0xbc

1. Introduction There are tons of certification in cybersecurity, for example, CEH, Security+, CISSP....but OSCP is known for its hands on experience and 24 hour exam. 2. Before OSCP.... 2.1 Material recommend There are some resource I would like to highlight before really step in OSCP's course. Although OSCP is the entry level cert in offsec, it still have lots knowledge Offsec expect people knows. Vulnhub: contain lots vulnerable machine, can download and do it locally https://www.vulnhub.com Hackthebox: Need VPN to their network, similar to OSCP's lab, really good resource before OSCP https://www.hackthebox.eu/ 2.2 Course Intro Official Sire is  https://www.offensive-security.com  , and before take exam, need to take their PWK course, here is syllabus  https://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf Course have three types: Course + 30/60/90 days lab, can be found here: https://www.offensive-security.com/information-s...

1. 前言 在資訊安全的證照中, 有許多證照以及課程可以學習 像是CEH, Security+, CISSP. 但真正以實作滲透測試為主的, OSCP算是最大宗. 在台灣並不算很出名...但在國外算是小有名氣的證照之一. 國外的分享數量非常多不在話下, 所以這篇文章將以中文做分享, 希望能藉此機會拋磚引玉一下 2. OSCP介紹與先修材料推薦 2.1 先修材料推薦 由於 OSCP 對修課者會有一定的要求, 有些人或許會好奇, 如何才知道自己是否準備好可以來上課了？ 有些資源是我個人很推薦在上課之前可以先參考練習一下： https://www.vulnhub.com  (提供很多脆弱虛擬機可以下載來練習, 網路上很多人有分享解法, 可以一步一步學習依樣畫葫蘆) https://www.hackthebox.eu  (需要用官網提供的VPN進入他的 Lab環境, 跟OSCP Lab類似, 由於是免費的所以並沒有提供教材. 但是是很棒的資源. 他有個前提是要能夠破解官網註冊步驟) 2.2 課程簡介 Lab購買方式 官網是  https://www.offensive-security.com  , 要參與考試之前必須先上他們的線上課程, 課程大綱的網址如下:  https://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf 他的課程分為三種 (買lab同時會包含一次的考試, 單買考試是 一次60美金 以漲價變成150美金)： Course + 30 days lab Course + 60 days lab Course + 90 days lab 詳細價格在 https://www.offensive-security.com/information-security-training/penetration-testing-training-kali-linux/ 可以發現其實差別只在lab天數. 不建議購買30天lab....因為有很大機會會沒有足夠時間做lab. 但是在購買過Course package後是可以單獨購買lab時數的. (很害羞的說我lab續了兩次, 因為小弟經驗不足實在破不完lab) 課程包括了PDF...