Saturday, January 21, 2012

Course Review - Penetration Testing with BackTrack (PWB)

Please be informed that this course has been renamed to "Penetration Testing with Kali Linux (PWK)"

The Background

About 2 to 3 years ago, I came to know BackTrack 3 and 4. I did not know what this distribution for. At that time, I knew that it is for bad guys according to a local computer magazine.

Later, I came to know the term of "Penetration Testing" and I wanted to know more about this kind of technology and skill. I searched for the videos on the YouTube and learnt something new. However, I did not fully understand what the videos actually talking about and doing.

Some guys in the internet stated that this course (Penetration Testing with BackTrack) is teaching you how to use the BackTrack Linux distribution only and nothing more. Okay, that was not bad at all as I knew nothing about this distribution. Why not took it a try?

Last year, I decided to take this course to learn more about Penetration Test and registered. The course vesion is 3.0 at the time when I took it and it is working very well on BackTrack 5 R1. The price is not high compares with other Information Security courses in the market.

The Course

This course is designed for beginners just like me. It requires you have some knowledge of networking and some programming experience as well as to know how to use Linux and Windows systems. This course is not designed for very skilled and experienced Penetration Testers, in my opinion.

You have a VPN lab, which equipped with several subnets and over 50 machines (I discovered 58), to practice what you have learnt from the course materials. Those machines in the lab are not designed for simple or single step exploitation. You are required to use your creative thinking and skill to compromise those machines.

You are not required to compromise all the machines in the lab in order to take the final challenge, the exam. You can even compromise one machine in the lab and then enroll for the exam. You have 23 hours and 45 minutes to do the exam and submit the report within the next 24 hours. You should enroll the exam within 90 days after the expiration of the lab access time unless you extended it.

The compromised machines in the lab is required to document as well as the exercises in the course materials. In addition, the extra miles in the exercises may count for the exam, I think. So, I suggest to do them all if you can.

In my opinion, make some friends in the #offsec irc channel may help you to solve some problems during the lab access. The most interested thing is that the officials at #offsec irc channel will not help you much for the lab. Sometimes, they may give out hints but sometimes are misleading or useless. They will also tell you to "Try Harder!". Yes, "Try Harder!" is their slogan.

The Challenge

The exam was not easy as I think especially under the pressure. My exam was started in the late evening, that means, I needed to do the exam overnight in the early beginning due to my time zone. I was very tired during the exam. Even I took an hour or so nap, I could not thinking very well. I did some careless mistakes or silly things during the exam and I was wasting a lot of time. My mind was blocked with the problems that I came across. I did not perform very well in the exam.

Finally, the exam was over and the report was submitted. Within 3 business days, I received an email which informed me that I passed the challenge. If you passed the challenge, you will be an Offensive Security Certified Professional (OSCP). I am an OSCP now!

The Conclusion

In conclusion, this course will teach you all the basic Penetration Testing skill and it is worth to take if you are not a very skilled and experienced in this field. I am very enjoy during the course. I learn a lot with the lab and course materials. Recommended!


Course Review : Am I ready for taking the course of PWB