Before I take my exam in a few days, figured I would put up here everything I had done prior to even starting the PWK training course offered at Offensive-Security. This list is everything I’ve done and what I recommend people who wish to pursue this certification go do as well.
Prior to exam I had decent experience in Linux and Windows. Mint has been my preferred choice for nearly 2 years now. The languages I am well versed in are C, C#, Java, Python, and SQL. Scripting was something I had just started in but quickly adapted to.
I’m putting these in the official order of “You Should Probably Tackle This First”
Cybrary Intro to Ethical Hacking
13 Hours. Every chapter starts with a whiteboard draw up of what you should be “thinking” as a penetration tester, then straight into demos. It’s basic, but a must have foundation to help get you in the game of enumeration.
Cybrary’s Web Application Pen-Testing
4 Hours. If you want to take a break from the whiteboard and get into action while learning, try out out web application testing. It’s for beginners and you learn a lot.
Cybrary Advanced Penetration Testing
15 Hours and by Georgia Weidman herself. Builds upon the first intro to penetration testing course above. Definitely more advanced and she goes over things done similarly in the PWK modules. Get her book as well, I’ve read it in and out: seriously it’s a must.
Now that you have that down, Offensive-Security has their own FREE online training in Metasploit. What you learn here can easily be applied in the labs. Once finished, head over to vulnhub.com, where the members have even more fun things:
Kioptrix VMs #1-#5 in that order. These vulnerable machines were created by Offensive Security members and the best baseline before entering PWK.
Python for Security Professionals
10 Hours. Seriously the best Python course I have ever come across. Straight up for Security Professionals. He gives you activities to solve (included in his ZIP file) and then has his own scripts that test your scripts and gives feedback. Wild ey?
If you haven’t already, go start digging around and find reviews of the course before you sign up. First go to the Cool People to Check Out page on my site, and look at those guys. All OSCP holders with blogs talking about their experiences.
When you start reading people say “Enumeration! ENUMERATION!”, “Post Exploitation”, “Make scripts for exam!” and so on, check out this guys stuff. Read his review and go through his scripts, everyone uses his to customize their own stuff. It helped me in understanding what certain commands can be used when enumerating, further helping me develop my own scripts.
This guy did a fantastic job. He took out all 50 machines in the lab and all 5 in the exam. On top of that he documented as much as he could. Here is his Page 2 with all the references he used to take down the hard machines(he updated the list after he got his cert)
Tulpa Security: 2016 Prep Guide for Offsecs PWK
Tulpa has his own Prep Guide as well and extremely on point. If mine lacks what you need or want more, head over to his site and get his step-by-step guide.