What It’s Like Being a Pentester After OSCP
Job Hunting? Go Away….😤
So after you become an OSCP you expect jobs to just start raining on you after you stamp that OSCP in your resume and start sending it out. Yea....no. If you're like me and all you have is OSCP and Hackthebox in terms of network security experience job hunting can be absolutely excruciating. The interviews process can make you feel like you know absolutely nothing; which is partially true if you were like me at the time. What you don't realize after you get that cert is that you will be interviewing with hackers who have been hacking since before Offensive-Security (the company) even existed. On top of that, you almost always will be interviewed by a panel of netsec folks who can detect BS a mile away and know the answer to every question they're asking you both inside, out, backwards, and forward.
Like, for real. Things can be pretty brutal. Often times it's the pentesters themselves giving the 'yay' or 'nay' too so often times my potential wasn't considered. No one cared that I just one day decided to become a hacker and just did it out of pure passion and interest. A lot of times they look at, what you know, who you know and what can you hack, and that's it. What helped me out a lot was getting into bug bounties which entailed a lot of web app work. Another key thing I was doing was using all the interview questions as study material for the next interview. When I first started out I failed many opportunities at getting a job. Sometimes I would go 3 rounds and lose, 😩 but don't give up!
Actually getting a job….🔨
Once you actually get a job as a pentester (specifically at a pentesting company) it's like joining the special forces or something (bad analogy). Instead of taking funds from your retirement account just to pay for more lab time in hopes of MAYBE getting a job in the distant future, you now have an entire enterprise designed to get you, yes YOU, in position to hack some huge company's network, write a report, and deliver it to the client. Everything that's in the department designed to improve your hacking skills and abilities and make you a more productive pentester. Instead of hacking alone in your office or basement you now are surrounded with hackers, and if you're blessed, friends who have been doing this since you were in diapers (metaphorically and literally in some cases).
It feels like going from Golds Gym to an NFL workout facility; best way I can describe it. Obviously you get in and realize how little you know, I think that goes without saying at this point, but you learn a tremendous amount in a short amount of time. You learn how to speak with clients, the business life-cycle, reporting and documentation, and of course hacking skills. To be honest I didn't really realize how much I learned until I spoke to someone who I did OSCP with who hadn't gotten a pentesting gig yet. I could pretty much flood them with things that I was able to pick up from working with other hackers [Shoutout to Radioboy].
Hacking Huge Companies 🌆
Another thing you probably haven't thought about is the clients. It's possible that you, yes YOU, could be placed on some huge company's internal network and tasked with "hacking them to pieces." It could be a restaurant chain that you just ate at last night or a huge tech company that you buy products from often. Can you imagine shelling some of your favorite companies and dumping the hashes of their entire AD onto your terminal? There's not many feelings that are better than passing OSCP if you're in this industry but doing that NEVER gets old!
Furthermore, their networks are usually a lot more dynamic. So instead of hacking in a /24 network you could be assigned multiple /16s or more all with a variety of vulns and exploits for you to enjoy. It's like hacking a Rain Forrest of hosts (lol). You'll be exposed to all kinds of networks as well, standard Windows AD networks, AWS, Azure, and on and on. You'll also have to work around different antivirus solutions as well like Sophos, Carbon Black, Splunk thing etc. etc.
I'm going to be doing another blog about some of the elementary things you should know staring out as a pentester which will touch base on some of the specifics I've learned, don't worry 😉.
The Disappearing Act 🎩
When I was going through OSCP I used to wonder why it seemed like pentesters had such little time. What could it possibly be that almost always drives people from forums and channels where they once spent a lot of time? Now that I am a pentester I can tell you: A lot of it due to the documentation associated with doing consultant work. Often times, with these super fun assessments, pentesters must construct long and detailed attack narratives for clients to read and digest. Sometimes these reports can be super long and the last thing you'll want to do is hop a chat room and type more than you already have to.
Also, a lot netsec chats talk about overcoming issues you encounter in the wild. "Hey does anyone know any tools that can be used to bypass AMSI?" But these kinds of questions can now be answered by the peers that you work with reducing the need for these types of chat rooms even more. You've already been talking about Bluekeep with your neighbors, why have the same conversation again online?
Another factor is the learning aspect. Some engagements require 100 percent focus and hours extracurricular research. On top of this, sometimes there's a cert that someone wants to pursue and that too diminishes the time you see that person online. This isn't exclusive to pentesters though. You may be experiencing that yourself as you go through OSCP or another cert of interest. Time can start becoming an enemy and often times a way to combat that is letting social media, forums, and chats go.
######## #
################# #
###################### #
######################### #
############################
##############################
###############################
###############################
##############################
# ######## #
## ### #### ##
### ###
#### ###
#### ########## ####
####################### ####
#################### ####
################## ####
############ ##
######## ###
######### #####
############ ######
######## #########
##### ########
### #########
###### ############
#######################
# # ### # # ##
########################
## ## ## ##
Metasploit's ish
Questions Comments? 💡
If anybody has any questions about this hit me up on the tweets! @Clutchisback1 I am by no means some expert on this topic but wanted to share my personal experience for those who wonder what the transition was like for me. It really is better than what you can imagine, especially if you're at a job where you can't use your hacking skills...OMG...you'll love it! Keep getting after it and studying if you're in that transition phase looking for a job after OSCP. You'll get something if you don't give up; Have faith!