OSCP certification is difficult

Becoming a hacker: a field report # roadto1337

The last few days couldn't be more clichéd:

holed up in a room, hardly any personal contact. No light (Naturally), and forget more than once that my body actually needs food too.

The new season of Game of Thrones is awesome.

Fun.

I retired to start my next big thing: my OSCP (offensive security certified professional) Certification.

And I can only say:

Woah. The shit is real.

I am currently at 200 of 400 pages I have worked through. And these are just the basics of the basics for now.

Here is a personal report of my “road to 1337”, what I was able to learn so far.

1337 comes from the hacking / gaming jargon and means something like “elite”. Now you know why I am happy every day at 1:37 p.m.

1. I know that I don't know anything

After graduating from HTL with honors (#humblebrag), I felt like royalty. Then came the proverbial slap in the face:

In “the real world” things are different.

I didn't make this mistake this time: the ego is the enemyas it is called every now and then.

Nevertheless, the realization came: the topic is even bigger than expected.

On the other hand:

2. Somehow, hacking is like a computer game

So from the feeling.

  • One gets into one every time completely new situation thrown and must first find your way.
  • In Assassin's Creed I always tried that first uncover the entire world map and complete all side quests. I climbed tower by tower to get an overall picture. I think this tick will be very helpful here.
    It's similar with hacking. First it is explored: Which computers are there? What's going on on them? What are the low-hanging fruits?
  • There are computers that are like boss. In reviews of this certification I got from a server called Sufferance (“Duldung”), which is extremely difficult to crack. I'm afraid of that, I have to admit.

3. It feels really good to have administrator rights on a computer

So far I have exactly one (1) Exploit (an “attack” with which one becomes admin on another PC) programmed and carried out by oneself.

And even then there was still little work on my part - everything according to the textbook.

Yet:

The adrenaline rush when you have full access to a computer that isn't your own. Indescribable.

If that doesn't end in a god complex. 😅

4. Hacking is like life itself

Of course, the ideal situation is always to have all the information and to be able to make decisions based on it.

Just:

It doesn't matter. Not always.

It is better to learn to make good decisions with incomplete information than to wait forever for the “now I'm really ready” moment.

So - before it gets too deep:

Conclusion

I can still talk big, but somehow I have the feeling that this is just that calm before the storm.

I'm curious to see how long it will take me to write a “WTF, I've just wasted 80 hours of my life hacking a computer” blog post. Because there is no question that he will come.

Then I disappear again into oblivion. See you on the other side.