Used Car Quote

Used Car Buying Tips – info on getting your best deal Buying new cars, used car tips and resources for a great deal…

Life After OSCP: A Career Path

Congratulations, you did it! You passed the OSCP. You have finally passed the OSCP after following our advice and going through all the lab equipment multiple times. You have passed the test and are now victorious.
Unfortunately, you’re just getting started.
We all know that no one wants to hear it. The OSCP, however prestigious, is not a ticket to a better job or a new career. There is still much to do after the OSCP. It’s a lot to do, a lot more work and a lot more learning.
Don’t Let Up
The number one and most important piece we can offer you is to keep practicing. It’s not easy to learn a skill that you have just put in a lot of effort. Even after three months of hard work, it can quickly start to fall apart. This can be prevented by exercising it, learning new things, and working through the boxes.
You have a Hack the Box subscription, as we recommended. Keep it and continue to use it. Compromising virtual machines such as theirs is the best way to keep your skills sharp. These boxes are a great place to learn, practice new techniques, and sharpen your patience.
Concentrate on the ones you think are “too difficult” before. Only when you are really stuck, or stuck for days, can you look at the box’s walkthrough. While persistence is your best teacher, learning from others’ work is second-best.
Enumeration is a major focus of the OSCP. While tools and techniques are important, enumeration is the key. You can’t use all the techniques and tools if you don’t know how to enumerate. As with any skill, intuition can be developed through experience. This level of enumeration proficiency will be a great asset to you as a pentester. However, it must be maintained through practice. There are no shortcuts, and being lazy will only make your skills worse.
Keep reading and studying. Information security, including penetration testing, is an ever-evolving field. The news will tell you enough to know that the work is never done and that the bad guys will not stop at nothing. Stabilizing yourself is a sure way to stagnate and make no progress. Make sure you are always moving forward.
You should also consider the growing number of crowded-sourced red teaming companies as a great opportunity for growth and learning. Companies such as Synack and HackerOne screen security researchers and pentesters before they hire them as contractors. You will be granted access to their platform if you pass. This basically lists closed access bug bounties for other companies.
You can choose an interesting target and test it against it. If you find any vulnerabilities, you can report them for payment. It’s possible to learn from white-hat hackers who are highly skilled, but it can also be a great learning experience and resume building opportunity.
Tips for the Aspiring Penetrating Tester
Congratulation to those who started their OSCP journey hoping to become a pentester. The OSCP labs and courseware are not always as real as the real world. This is a slightly misleading fact. You will be required to work through several boxes containing vulnerable open-source web apps, FTP servers, SMB share, and other services that have well-documented exploits.
This is the kind of operational security that no company can afford to ignore.
First, there won’t be many services that are open to the internet other than HTTP and HTTPS. It’s been IT best practice for a long time to keep this stuff off the internet. If you’re a pentester, don’t expect to scan a client using nmap or fi

Back to top