Monday, January 19, 2015

PWK - Penetration Testing with Kali Linux (Class Begins)

For several years now I have been intrigued with the idea of penetration testing and computer security.  In my pursuits I came accrues a Linux distribution called "Backtrack".  This has recently be renamed to "Kali", but the premise is still the same.  Kali is supported by a group called "Offensive Securities" who specializes in Penetration Testing (Ethical hacking), and training.  If you do a Google search on top IT certifications you will likely find the OSCP (offensive securities certified professional) listed among the top ten.

I finally took the plunge and began my journey with OSCP and so far I have been extremely impressed with the program.  Currently I am on day 5 of 60 and am already wishing I would have signed up for the 90 day course rather than the 60 day.  I probably will not post again on this topic until I have finished the course and with any luck and lots of time passed the final exam which is 24 hours long!!!!

Don't expect any hints or direction from me here except some details on my experience.  I have worked in IT for around 10 years and have a good understanding of Linux, Windows and Mac.  I have a good understanding of TCP/IP and networking protocols with are beneficial in this course.  Finally I have limited knowledge of python, fair knowledge of BASH scripting and exceptional understanding of PHP scripting.  I say all this because so anyone looking to follow this course can gage themselves somewhat against me.

Since the course began five days ago I have spent nearly 8 hours a day studying the material.  There is a lot of new concepts and a huge PDF.  Let me recommend from the start of the course to PRINT your PDF file.  I spent the first few days working with it digitally on the computer and that is simply not the best way to approach this course.  I recommend getting a three ring binder with tabs and get ready to spend LOTS of time on the material.  So far what I have found most helpful is actually going through the book several times.  I start by watching the videos associated with the chapters and then go through the chapters practicing what I have learned.   After about four chapters I go back and start over and complete the homework and required documentation for those sections.  This allows me to practice the material and then essentially come back for a refresher and practical application of the material.  Along the way, I have played with some of the lab machines and have actually gained root access on one of them, but it is not my primary objective starting out.

I find lots of people online asking if they should do the 30, 60, or 90 day course.  Even though I am not far in the program let me suggest NOT to do the 30 day course.  It is simply not enough time unless you have been through this type of thing before and have extensive knowledge in penetration testing.  I will be able to comment on the 60 and 90 day option after I finish the program but I know most people don't have 6-8 hours in a day to spend learning the material and you will need that time especially if you are new to this like me.  The most basic google search on this certification reveals people who address the fact that you better have understanding family members before attempting this.  I would have to agree!  It is time consuming and worth while.

Again this is only my initial reactions to the program and will provide a more thorough review upon completion.  Until them feel free to post question, but understand I will not answer anything that could compromise the program or details that offensive securities prohibits me from sharing.  Taking this certification is about LEARNING not getting a notch in your belt.  If thats all you want look the other direction because you will not enjoy this!  If you want to learn and have a ton of fun then jump on in.

One last thought.  I have found the IRC channel invaluable!  Make sure to register and participate as it make the experience that much better.  Also it is extremely important that you take notes and take them often.  I can already not stress this enough!  I have grown to love "keepnote"  Its built rite into Kali and uses XML and HTML format for notes.  So I simply save the notes to a flash drive.

Cheers!!!