The OSCP examination consists of a virtual network containing targets of varying configurations and operating systems. At the the start of the exam, the student receives the exam and connectivity instructions for an isolated exam network that they have no prior knowledge or exposure to.
The successful examine will demonstrate their ability to research the network (information gathering), identify any vulnerabilities and successfully execute attacks. This often includes modifying exploit code with the goal to compromise the systems and gain administrative access.
The candidate is expected to submit a comprehensive penetration test report, containing in-depth notes and screenshots detailing their findings. Points are awarded for each compromised host, based on their difficulty and level of access obtained.
OSCP certification requires two steps. First, you must complete the Penetration Testing Training with Kali Linux (PWK) course. This course is self-paced and online and is often referred to as The Labs in online forums or blogs.
During the labs, you'll have access to 8hrs of videos and 350 pages of course materials. The most important part of the labs is the hands-on experience you'll get from the online penetration testing labs (via VPN). At the end of the labs, you'll conduct a penetration test of the lab environment which will make up around half of your OSCP certification report.
After you finish the labs and the lab penetration test, you still need to get certified! This can only be done by passing the 24 hour OSCP test.
In the exam, you have 24 hours on another VPN network to exploit systems, complete a full penetration test, and submit your report. There's good reason that the Offsec motto is "Try Harder".
You will have 90 days from the end of your lab time to schedule and take this most unique and challenging of ethical hacking certification exams. The OSCP certification is very challenging and not for the faint-of-heart. However, earning it is incredibly rewarding and proves to yourself and others that you have proven, practical penetration testing skills. via OSCP
Some exam-takers use note-taking applications like KeepNote to document their findings as the go through the Labs and Exam. Then, they use their notes to manually compile a full report. Why not cut out the middleman and use Dradis throughout the entire process? With this report package, the notes you take throughout the labs and exam will be ready to export into your report as soon as you are finished testing. No manual report generation needed, just click Export!
The above is an overview of the OSCP certification process, visit the OSCP website for more details.
While you're there, don't forget to check out their theme song!
Based on the OSCP Sample report template.
The Dradis Framework is collaboration and reporting platform for InfoSec teams that will cut your reporting time in half.
We connect with 19+ different tools including Burp, Nessus, Nmap, and Qualys. Track your progress, split tasks, and share screenshots and evidence with your team.
Dradis Community Edition is open-source and available freely under the GPLv2 license.
Dradis Professional Edition includes extra features designed for organizations working with bigger teams and multiple projects at a time.
Community Edition package |
||
---|---|---|
Project template | ||
Sample project | ||
HTML report template | ||
Note templates | ||
Detailed versions of these instructions are also available in the instructions.txt file in your Compliance Package.
Filename:
This project template is ready to be updated with the results from your Labs and Exam. Unlike the Full Project export, this project template doesn’t contain any Issues or Evidence, just the default Node structure and placeholder Notes that are ready to be updated with your findings.
dradis-template-oscp.xml
as Dradis::Plugins::Projects::Upload::Template.See the Project templates page of the Working with Projects guide for more details on using project templates.
Filename:
This is a full project export ready for you to upload to Dradis and export with your report template. This project comes pre-populated with 8 Notes covering report sections from the High-Level summary to the Appendix. And, the project contains 2 sample vulnerabilities to use as a template as you find and document the vulnerabilities you discover during the Labs and Exam.
See the Importing and Exporting Projects page of the Working with Projects guide.
Filename: dradis_template-oscp.html.erb
This HTML template will generate a report with the following sections:
Place the HTML report template in the templates/reports/html_export/
folder of your local install.
dradis_template-oscp.html.erb
template and click Export.See the Creating HTML Reports guide for more details.
Filenames:
Use these templates as a guide when you are creating your own projects. Add them as Note templates to your instance of Dradis so that you can painlessly pre-populate manually-created findings with the correct field names.
Place the .txt files in the templates/notes/ folder of your local dradis-ce
install