The OSCP examination consists of a virtual network containing targets of varying configurations and operating systems. At the the start of the exam, the student receives the exam and connectivity instructions for an isolated exam network that they have no prior knowledge or exposure to.
The successful examine will demonstrate their ability to research the network (information gathering), identify any vulnerabilities and successfully execute attacks. This often includes modifying exploit code with the goal to compromise the systems and gain administrative access.
The candidate is expected to submit a comprehensive penetration test report, containing in-depth notes and screenshots detailing their findings. Points are awarded for each compromised host, based on their difficulty and level of access obtained.
Learn more about the OSCP certification. Report formatting based on the OSCP Sample report template.
OSCP certification requires two steps. First, you must complete the Penetration Testing Training with Kali Linux (PWK) course. This course is self-paced and online and is often referred to as The Labs in online forums or blogs.
During the labs, you'll have access to 8hrs of videos and 350 pages of course materials. The most important part of the labs is the hands-on experience you'll get from the online penetration testing labs (via VPN). At the end of the labs, you'll conduct a penetration test of the lab environment which will make up around half of your OSCP certification report.
After you finish the labs and the lab penetration test, you still need to get certified! This can only be done by passing the 24 hour OSCP test.
In the exam, you have 24 hours on another VPN network to exploit systems, complete a full penetration test, and submit your report. There's good reason that the Offsec motto is "Try Harder".
You will have a limited time from the end of your lab time to schedule and take this unique and challenging ethical hacking certification exam. The OSCP certification is very challenging and not for the faint-of-heart. However, earning it is incredibly rewarding and proves to yourself and others that you have proven, practical penetration testing skills. via OSCP
Rather than using a note taking app to document your findings to use to manually compile a full report, why not cut out the middleman and use Dradis throughout the entire process? With this report kit, the notes you take throughout the labs and exam will be ready to export into your report as soon as you are finished testing. No manual report generation needed, just click Export!
The above is an overview of the OSCP certification process, visit the OSCP website for more details.
While you're there, don't forget to check out their theme song!
Community Edition package |
Professional Edition package |
|
|---|---|---|
| Methodology templates | ||
| Project templates | ||
| Sample project | ||
| HTML report template | ||
| Word report template | ||
| Issue, Evidence, and Note templates | ||
| Download now | Download now |
Kits make it simple to configure your instance to use the OSCP report using either the web interface (Pro only) or via command line. Detailed instructions on using Dradis kits and creating your own custom kits are available in the Dradis support center.
Sign in as an Administrator.
Navigate to Templates > Kit Upload.
Use the Drop zone or the blue Add kit button to select your kit.zip file.
Then, just click the green Start button to upload it.
The on-screen log will display all the changes that are being made. Wait until it displays Worker process completed before moving on.
SCP your kit (e.g. kit.zip) to your Dradis instance (e.g. to the /tmp folder).
Dradis Pro:
Run the following commands in the console as dradispro:
$ cd /opt/dradispro/dradispro/current/
$ RAILS_ENV=production bundle exec thor dradis:setup:kit --file=/tmp/kit.zip
Make sure to update the filename and path to match yours!
Dradis CE:
$ cd /dradis-ce
$ thor dradis:setup:kit --file=kit.zip
Make sure to update the path to match yours!
Filename:
This project template is ready to be updated with the results from your Labs and Exam. Unlike the Full Project export, this project template doesn’t contain any Issues or Evidence, just the default Node structure and placeholder Notes that are ready to be updated with your findings.
dradis-template-oscp.xml as Dradis::Plugins::Projects::Upload::Template.See the Project templates page of the Working with Projects guide for more details on using project templates.
Filename:
This is a full project export ready for you to upload to Dradis and export with your report template. This project comes pre-populated with 8 Notes covering report sections from the High-Level summary to the Appendix. And, the project contains 2 sample vulnerabilities to use as a template as you find and document the vulnerabilities you discover during the Labs and Exam.
See the Importing and Exporting Projects page of the Working with Projects guide.
HTML: dradis_template-oscp.html.erb
Word: dradis_template-oscp.v0.6.docm
This report template will generate a report with the following sections:
Place the HTML report template in the templates/reports/html_export/ folder of your local install.
dradis_template-oscp.html.erb template and click Export.See the Creating HTML Reports guide for more details.
Filenames:
Use these templates as a guide when you are creating your own projects. Add them as Note templates to your instance of Dradis so that you can painlessly pre-populate manually-created findings with the correct field names.
Place the .txt files in the templates/notes/ folder of your local dradis-ce install
Your email is kept private. We don't do the spam thing.