In my never ending quest for IT security excellence I’ve decided to enroll in the Offensive Security Penetration Testing With Backtrack version 3 (PWB3) course, offered by Offensive-Security. The course, formerly known as OSCP 101, has turned out to be quite a different animal than other security coursescertification tracks I have taken in the past. I opted to take the online version, which fits my learning style (and family life!). I am one week into the course and already think it’s one of the finest security training events I’ve gotten to be a part of so far. Before enrolling I did some searching to find reviews and opinions of different course participants, and while I did find several, they were few and far between. I’ve decided to write about my experiences to date, and to provide updates periodically up until the point I take the final exam. Speaking of the exam, did I mention it’s a 100% hands on exercise, wherein exam participants must compromise unknown machines to pass it? I don’t think any type of exam cram method will help folks out on this one! You either know how to perform a pen test, or you fail, simple as that.
I did some reading and found several great write up from folks who have taken the course, but I wanted to throw my hat in the ring of reviewers as well. I would definitely read these other posts, to get different points of views on the PWB3 course. You can find one here
Once enrolled you get vpn access to the offsec lab environment, flash video files for the couse and pdf lab guide, as well as a dedicated XP vm in the lab network.
One of the neatest things I’ve come to discover while taking this course is that the initial modules, which at first glance I was tempted to skip, provided value to me! I’ve been using backtrack for several years, and while my Linux skills may not equate me to an Uber Linux Ninja I am fairly capable of using the Linux command line and bash scripting. I forced myself early on not to skip any modules and to watch all of the videos AND read the corresponding sections in the lab guide. I was pleasantly surprised when shortcuts to the ways I’d been doing things were shown, or different tricks to manipulating text were displayed. I have thoroughly enjoyed the different lab exercises to this point, and have begun getting into the nitty gritty of buffer overflows and shellcode.
One area that has particularly fascinated me has been the use of search engines (specifically Google) in penetration testinginformation gathering. I’ve known about Johny Long’s Google Hacking Database for several years now, but to see it used in practical examples was excellent. Using Google to find actual vulnerable web servers was cool (also dangerous), but the simple data gathering techniques shown were very eye opening. To see, and use, some of the different tricks like using Google search operators to scour the Inter-webs to find juicy bits of data has really been excellent. I’ve known and used some of these techniques in the past, but some of the operators or search methods were new to me. In one instance I discovered a PDF document that’s footer read “Data contained within this document is confidential and proprietary”. Yikes! I contacted the company that was hosting the data and it disappeared the next day.
It really is amazing the types of things you can find out about people and organizations without doing any “hacking” per se, but just intuitively searching Google. I highly suggest folks try searching for their own names or originations and see what comes up, you might be surprised!
This course takes you through a penetration test, from alpha to zeta, and adds value throughout. I can’t speak more highly of it… well, scratch that. If I pass the final exam THEN I’ll not be able to speak higher… I’ll update you on my progress in a week or so.
4 thoughts on “Offensive Security Penetration Testing With Backtrack (PWB3)”
Hi Nick, I’d like to talk about this course. I’m trying to get the certificate but I’m having troubles.
There’s not much I can say to help you with the course. Not only due to the NDA, but because this course is about you learning things on your own. The usually Offsec mantra of “Try Harder!” can be frustrating at times, but it’s also true. There were plenty of times where I thought to myself “I have no more ideas, I can’t figure this out!”. But then, after reviewing the Offsec forums, researching and thinking about the problem from a different angle I would have an “AH HA” moment and be right as rain. Don’t get stuck thinking only about one attack vector or on one machine. Review the lab PDF and videos more, research on the Internet and review the Offsec forums. Remember that most of the machines have multiple avenues in. I’m going back to machines that I previously compromised and looking for those other avenues right now, and I’m discovering a lot. Good luck!
I am considering taking this course. Can you please recommend how I should decide on the amount of days for lab access? 30, 60, or 90?
If you are trying to save money would 30 days lab option be suitable, and some extra effort in setting up your own VM lab environment?
There are vulnerable OS VM images you can download which should also simply the process.
I had the same debate with myself when deciding to take the course. I opted for the 60 days of lab access and I’m very glad I did (I actually bought 15 extra days at the end of my lab time!). The answer for you really depends on your learning style and how you tackle the course, but I have heard that most folks use every bit of the 60 days. For me, the reason was that for the first 3-4 weeks I was going through the course material (PDF and videos). For the enumeration modules you do use the lab space, but for the most part you practice a lot of techniques without having to focus on lab machines (other than your XP lab box). I didn’t want to start attacking lab machines until I had completed all of the course modules. My thought process was “what if the course teaches me a method to exploit machines that I could be using?” If I didn’t know that method I’d be spinning wheels trying to exploit machines without having the tools or knowledge to do so. For me, the first 15-20 days of my lab times was used up before I really started using the lab to its fullest extent. I watched all of the videos and read through PDF, completed all of the exercises (and tried to get all of the extra credit ones too!). Your lab time begins the moment your course does, so remember that. However, if you can spend a lot of time upfront on the course and get into the lab pretty quickly, and you can dedicate many hours then 30 may suite your needs. My job as well as family required some of my attention so I had to spread the course out over a longer period of time. Also, I got addicted to the labs! Once you get started you can burn hours in them and it feels like minutes. Setting up your own VM environment is a good idea, and I have also done that. But, this course does not just teach you how to scan for vulnerable services and exploit them. It’s got a lot of depth and there’s something special about trying to get into a box you have no prior knowledge about. If you setup your lab you’ll have an in depth knowledge of the machines’ weaknesses. This is good for practice on exploiting services but the Offsec lab is so much more useful to learn about penetration testing. I really enjoyed the lab time, even when it was frustrating because once you start making headway it’s that much more rewarding. I haven’t sat the exam yet, just scheduled it actually. Pretty excited about it. Ironically I added 15 days of lab time when I had 2 days of lab time left. My goal was to get into the final network and got into the next day. But I’m using this time (11 days left) to continue practicing and I’m discovering things that I missed. I hope you opt to take the course. I think everyone interested in IT security (for careers or otherwise) should. Good luck!