Well it’s been a solid 60 days of everything PWK. I’ve buffer overflowed, injected and weeped at my desk at 3am. #Complete

I’m happy to say that this was a EXTREMELY educational experience. It was painful, but educational. So here’s the breakdown of how it went.

My background:

One thing that I did, like many before me, is researched the PWK course by reading blogs. The thing I was most interested in was the background of the people taking the course because I wanted to get an idea how I would stack up against their experience. So here’s mine.

I have been a software engineer for 6 years, 4 professional. Before that I was an Army Military Police Officer with no coding experience.

I have experience in C#, Java, HTML, Javascript, PHP, Python, MySql, SQL, XML, C++, C and assembly. With c++ and assembly being my weakest areas. I can’t stress enough how useful being able to code was in this course.

I have very little practical infosec experience. I have been toying with infosec topics for a few years but nothing more than intro to (insert topic here).

Any knowledge I have about web servers, linux, networking comes from my time setting up and running a pi webserver out of my house. It’s not much but it was a push in the correct direction.

I’ve built my own web blog from database to UI including all of the gory stuff in between like lazy loads, serverside logic etc. This knowledge helped me a little. Mainly because I wasn’t scared to write some php.


Leading up to the exam:

I read a few books and wrote some fun python stuff (see my blog posts from September-October 2016)


The first 30 days with PWK – Coursework:

Pace: I studied 3 – 4 days a week each week for ~12 hours a week. It took me 30 days to complete the course material.

For my first 30 days, I decided to focus 100% on the course material. I wanted to make sure I laid a solid foundation for my education before attempting to break things. I didn’t venture out into the lab unless the book specifically told me to and I only did what it said. I made sure that I fully understood every concept before moving onto the next and I documented EVERYTHING in onenote.

I documented things meticulously. Each chapter had notes taken in onenote and then I had a separate page for my Lab Report. My course notes and Lab Report ended up being super useful when I moved into the lab itself. I also kept a section for useful items I found along the way, websites, commands, tools etc.

The course itself was pretty straightforward and easy. They do introduce you to thinking for yourself in the book right away. For example they will tell you the process of an exploit but not tell you what machine. You’ll have to use what you know to find the machine and test the topic on it. I found this fun and always looked forward to it. They also sometimes will tell you maybe 70% of how to do something in the course work and you need to figure out the last 30%. This was true for the buffer overflows section. There was much to learn there.

I read posts from people saying that they stopped watching the videos almost immediately. I decided to take a more disciplined approach and watch the video before each section. I found some useful hints doing this. THE VIDEOS DO NOT 100% ALIGN WITH THE BOOK.

At the end of the course I was chomping at the bit to get started in the Lab.


The second 30 days with PWK  – The Lab:

Kill Count:

Rooted: 21 Machines

Limited shells: 2 Machines

Unlocked Networks: 1/3


Pace: I took almost all of December off from work and focused 90% of my time on the Lab.


The lab…… the lab the lab the lab….. So many hours…….. So many tears….. So many F-bombs…..  No seriously. I don’t know how people do this course while working a full time job. I took 3 1/2 weeks off of work and barely nicked the surface of the Lab machines. There are so many things to do, it’s very overwhelming when you first start.

When you first start in the lab you’re told to find the low hanging fruit. Except if you have no idea what you’re looking for, everything is low hanging. My first machine took me 2-3 days to root. Then I sped up after each one. On average I was rooting 2-3 machines a day, with 10-15 hours each day invested.

Each machine could take anywhere from 30 min up to 15 hours for me to root. I tried to avoid the forums as much as I could but starting out I used them pretty heavily. They are full of useful hints. The Offsec team makes a conscious effort to remove all spoilers, so you shouldn’t find any answers in there.

I used metasploit on approximately 30% of the machines. Though the Offsec team doesn’t discourage its use, I always used it last instead of first. There were some machines that seemed there was only a metasploit exploit.

The thing I found most challenging was learning to enumerate a machine. There’s no magic button for this. You just have to earn the knowledge. Learning what to look for at each stage, remembering it and doing it faster next time.



So in the end I did okay. I waited until the last day to schedule my exam so I have to wait a month in order to take the OSCP… That being said, I’ve decided to extend my Lab time out another 30 days. The extension is only another $250 so if it keeps me frosty until the exam, I’ll be happy. Also there’s an admin network that I want to gain access too 🙂

1 Comment
Leave a Reply

five × five =