OSCP – Alone in the dark

It took me a while to think of a title for this post, normally I would tell you how awesome the course and how much I’ve learned over the last 3 weeks but then I decided to try something different.

Yes I have learnt lots but this isn’t about the technical side of the course I wanted to talk about the psychological side of the OSCP, after all the purpose of these posts was to allow people to get a better idea of what to expect without giving away too much detail.

The OSCP is a technical hands on course, you know that when you sign up (and if you don’t, well you need to google more). What you might not know until you start the course is how you will deal with the course, not in terms of learning the technical content (which is vast and complex at times) but more in terms of dealing with the isolation that this course brings with it.

What that you say? I’m not casting the OSCP in a very good light? Well let me explain.

When you sign up for the course you get access to a forum and can make use of an IRC channel, on average there are over 130 people logged into IRC at a time and this channel is where you can ask the admins for help or just make general chit-chat with other students.

What you can’t do is ask other people directly for help or discuss tactics and techniques for gaining root on boxes, in fact most of the time the IRC channel is quiet, other than people asking to speak to admins the level of conversation is low.

If you are new to this type of learning or the course material, it’s a natural desire to ask other people questions, imagine you are in a class room based training course, the instructor is there to answer questions, you have all the labs provided with clear instructions and the course material is complete and detailed (in some cases). With the OSCP course you get very good videos (with notes) a large lab to play with, that only comes with some restrictions and the rest is down to you (and google).

I know, I know, the course was designed this way to push you out of your comfort zone, which is fine with me like I said I’m really enjoying the course but there are times when you might encounter some of these;

Doubt – You doubt your ability to deal with the technical content, you doubt yourself when it comes to gaining access to all the boxes, you doubt that the method and techniques you are using are the “right” ones and you doubt yourself that you will be able to pass the exam.

Fear – Well a little fear is a good thing, its character building, but if like me you’ve never done anything like this before then the fear of failure does creep into your mind on more than one occasion.

Joy – You wouldn’t be doing this course if you didn’t enjoy the content, and there isn’t anything better than getting root on a box, especially if you’ve had to work for it.

Obsession – This course does take over a large part of your life, even when I’m not working in the labs my mind still plays through different attack vectors and a whole range of “what if” scenario’s. “What if I use this technique”, “What if I missed something on that box”.

So lets put it into some context, in the IRC channel someone posts something like this:

Anonymous: I’ve spent xx hours trying to get box xx (names have been changed to protect the innocent)

So I check my notes and box xx took me 5 minutes to get root, I knew exactly which technique and exploit to use and didn’t find it a problem… Oh wait, did I do it right? What did I miss? Maybe it wasn’t suppose to be that easy? So even though you get root, doubt can crop up about HOW you got root and if you did it right, after all there are no measures to determine the right and wrong way and you have no one to ask.

Here’s another example:

Anonymous: I’ve only got 2 boxes left in the lab to get

Your first thought is (well mine anyway) “GIT!!!!”.. Not in a bad way (honest) but if you have more than 2 boxes left, hearing about other people’s success can play on your mind especially if you are struggling in places. Then the doubt and fear can start-up again, but remember you don’t know how long people have been in the labs, some people have been on and off for over a year, some are professional pen testers, some are just natural hackers and some like me are just starting off.

I’ve gone a week without getting root on a box, then I get 3 in a weekend and then it’s back to struggling. I’ve doubted my abilities on more than one occasion and I worry about not being ready to take the exam. I’ve banged my head on the desk when I can’t get something to work and then slapped myself (not physically) when I’ve realised MY mistake.

My point? I might fail, I might not, I may never learn everything I need but then again I might. Regardless of everything I am loving this course, and the content and the challenge which is the important part. Don’t be afraid of the isolation, just learn to work with it and embrace it as part of the whole learning experience.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s