The “Offensive Security Certified Professional” is a unique penetration testing certification offered by the company “Offensive Security”. After registering the students will receive course materials and a VPN connection to a huge lab with many vulnerable servers. Everything has to be learned autodidactically using the course materials and the Internet. The grand finale of this certification is the 24-hours exam where the students have to proof that they have the knowledge and the routine to penetrate systems in a quite short amount of time.
I tried to complete the course and the lab in two months and I really did all the exercises and studied the complete materials. Even if I was experienced before, I learned a lot. To hack the different servers in the lab was so much fun, but also kind of exhausting. I was so excited and full with ideas in my mind, that I had some troubles with sleeping. Due to private life, I had not so much time for studying. That’s why it took me one month for the course materials and exercises. After that I just had another month for the lab. There is am IRC channel at Freenode and a forum. Both can be very helpful for the lab. My recommendation for people who want to earn the extra points that you can get by reporting the lab: start writing the report immediately when the lab starts. It takes much time to write the report and the exercises.
The exam wasn’t as hard as I expected. Although it could get very difficult if you get stuck with something. In the end it is a creative process with all it’s traps. I was very lucky with some things and found them quickly. After 8 hours I had most of the points and at the end I completed all exercises. The exam report is a lot of work. It took me a while and I regretted that I didn’t start writing immediately after the exam was over. I really really recommend to document as detailed as possible during the exam.
I want to thank the “Offensive Security”-team for this amazing experience.