Happy July 4 to everyone in the United States. Today is the last day of my PWK course. It's been intense, and in the practice labs I did better than I expected, but not as well as I'd hoped. Considering the fact that 99% of my “training” has been self-study—poring through books, websites, “text-philez”, PDFs, online courses, and (occasionally) videos on YouTube—I think I did fairly well.
I'm no longer a Novice, not quite Adept, but well along my way as an Apprentice. I'm at the point where I have more training, knowledge, and skill (in this specific skillset) than 99% of the general population… But when it comes to hacking, that doesn't really say much. Most people have no clue what a “TCP Three-Way Handshake” is, let alone what to do with an “SQLi Privilege Escalation Exploit”. But that's basic, fundamental knowledge for professionals. The real pros—the ones who could rightfully call themselves “Masters” of the craft—are doing things with technology that could be (and often are) the basis of their doctoral thesis.
In other words, even though my PWK journey is coming to an end, my journey to Master Hackery has only just begun. I'm excited to see what I can learn next! But for now I'm focused on that looming test.
I've always been of the “hope for the best; prepare for the worst” mindset. As such, I fully expect to fail my first attempt at the OSCP. (If it were easy, it wouldn't be such a well-regarded certification.) If I fail, I'll get an extension, practice more, and try again. And again. Until I slay it. The PWK labs are the dungeon, the OSCP test is the dragon, and I'm gonna get that loot, one way or another.
But in the couple weeks prior to the OSCP, I plan to spend time practicing my buffer overflow skills, practicing in the HTB labs, and working on a few personal projects I've got waiting in the wings.
And maybe catch up on sleep. I'll need it before the test.