As I was studying on my own time, I initially went for 90 days to have more than enough time to finish the course while doing it besides my normal work. I would wager that if you would do the course full time, you could do it in about 2-4 weeks, depending on your background.
0x01 Course material & labs
Course labs are very similar to OSCE labs. There are few servers running vulnerable applications and you have to re-create the exploitations against those servers and of course, you have full access to the lab servers to debug. The course documentation supplements the videos and vice versa. Overall, the materials are well done and they work great. I would have liked if there were more information about methodologies used for searching vulnerabilities from the code and some keywords for each programming language. But then again, a lot of stuff would be missed if there were straight answers to all the questions. As usual with Offensive Security courses, you should do some research on the topics covered in the course to get most out of it (not necessary, but I highly suggest to read and watch all referenced materials).
The most useful tools used in the course are (not in any ordered list):
- Burp Suite
I highly suggest to do all extra mile exercises and get very familiar with the tools used in the course.
0x02 The Exam
As always, not much can be said about the exam, but…Exam time is 47 hours 45 minutes and after the exam, there is 24 hour time frame, in which you have to submit the report back to Offensive Security. The exam is proctored and you have to have the webcam running and share the hosts screen to Offensive Security all the time you’re doing the exam. Before you start your exam, you will get a link to exam guide, I suggest to get familiar with it and check the suggested documentation templates, because they will tell what you need to put into your report. This also tells something about what you need to document about the exam. So it is better to get familiar with that guide and documentation templates so you have everything ready when starting to do the report. Try to avoid being sucked into the rabbit hole…
While doing the exam, I made a small break after every hour (about). And sometimes I took 1 – 2 hour breaks as well, took our dog (Hades) out for a walk, and slept for ~6 hours. I noticed that the breaks really did help and I got more ideas and didn’t get stuck while taking more breaks than in any other Offensive Security exams I have taken.
0x03 Tips and tricks:
- Try to develop a methodology, that fits for you, to go through vast amounts of code.
- Enable all debug logging e.g. to application and database(s).
- If possible, add your own debug messages to applications.
- Learn language specific dangerous functions and search for them.
- Learn to use the tools used in the course exercises.
- If stuck, take a break and re-check what you’re doing.
- Run programs manually to view console log.
- Take breaks and sleep properly.
- Follow logs with e.g. tail -f bla.log.