My first goal as I descend deeper into the security world is to get a certification under my belt basically just to inspire confidence in myself that I know the ropes of penetration testing. I have briefly looked into the myriad of certifications out there pertaining to penetration testing, and wow this is quite a segmented market with no clear over-arching regulatory body, at least from my brief research. For now, I'm going to shoot for the OSWP because it looks the most fun, but I'm going to just keep this question at the back of my mind and start aimlessly preparing. My initial goal is to just start grinding CTF's and vulnerable Boxes for a few months, making write-ups for them as I go. Cliche indeed. So, here's my initial list of CTF's and Boxes I want to complete and do write-ups for:
- Ring Zer0 Team - Sysadmin Linux (8 challenges)
- Ring Zer0 Team - Web (45 challenges)
- Kioptrix: Level 1
- Kioptrix: Level 1.1
- Kioptrix: Level 1.2
- Kioptrix: Level 1.3
- Kioptrix: 2014
- FristiLeaks 1.3
- Stapler 1
- VulnOS 2
- SickOs 1.2
- Brainpan 1
- HackLAB: Vulnix
- /dev/random: scream
- pWnOS 2.0
- SkyTower 1
- Mr-Robot 1
- PwnLab
- Lin.Security
- Temple of Doom
- Pinkys Palace v1
- Pinkys Palace v2
That should be plenty to get started with, let's just see how long this takes me in my free time!