Project News

Penetration testing is the process of testing for the existence of vulnerabilities in system security by trying to penetrate the system using actual attack techniques of cyber attackers against networks and systems connected to the Internet. This must be done with the owner's permission. By conducting penetration testing, it is possible to find vulnerabilities that are difficult to find during the network configuration and system development stages, and enhance security.

To learn this penetration testing method, intensive training on "Penetration Testing with Kali Linux (PWK-OSCP)" was held for 5 days from November 1, 2020.

OSCP (Offensive Security Certified Professional) is a certification provided by Offensive Security, an American company. OSCP certifies that a person has the technical skills to break into a server prepared as a target of an attack and elevate its privileges (hijacking servers).

Penetration testing is a method of discovering vulnerabilities in a system by conducting a cyberattack on them with the network or system owner's permission.

It's an important cybersecurity fact, but one needs to know cyberattack to defend against it.

To pass the OSCP, trainees require extensive knowledge of cyberattacks and defenses. Specifically, this includes gathering the information needed for attacks, and writing and executing attack code to take advantage of discovered vulnerabilities.

The instructor was a group called CyberJutsu, a group that conducts top-level penetration testing in Viet Nam. Although they are young, they have a lot of experience in Capture-The-Flag (*) and security vulnerability assessment, so they were the perfect instructors for this advanced training.

After 5 days of intensive training, the trainees will take 90 days of virtual space training to prepare for the OSCP exam:

• Only a practical exam.
• The test duration is approximately 48 hours: In the first 24 hours, the test server is attacked and hijacked. The remaining 24 hours will be used to submit a report on the results of the attack. All exams and reports are in English.
• One can take the exam online, but will be monitored by webcam and screen sharing during the exam.

It is a very tough certification exam, including pre-training, but the project also provides 90 days of post-intensive training and technical support to ensure that all trainees pass.

* Capture-The-Flag: a competition to find the hidden information in security challenges and earn points.(external link)