Offensive Security Certified Professional (OSCP) Report

The OSCP examination consists of a virtual network containing targets of varying configurations and operating systems. At the the start of the exam, the student receives the exam and connectivity instructions for an isolated exam network that they have no prior knowledge or exposure to.

The successful examine will demonstrate their ability to research the network (information gathering), identify any vulnerabilities and successfully execute attacks. This often includes modifying exploit code with the goal to compromise the systems and gain administrative access.

The candidate is expected to submit a comprehensive penetration test report, containing in-depth notes and screenshots detailing their findings. Points are awarded for each compromised host, based on their difficulty and level of access obtained.

Learn more about the OSCP certification. Report formatting based on the OSCP Sample report template.

The Labs

OSCP certification requires two steps. First, you must complete the Penetration Testing Training with Kali Linux (PWK) course. This course is self-paced and online and is often referred to as The Labs in online forums or blogs.

During the labs, you'll have access to 8hrs of videos and 350 pages of course materials. The most important part of the labs is the hands-on experience you'll get from the online penetration testing labs (via VPN). At the end of the labs, you'll conduct a penetration test of the lab environment which will make up around half of your OSCP certification report.

The Exam

After you finish the labs and the lab penetration test, you still need to get certified! This can only be done by passing the 24 hour OSCP test.

In the exam, you have 24 hours on another VPN network to exploit systems, complete a full penetration test, and submit your report. There's good reason that the Offsec motto is "Try Harder".

You will have a limited time from the end of your lab time to schedule and take this unique and challenging ethical hacking certification exam. The OSCP certification is very challenging and not for the faint-of-heart. However, earning it is incredibly rewarding and proves to yourself and others that you have proven, practical penetration testing skills. via OSCP

Why use Dradis?

Rather than using a note taking app to document your findings to use to manually compile a full report, why not cut out the middleman and use Dradis throughout the entire process? With this report kit, the notes you take throughout the labs and exam will be ready to export into your report as soon as you are finished testing. No manual report generation needed, just click Export!

The above is an overview of the OSCP certification process, visit the OSCP website for more details.

While you're there, don't forget to check out their theme song!

Call Offensive Security from Offensive Security on Vimeo.

	Community Edition package	Professional Edition package
Methodology templates
Project templates
Sample project
HTML report template
Word report template
Issue, Evidence, and Note templates
	Download now	Download now

Kits make it simple to configure your instance to use the OSCP report using either the web interface (Pro only) or via command line. Detailed instructions on using Dradis kits and creating your own custom kits are available in the Dradis support center.

Uploading a kit (Pro only)

Sign in as an Administrator.
Navigate to Templates > Kit Upload.
Use the Drop zone or the blue Add kit button to select your kit.zip file.
Then, just click the green Start button to upload it.
The on-screen log will display all the changes that are being made. Wait until it displays Worker process completed before moving on.

Command line

SCP your kit (e.g. kit.zip) to your Dradis instance (e.g. to the /tmp folder).
Dradis Pro:

Run the following commands in the console as dradispro:
```
$ cd /opt/dradispro/dradispro/current/
$ RAILS_ENV=production bundle exec thor dradis:setup:kit --file=/tmp/kit.zip
```
Make sure to update the filename and path to match yours!

Dradis CE:
```
$ cd /dradis-ce
$ thor dradis:setup:kit --file=kit.zip
```
Make sure to update the path to match yours!

Project template
Full project export
Report templates
Note templates

Project Template

Filename:

dradis-template-oscp.xml

This project template is ready to be updated with the results from your Labs and Exam. Unlike the Full Project export, this project template doesn’t contain any Issues or Evidence, just the default Node structure and placeholder Notes that are ready to be updated with your findings.

Instructions

In the header of your project, click Upload output from tool

Upload dradis-template-oscp.xml as Dradis::Plugins::Projects::Upload::Template.

Add Issues and Evidence!

See the Project templates page of the Working with Projects guide for more details on using project templates.

Full Project Export

Filename:

dradis-export-oscp.zip

This is a full project export ready for you to upload to Dradis and export with your report template. This project comes pre-populated with 8 Notes covering report sections from the High-Level summary to the Appendix. And, the project contains 2 sample vulnerabilities to use as a template as you find and document the vulnerabilities you discover during the Labs and Exam.

Instructions

See the Importing and Exporting Projects page of the Working with Projects guide.

Report Templates

HTML: dradis_template-oscp.html.erb

Word: dradis_template-oscp.v0.6.docm

This report template will generate a report with the following sections:

Table of contents
High Level Summary
Methodologies
Information Gathering
Service Enumeration
Penetration: including details on each vulnerability identified in the labs and exam including code samples and screenshots
Maintaining Access
House Cleaning
Additional items not mentioned in the report

Instructions

Dradis CE

Place the HTML report template in the templates/reports/html_export/ folder of your local install.

Dradis Pro

Sign in as an Administrator and navigate to Templates > Reports in the header.
Navigate to the HTML tab and upload the report template.
From the Projects page, open the OSCP project you created using the project template or full project export.
Click Export Project in the header and open the HTML export tab
Select the dradis_template-oscp.html.erb template and click Export.

See the Creating HTML Reports guide for more details.

Note Templates

Filenames:

issue.txt
evidence.txt
note.txt
note-tester.txt

Use these templates as a guide when you are creating your own projects. Add them as Note templates to your instance of Dradis so that you can painlessly pre-populate manually-created findings with the correct field names.

issue.txt: every Issue in your project uses these fields
evidence.txt: every piece of Evidence in your project uses these fields
note.txt: every Note in your project (other than the Tester note, see below) uses these fields.
note-tester: the Tester Note in your project contains a few different fields (e.g. Email) than the regular Note template.

Instructions

Dradis CE: Place the .txt files in the templates/notes/ folder of your local dradis-ce install
Dradis Pro: Upload the templates to Dradis as Note templates using the instructions on the Note Templates page of the Administration guide.

OSCP Exam Report Kit

Offensive Security Certified Professional (OSCP) Report

Streamline InfoSec Project Delivery

Learn practical tips to reduce the overhead that drags down security assessment delivery with this 5-day course. These proven, innovative, and straightforward techniques will optimize all areas of your next engagement including: