Offensive Security Certified Professional

Last updated

Offensive Security Certified Professional (OSCP, also known as OffSec Certified Professional) is an ethical hacking certification offered by Offensive Security (or OffSec) that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution (successor of BackTrack). [1] The OSCP is a hands-on penetration testing certification, requiring holders to successfully attack and penetrate various live machines in a safe lab environment. [2] It is considered more technical than other ethical hacking certifications, [3] [4] and is one of the few certifications that requires evidence of practical penetration testing skills. [5]

Contents

Recertification

The OSCP does not require recertification. [6]

Relations to other security trainings or exams

Successful completion of the OSCP exam qualifies the student for 40 (ISC)² CPE credits.

In 2015, the UK's predominant accreditation body for penetration testing, CREST, [7] began recognising OSCP as equivalent to their intermediate level qualification CREST Registered Tester (CRT). [8]

Reception

In "Kali Linux: A toolbox for pentest," JM Porup called OSCP certification "coveted" because it required passing a difficult 24-hour exam demonstrating hacking. [9] In a press release on a new chief operating officer for a security services company, the company's use of OSCP professionals was described as a strength. [10] In "The Ultimate Guide To Getting Started With Cybersecurity" Vishal Chawla of Analytics India Mag recommended OSCP as one of two "well known" security certifications. [11] In an interview of Offensive Security CEO Ning Wang, Adam Bannister of The Daily Swig discussed a "major update" to "Penetration Testing with Kali Linux (PWK)" training course, which leads to OSCP certification for students who pass the final exam. [12] The training updates were discussed in detail in helpnet security. [13]

In The Basics of Web Hacking: Tools and Techniques to Attack the Web, Josh Pauli called OSCP "highly respected." [14] Cybersecurity Education for Awareness and Compliance gave a syllabus outline of the training course for OSCP. [15] In Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails, co-author Christopher Hadnagy listed OSCP as one of his qualifications. [16] Certified Ethical Hacker (CEH) Foundation Guide listed OSCP as one of two certifications by Offensive Security for a "Security Testing Track." [17] Sicherheit von Webanwendungen in der Praxis also included OSCP in a list of recommended certifications. [18] Building a Pentesting Lab for Wireless Networks called Offensive Security training "practical and hands-on" and said they were "most recommended." [19]

In "The Information Security Undergraduate Curriculum: Evolution of a Small Program" Lionel Mew of University of Richmond said 35% of Information security jobs require certifications, and described OSCP as a "popular certification." [20] "Maintaining a Cybersecurity Curriculum: Professional Certifications as Valuable Guidance" called OSCP an "advanced certification" and one of "a select few" requiring hands-on penetration skills demonstrations. [21]

Related Research Articles

<span class="mw-page-title-main">SANS Institute</span> American security company

The SANS Institute is a private U.S. for-profit company founded in 1989 that specializes in information security, cybersecurity training, and selling certificates. Topics available for training include cyber and network defenses, penetration testing, incident response, digital forensics, and auditing. The information security courses are developed through a consensus process involving administrators, security managers, and information security professionals. The courses cover security fundamentals and technical aspects of information security. The institute has been recognized for its training programs and certification programs. Per 2021, SANS is the world’s largest cybersecurity research and training organization. SANS is an acronym for SysAdmin, Audit, Network, and Security.

This is a list of operating systems specifically focused on security. Similar concepts include security-evaluated operating systems that have achieved certification from an auditing organization, and trusted operating systems that provide sufficient support for multilevel security and evidence of correctness to meet a particular set of requirements.

A white hat is an ethical security hacker. Ethical hacking is a term meant to imply a broader category than just penetration testing. Under the owner's consent, white-hat hackers aim to identify any vulnerabilities or security issues the current system has. The white hat is contrasted with the black hat, a malicious hacker; this definitional dichotomy comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat, respectively. There is a third kind of hacker known as a grey hat who hacks with good intentions but at times without permission.

A penetration test, colloquially known as a pentest, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. The test is performed to identify weaknesses, including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed.

Cisco Certifications are the list of the Certifications offered by Cisco Systems. There are four to five levels of certification: Associate (CCNA/CCDA), Professional (CCNP/CCDP), Expert (CCIE/CCDE) and recently, Architect, as well as nine different paths for the specific technical field; Routing & Switching, Design, Industrial Network, Network Security, Service Provider, Service Provider Operations, Storage Networking, Voice, Datacenter and Wireless.
There are also a number of specialist technicians, sales, Business, data center certifications and CCAI certified instructors.

Certified Ethical Hacker (CEH) is a qualification given by EC-Council and obtained by demonstrating knowledge of assessing the security of computer systems by looking for vulnerabilities in target systems, using the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system. This knowledge is assessed by answering multiple choice questions regarding various ethical hacking techniques and tools. The code for the CEH exam is 312–50. This certification has now been made a baseline with a progression to the CEH (Practical), launched in March 2018, a test of penetration testing skills in a lab environment where the candidate must demonstrate the ability to apply techniques and use penetration testing tools to compromise various simulated systems within a virtual environment.

<span class="mw-page-title-main">BackTrack</span> Linux distribution

BackTrack was a Linux distribution that focused on security, based on the Knoppix Linux distribution aimed at digital forensics and penetration testing use. In March 2013, Khaled Baoween (Kali) & the Offensive Security team rebuilt BackTrack around the Debian distribution and released it under the name Kali Linux.

EC-Council is a cybersecurity certification, education, training, and services company based in Albuquerque, New Mexico.

Hacker Halted is a global series of Computer and Information Security conferences presented by EC-Council. The objective of the Hacker Halted conferences is to raise international awareness towards increased education and ethics in IT Security. The event is currently in its 14th year. Also present at Hacker Halted is EC-Council's H@cker Halted | Academy, trainings and workshops led by EC-Council instructors and trainers.

Michael Gregg is an American computer security specialist, businessman, author and co-author of several books, including Build Your Own Network Security Lab and Inside Network Security Assessment. He has also served as an expert witness before a congressional committee on cyber security and identity theft.

The Computing Technology Industry Association, more commonly known as CompTIA, is an American non-profit trade association that issues professional certifications for the information technology (IT) industry. It is considered one of the IT industry's top trade associations.

<span class="mw-page-title-main">Wargame (hacking)</span>

In hacking, a wargame is a cyber-security challenge and mind sport in which the competitors must exploit or defend a vulnerability in a system or application, and/or gain or prevent access to a computer system.

<span class="mw-page-title-main">Kali Linux</span> Debian-based Linux distribution for penetration testing

Kali Linux is a Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security. The software is based on the Debian Testing branch: most packages Kali uses are imported from the Debian repositories.

<span class="mw-page-title-main">Parrot OS</span> Debian-based Linux distribution

Parrot OS is a Linux distribution based on Debian with a focus on security, privacy, and development.

Offensive Security is an American international company working in information security, penetration testing and digital forensics. Operating from around 2007, the company created open source projects, advanced security courses, the ExploitDB vulnerability database, and the Kali Linux distribution. The company was started by Mati Aharoni, and employs security professionals with experience in security penetration testing and system security evaluation. The company has provided security counseling and training to many technology companies.

<span class="mw-page-title-main">Kali NetHunter</span> Free & open-source mobile penetration testing platform for non-rooted and rooted Android devices

Kali NetHunter is a free and open-source mobile penetration testing platform for Android devices, based on Kali Linux. Kali NetHunter is available for non-rooted devices, for rooted devices that have a standard recovery, and for rooted devices with custom recovery for which a NetHunter specific kernel is available (NetHunter). Official images are published by Offensive Security on their download page and are updated every quarter. NetHunter images with custom kernels are published for the most popular supported devices, such as Google Nexus, Samsung Galaxy and OnePlus. Many more models are supported, and images not published by Offensive Security can be generated using NetHunter build scripts. Kali NetHunter is maintained by a community of volunteers, and is funded by Offensive Security.

Terry Cutler is a Canadian cyber security expert and teacher, often described as an "ethical hacker" for his long term work with cyber security and protection. Cutler is the founder, former CTO, and current CEO of Cyology Labs and the vice-president of cyber security at SIRCO. He is also the creator of "The Course On Internet Safety". Cyology Labs's focal point is cyber security and data safety. Prior to founding Cyology Labs in 2015, Cutler founded Digital Locksmiths, Inc. focusing on data security of cloud and mobile solutions. Cutler is an often cited source on Cyber security and has been featured on various televisions shows across Canada. He describes himself as a "cyologist", a trademarked term of his own invention for a person who works in cyber security.

<span class="mw-page-title-main">Rafay Baloch</span>

Rafay Baloch is a Pakistani ethical hacker and security researcher. He has been featured and known by both national and international media and publications like Forbes, BBC, The Wall Street Journal, The Express Tribune and TechCrunch. He has been listed among the "Top 5 Ethical Hackers of 2014" by CheckMarx. Subsequently he was listed as one of "The 15 Most Successful Ethical Hackers WorldWide" and among "Top 25 Threat Seekers" by SCmagazine. Baloch has also been added in TechJuice 25 under 25 list for the year 2016 and got 13th rank in the list of high achievers. Reflectiz, a cyber security company, released the list of "Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021" recognizing Rafay Baloch as the top influencer. On 23 March 2022, ISPR recognized Rafay Baloch's contribution in the field of Cyber Security with Pride for Pakistan award. In 2021, Islamabad High court designated Rafay Baloch as an amicus curia for a case concerning social media regulations.

William "Chuck" Easttom II is an American computer scientist specializing in cyber security, cryptography, quantum computing, and systems engineering.

References

  1. "Offensive Security Certified Professional". Offensive Security. Archived from the original on 12 October 2016. Retrieved 13 October 2016.
  2. Linn, Ryan (1 March 2010). "Final Course and Exam Review: Pen Testing with BackTrack". EH-Net Online Mag. Retrieved 13 October 2016.
  3. Westfall, Brian (15 July 2014). "How to Get a Job as an Ethical Hacker". Intelligent Defense. Software Advice. Retrieved 13 October 2016.
  4. Dix, John (11 August 2016). "How well does social engineering work? One test returned 150%". Network World. Archived from the original on August 11, 2016. Retrieved 13 October 2016.
  5. Merritt, Chris (2012). "Certification Spotlight: Offensive Security's OSCP" (PDF). IAnewsletter. 15 (2). Information Assurance Technology Analysis Center: 24–25.
  6. "Offensive Security FAQ". 2018-09-13. Archived from the original on 2018-09-13. Retrieved 2023-05-15.
  7. Knowles, William; Baron, Alistair; McGarr, Tim (26 May 2015). Analysis and recommendations for standardization in penetration testing and vulnerability assessment: Penetration testing market survey (Report). BSI Group & Lancaster University.
  8. "CREST Signs New Partnership with Offensive Security to Improve the Standards of Information Security" (Press release). CREST and Offensive Security. 4 August 2015.
  9. "Kali Linux : Une boîte à outils pour pentest - Le Monde Informatique". LeMondeInformatique (in French). 25 February 2020. Retrieved 2020-03-15.
  10. "Anchin, Block & Anchin LLP Expands Firm's Cybersecurity Practice - Tab Bradshaw Joins as New Leader of Redpoint Cybersecurity LLC". Benzinga. Retrieved 2020-03-15.
  11. Chawla, Vishal (2020-02-24). "The Ultimate Guide To Getting Started With Cybersecurity". Analytics India Magazine. Retrieved 2020-03-15.
  12. "'We're our own focus group' – Ning Wang on security certification, training, and keeping Kali Linux on top". The Daily Swig | Cybersecurity news and views. 2020-03-03. Retrieved 2020-03-15.
  13. "Offensive Security releases major update to its Penetration Testing with Kali Linux training course". Help Net Security. 2020-02-11. Retrieved 2020-03-15.
  14. Pauli, Josh (2013-06-18). The Basics of Web Hacking: Tools and Techniques to Attack the Web. Elsevier. p. 140. ISBN   978-0-12-416659-2.
  15. Ismini, Vasileiou; Steven, Furnell (2019-02-22). Cybersecurity Education for Awareness and Compliance. IGI Global. pp. 233–234. ISBN   978-1-5225-7848-2.
  16. Hadnagy, Christopher; Fincher, Michele (2015-03-18). Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails. John Wiley & Sons. pp. viii. ISBN   978-1-118-95848-3.
  17. Rahalkar, Sagar Ajay (2016-11-29). Certified Ethical Hacker (CEH) Foundation Guide. Apress. p. 184. ISBN   978-1-4842-2325-3.
  18. Rohr, Matthias (2018-03-19). Sicherheit von Webanwendungen in der Praxis: Wie sich Unternehmen schützen können – Hintergründe, Maßnahmen, Prüfverfahren und Prozesse (in German). Springer-Verlag. p. 447. ISBN   978-3-658-20145-6.
  19. Fadyushin, Vyacheslav; Popov, Andrey (2016-03-28). Building a Pentesting Lab for Wireless Networks. Packt Publishing Ltd. p. 234. ISBN   978-1-78528-606-3.
  20. Mew, Lionel (2016). "The Information Security Undergraduate Curriculum: Evolution of a Small Program" (PDF). 2016 Proceedings of the EDSIG Conference. 2: 5.
  21. "Maintaining a Cybersecurity Curriculum: Professional Certifications as Valuable Guidance" (PDF). Journal of Information Systems Education. 28: 106. December 2017.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.