well as the Kali Linux distribution method.
What do these tests consist of?
The tests that the candidates will have to pass require them to successfully attack and penetrate several machines in a "secure" environment in a controlled manner during a 24-hour laboratory exam that will test their understanding of the subject.
The Penetration Testing with Kali Linux (PWK-PEN-200) course is composed of five test machines that aim to prepare the candidate not only in a practical way, but also in the mindset required to become a specialized penetration testing professional.
What should the candidate's profile be like?
First of all, we must comment that this is a certification with a high degree of difficulty, in which it is necessary that the candidates have extensive experience working with Linux and Windows operating systems in addition to knowing their security guidelines, it is also required that the candidate has some knowledge about handling and processing of databases such as "exploit.db", knowledge of compiling binaries for Linux and of course have a training base on the main web vulnerabilities.
However, the preparation course allows to work in a practical way all the above mentioned aspects by means of its laboratories where more than 50 computers are available to work on the practice of attacks against websites, infrastructures, pivoting...etc.
How can you obtain the OSCP certification?
Once we know the technical aspects that define the candidate's profile, we can say that the preparation for the OSCP Certification can be done through a self-paced course, which covers several common attack vectors that are commonly used during penetration testing and audits using the PWK (Pentesting With Kali) distribution method mentioned above.
This training can be conducted either in-person or online. Both options will include a package of audiovisual material and practical lab exercises that simulate real-life situations. [You can learn more about the course here].
These labs, which usually simulate a corporate network, are composed of a series of machines that the trainee must try to breach by applying different techniques to exploit them, often emphasizing the data relationship between them.
Benefits of OSCP certification
Of course, having professionals within your organization who have this certificate includes an additional value to your corporate know-how, not to mention the guarantees acquired in terms of cybersecurity, however these are some of the direct benefits you can get:
- International recognition in security matters
- Expertise in pentesting and vulnerability exploitation processes.
- Understanding of vulnerabilities in different systems and protocols.
- Strengthening of your service portfolio
- Business continuity
How is the OSCP exam structured?
Duration and requirements
The exam lasts 23 hours and 45 minutes, and once finished, you have an additional 24 hours to upload the final documentation. During that time, it is essential to complete all tasks and submit a detailed report explaining both the objectives achieved and the technical process followed to accomplish them.
Proctoring only takes place during the first 24 hours, during the technical phase of the exam.
Machine structure
The OSCP Certification exam is composed of several machines that you need to compromise to earn points. The organization of the exam is as follows:
Independent machines:
Three autonomous machines are presented, totaling 60 points. Each is evaluated in two phases: initial access, worth 10 points, and privilege escalation, which also provides 10 points. You can only add the maximum of 20 points per machine if you gain full control of each one.
Active Directory (AD) environment:
This environment consists of three machines where you only have a username and password to attack the Active Directory environment.
- Machine #1 is worth 10 points.
- Machine #2 is worth 10 points.
- Machine #3 is worth 20 points.
Requirements to pass
To be considered successful, you must score at least 70 points in total. This can be achieved in different ways, for example:
- Getting 40 points in the Active Directory environment and finding all 3 initial flags on the independent machines.
- Or, earning 40 points in AD, plus 2 initial flags and 1 privilege escalation on the independent machines.
-
We can help your organization protect against cyber threats
At Intelequia we are OSCP certified in security. We have a team of experts with the highest recognitions and certifications in cybersecurity to provide you with support to ensure the continuity of your business in the event of any security breach or cyber attack.
If you want more information do not hesitate to contact us, our agents will be happy to solve your query in a personalized way.