This article is built as a learner introduction guide to the PEN-200 course and OSCP certification. Here you will find information on:
- Presentation video
- What is PEN-200?
- Try Harder Mindset
- Study Approach & Tips
- Getting Started
- Support
- Additional Resources
Presentation video
What is PEN-200?
PEN-200 is a hands-on, self-study, learn-by-doing, and foundational course for pen-testing that aims to teach mindset, skills, and tools needed to increase success in InfoSec.
PEN-200 In OffSec Learning Journey
PEN-200 Course Prerequisites
TCP/IP Networking Fundamentals
- TCP/IP Addressing and subnetting: Cisco - IP Addressing and Subnetting for New User
- The protocols and services that use TCP/IP: Service Name and Transport Protocol Port Number Registry
- How traffic is delivered and received
Operating System
- Reasonable Windows and Linux administration experience: Linux Journey, Kali Linux Revealed
- Active Directory: Microsoft Active Directory Domain Services Overview
Familiarity with programming/scripting languages
- Bash: The Bash Guide
- Python: Learn Python the Hard Way
Try Harder Mindset
Why TRY HARDER in InfoSec?
InfoSec is continuously evolving. Techniques and tools have a shelf life. It is common to encounter unfamiliar technologies and environments during a pentest while also being expected to deliver results within a limited time frame.
It is important to have both the knowledge and disposition needed to adapt and overcome these challenges.
Try Harder disposition is timeless, once you earn it - it will never leave you.
What does it mean to TRY HARDER?
- Trying Harder means being PERSISTENT.
- Trying Harder means being CREATIVE.
- Trying Harder means being PERCEPTIVE.
For more in-depth information, please see our Try Harder Blog Post.
Trying Harder means being PERSISTENT
InfoSec involves a LOT of research, troubleshooting, and testing. There are no shortcuts to success.
Mistakes and failures are part of the process. Taking a step back and understanding why the approach is failing, will help identify what to try next.
The most certain way to succeed...is always to try just one more time. In other words, try again.
Trying Harder means being CREATIVE
Repeating the same failing approach over and over is not progress. Be creative and consider different problem-solving approaches when one is not working.
You will need to use your knowledge and understanding of InfoSec concepts to consider a wide variety of solutions.
There are always different approaches to solving a problem. In other words, try differently.
Trying Harder means being PERCEPTIVE
Situational awareness is a critical skill for any Infosec professional. You must be aware of technologies, resources, and techniques available in a given situation.
It is also important to be aware of non-technical aspects such as how much time is available to you, and how best to use that time to get results.
In other words, try smarter.
Study Approach & Tips
Study Approach (High Level)
Learn By Doing
Practice techniques and tools that are discussed in course materials and in labs. Hands-on lab practice is key to learning success.
Buffer overflow and Active Directory involve a lot of steps and moving parts. Keep repeating labs to master the concepts and techniques involved. Replicate Alpha and Beta walkthroughs.
Master Enumeration
This one word is arguably the most important aspect of pen-testing but can be the hardest to master.
Do not simply run scans and move on. Take time to thoroughly review the output and understand its implications.
Enumeration is a cyclical approach. You will need to expand your search after each new access or new information you obtain.
Pro Tip: The more you do proper enumeration, the easier it becomes to find the proverbial “needle in a haystack”.
Read the Exploits
Try to understand how an exploit works before executing. Knowing how an exploit works even at a high level will help you debug issues you encounter.
Do you need to set up files or permissions prior to running the exploit? Do you need to modify the exploit to match your target?
Pro tip: Running unverified exploits without considering what may occur could lead to disastrous results, such as losing files.
Explore Tools
Take the opportunity to learn a wide variety of tools in labs (e.g., nmap, nikto, sshuttle, Empire, etc.). Familiarize yourself with the strengths of different tools, to identify which tool is most suited for a given situation.
Metasploit usage is limited in the PEN-200 exam, do not restrict yourself by over-utilizing Metasploit in labs.
Pro Tip: Investigate and understand how a tool works. This will help you know when and how to use the tool, and better prepare for the PEN-200 exam.
Put in Time and Effort
Depending on your background, be prepared to dedicate significant time to work through the course materials and practice in labs.
E.g., >200 - 300+ hours in the lab environment often yields the best results.
Do not limit yourself to course materials and labs. Take the time to research any concept or prerequisite unclear to you. Google is your friend.
Practice, Practice, Practice!
There are no shortcuts in learning. The more machines you complete, the more exposure to environments and setups.
Do not rely solely on hints and walkthroughs. They are not substitute for actual learning. Attempt the machine first, at minimum.
Pro Tip: Explore machines in PG Play & Practice for additional practice, though NOT a substitute for PEN-200 lab machines.
Lab Machines Key to Success
Higher exam pass rate with >50 lab machines completed
Getting Started
Read the course welcome email carefully. In it you will find:
- Download links for course PDFs and videos
- Control Panel URL
- Help Center articles
- VPN connectivity pack and credentials
Set up Kali Linux
- Recommend Kali Linux with VMware Kali Linux with VMWare
- Snapshot your VM image regularly to avoid losing your work
Connecting to PEN-200 labs
Download the "Universal VPN Package" to your Kali Linux machine.
Use the openvpn command to connect to VPN labs.
root@kali:~$ sudo openvpn universal.ovpn
For more information, visit the PEN-200 Learning Library Lab Connectivity Guide.
Lab Precautions
The lab network should be regarded as a hostile environment. We suggest using a VM to protect your host machine.
Direct VPN connection between learners is not possible. However, you may encounter exploits left by other learners. Executing these may lead to unintentional compromise of your machine.
Please be careful of unverified exploits or scripts. They may contain malicious code, resulting in the loss of your data.
Best Practices in Labs
Make sure all default passwords of your personal machines have been changed.
Avoid storing sensitive information on your Kali Linux machine in the unlikely event someone able to gain access.
You can help protect yourself by stopping services when they are in use.
Take snapshots of your personal machines regularly.
Lab Overview
The Control Panel lets you power on or revert the Challenges.
Lab Tip: Note Taking
- Document Everything. Document all steps, commands, codes, and output, even those that failed. Documentation reduces rework if/when the information is later required. Notes can always be used as a reference.
- Use Note-Taking App. Applications such as CherryTree or OneNote allow a hierarchical structure to better organize your notes.
- Segment your notes. For instance, if attacking a single target, create sub-notes for Enumeration, Interesting finds, Exploitation, Privilege Escalation, etc.
Support
Who are Student Mentors (SMs)?
- SMs are Offsec Alumni
- SMs help you learn
- SMs are your mentors
- SMs will guide you in the right direction
- Not give you answers
- Will adjust guidance based on your background
- SMs will be your friends!
When to ask SMs for help
Try course materials and labs first, and attempt to build both knowledge (technique) AND disposition (Try Harder Mindset).
Once feel you’ve exhausted and documented all steps, commands, and codes and can go no further on your own...then consider contacting SMs.
Pro Tip: SMs are here to help you build knowledge AND disposition, NOT give you the answer. They will help you find the answer on your own.
How to ask SMs for help
Be as detailed as possible. Provide all steps, commands, codes, and output when asking for help.
SMs will then understand the context and how best to assist your learning.
The guidance that SMs give is based on the amount of detail provided and your background.
The more details provided, the better SMs can assist.
Example
Bad Question:
- Hi, I need help!
- I need help with x.x.x.x machine
Good Question:
- I’ve been working on getting low-level access to x.x.x.x machine. I found credentials from another machine, but they do not seem to be working. Can someone help me?
- I’m trying to get the exploit for Lab 123 to work, however, I get an error when launching it. Here are the commands and outputs: https://paste.offsec.com/SdDfLvsw
Additional Resources
Support Channels
What Do You Need? |
Learners |
Offsec Community |
https://portal.offsec.com/sign-in For instruction: How may I join the Offsec Community? |
Mentorship with the labs or challenge labs |
|
VPN connectivity issues |
https://chat.offsec.com/ or email help@offsec.com |
Lab or exam machine testing |
|
Exam related inquiry |
|
Purchase or account related inquiry |
orders@offsec.com or OSCAR (OffSec Support Chatbot Assistance Resource) |
OSCP Preparation Guides:
- The Journey to Try Harder: TJnull’s Preparation Guide for PEN-200 PWK/OSCP 2.0
- A Detailed Guide on OSCP Preparation – From Newbie to OSCP
- John J OSCP Preparation Guide Additional Resources
Labs:
PG Play and Practice: https://www.offsec.com/labs/individual
Books:
- Hacking: The Art of Exploitation, 2nd Edition
- The Web Application Hacker’s Handbook
- Black Hat Python
- CCNA Cisco Certified Network Associate Study Guide, 7th Edition
Pentesting Reports:
Public Pentesting Reports: https://github.com/juliocesarfort/public-pentesting-reports