1. OSCPãšã¯
OSCPããŸãã¯Offensive Security Certified Professionalã¯ããããã¬ãŒã·ã§ã³ãã¹ã¿ãŒãã»ãã¥ãªãã£å°é家ãèªèº«ã®ã¹ãã«ã蚌æããããã®èªå®è©Šéšã®äžã€ã§ãããã®èªå®ã¯ãå®éã®ç°å¢ã§ã®ãããã¬ãŒã·ã§ã³ãã¹ãã®ã¹ãã«ãè©äŸ¡ããããšãç®çãšããŠããŸãã
1.1. OSCPã®èæ¯ãšç®ç
OSCPã¯ãã»ãã¥ãªãã£æ¥çã§é«ãè©äŸ¡ãããŠããèªå®ã®äžã€ã§ãããã®èªå®ã¯ãOffensive Securityãšããçµç¹ã«ãã£ãŠæäŸãããŠããŸããOSCPã®äž»ãªç®çã¯ããããã¬ãŒã·ã§ã³ãã¹ã¿ãŒãã»ãã¥ãªãã£å°é家ãå®éã®æ»æã·ããªãªã§ã®ã¹ãã«ãæã£ãŠããããšã蚌æããããšã§ãã
1.2. OSCPã®ç¹åŸŽ
OSCPã¯ããã®å®è·µçãªè©Šéšåœ¢åŒã§ç¥ãããŠããŸããåéšè ã¯ã24æé以å ã«è€æ°ã®ãã·ã³ãããã¯ããã¿ã¹ã¯ã«ææŠããå¿ èŠããããŸãããã®è©Šéšã¯ãåéšè ã®æè¡çãªã¹ãã«ã ãã§ãªããæç¶åãåµé åãè©Šããããã®ã§ããæåããããã«ã¯ãæ·±ãç¥èãšå®è·µçãªçµéšãå¿ èŠã§ãã
1.3. OSCPã®è©Šéšå 容
OSCPã®è©Šéšã¯ãå®éã®ãããã¬ãŒã·ã§ã³ãã¹ãã®ã·ããªãªãæš¡å£ãããã®ã§ããåéšè ã¯ãäžããããæéå ã«ç¹å®ã®ç®æšãéæããããã®æ»æãè¡ãå¿ èŠããããŸããè©Šéšã®çµäºåŸãåéšè ã¯èªèº«ã®è¡åãšçµæã«é¢ããå ±åæžãæåºããå¿ èŠããããŸãããã®å ±åæžã¯ãåéšè ã®åæèœåãã³ãã¥ãã±ãŒã·ã§ã³ã¹ãã«ãè©äŸ¡ããããã®ãã®ãšãªããŸãã
2. OSCPã®è©Šéšåœ¢åŒ
OSCPã®è©Šéšã¯ããã®ä»ã®å€ãã®ã»ãã¥ãªãã£èªå®è©Šéšãšã¯ç°ãªãç¬ç¹ã®åœ¢åŒãæã£ãŠããŸãããã®ã»ã¯ã·ã§ã³ã§ã¯ããã®è©³çŽ°ãªåœ¢åŒãšãåéšè ãè©Šéšäžã«çŽé¢ããå¯èœæ§ã®ããç°å¢ãå¶éã«ã€ããŠèª¬æããŸãã
2.1. è©Šéšã®é·ããšãã®ç¹åŸŽ
OSCPã®è©Šéšã¯ãæ倧ã§48æéã®é·ããæã£ãŠããŸãããã®48æéã®éã«ãåéšè ã¯äžããããè€æ°ã®ãã·ã³ãããã¯ããã¿ã¹ã¯ã«åãçµãå¿ èŠããããŸããæåã®24æéã¯ãå®éã®ãããã³ã°æŽ»åã«è²»ããããæ®ãã®24æéã¯ããã®æŽ»åã«é¢ããå ±åæžãäœæããããã«äœ¿çšãããŸãããã®é·ãè©Šéšæéã¯ãåéšè ã®æç¶åãé©å¿èœåãè©Šããã®ãšãªã£ãŠããŸãã
2.2. å®éã®è©Šéšç°å¢
è©Šéšäžãåéšè ã¯VPNãéããŠæš¡æ¬ãããã¯ãŒã¯ç°å¢ã«ãªã¢ãŒãã¢ã¯ã»ã¹ããŸãããã®ãããã¯ãŒã¯ã®æ§æãããããžãŒã¯äºæž¬ã§ããªããããåéšè ã¯æè»ãªæèãšè¿ éãªå€æãæ±ããããŸãããŸããè©Šéšã¯ç£èŠãããŠããããŠã§ãã«ã¡ã©ãéããŠåéšè ã®è¡åãç£èŠãããŸãã
2.3. 䜿çšã§ããããŒã«ãšå¶é
OSCPã®è©Šéšäžã«ã¯ãå€ãã®ããŒã«ããªãœãŒã¹ã䜿çšããããšãèš±å¯ãããŠããŸããããããäžéšã®ããŒã«ã¯äœ¿çšãå¶éãããŠãããããåéšè ã¯ãããã®å¶éãäºåã«ç¢ºèªããŠããå¿ èŠããããŸããäŸãã°ãå®å šãªèªååããŒã«ãåçšã®ãããã¬ãŒã·ã§ã³ãã¹ãããŒã«ã®äœ¿çšã¯çŠæ¢ãããŠããŸãããã®ãããªå¶éã¯ãåéšè ã®å®éã®ã¹ãã«ãšç¥èãæ£ç¢ºã«è©äŸ¡ããããã«èšããããŠããŸãã
3. OSCPã®è©Šéšã®çŠç¹
OSCPã®è©Šéšã¯ããããã¬ãŒã·ã§ã³ãã¹ã¿ãŒãšããŠã®å®è·µçãªã¹ãã«ãè©äŸ¡ããããšãç®çãšããŠããŸãããã®ã»ã¯ã·ã§ã³ã§ã¯ãè©Šéšã®äž»ãªçŠç¹ããããã«é¢é£ããåãã§ãŒãºãã¿ã¹ã¯ããããŠé£æ床ã«ã€ããŠè©³ãã説æããŸãã
3.1. ãããã¬ãŒã·ã§ã³ãã¹ãã®åãã§ãŒãº
ãããã¬ãŒã·ã§ã³ãã¹ãã¯ãããã€ãã®ãã§ãŒãºã«åããããŸããæåã®ãã§ãŒãºã¯ãæ å ±åéã§ãããã®ãã§ãŒãºã§ã¯ãã¿ãŒã²ãããšãªãã·ã¹ãã ããããã¯ãŒã¯ã«é¢ããæ å ±ãåéããŸãã次ã«ãè匱æ§ã®ã¹ãã£ã³ãã§ãŒãºããããæœåšçãªè匱æ§ãç¹å®ããŸãããã®åŸãå®éã®æ»æãã§ãŒãºã§ããããã®è匱æ§ãå©çšããŠã·ã¹ãã ã«äŸµå ¥ããŸããæåŸã«ãå ±åãã§ãŒãºã§ããã¹ãã®çµæãšæšå¥šããã察çããŸãšããŸãã
3.2. è©Šéšäžã®äž»ãªã¿ã¹ã¯
OSCPã®è©Šéšäžãåéšè ã¯è€æ°ã®ãã·ã³ãããã¯ããã¿ã¹ã¯ã«åãçµãå¿ èŠããããŸããããã«ã¯ãæ å ±åéãè匱æ§ã®ç¹å®ãå®éã®æ»æããããŠå ±åæžã®äœæãå«ãŸããŸããåãã·ã³ã¯ç°ãªãè匱æ§ãã»ãã¥ãªãã£æ§æãæã£ãŠãããããåéšè ã¯æè»ãªæèãšå€æ§ãªã¹ãã«ã»ãããæã£ãŠåãçµãå¿ èŠããããŸãã
3.3. OSCPã®é£æ床ãšãã®çç±
OSCPã¯ãå€ãã®ã»ãã¥ãªãã£å°é家ã«ãšã£ãŠéåžžã«é£æ床ãé«ããšãããŠããŸãããã®äž»ãªçç±ã¯ãè©Šéšãå®éã®ãããã¬ãŒã·ã§ã³ãã¹ãã®ã·ããªãªãæš¡å£ãããã®ã§ãããåéšè ã®å®éã®ã¹ãã«ãè©äŸ¡ããããšãç®çãšããŠããããã§ãããŸããè©Šéšã®é·ããã䜿çšã§ããããŒã«ã®å¶éããããŠè€éãªãããã¯ãŒã¯ç°å¢ãããã®é£æ床ãé«ããèŠå ãšãªã£ãŠããŸãã
4. OSCPãšä»ã®èªå®è©Šéšã®æ¯èŒ
ã»ãã¥ãªãã£ã®åéã«ã¯å€ãã®èªå®è©ŠéšãååšããŸãããããããã®è©Šéšã«ã¯ç¬èªã®ç¹åŸŽãçŠç¹ããããŸãããã®ã»ã¯ã·ã§ã³ã§ã¯ãOSCPãšä»ã®äž»èŠãªãããã¬ãŒã·ã§ã³ãã¹ãèªå®ãšã®éãããããããã®èªå®ã®ç¹åŸŽã«ã€ããŠè©³ãã説æããŸãã
4.1. CompTIA PenTest+ãšã®éã
CompTIA PenTest+ã¯ããããã¬ãŒã·ã§ã³ãã¹ã¿ãŒãšããŠã®åºæ¬çãªã¹ãã«ãè©äŸ¡ããèªå®è©Šéšã®äžã€ã§ããäžæ¹ãOSCPã¯ãããå®è·µçãªã¹ãã«ãšæ·±ãç¥èãè©äŸ¡ããè©ŠéšãšããŠç¥ãããŠããŸããPenTest+ã¯ãè€æ°éžæåé¡ãäžå¿ãšããè©Šéšåœ¢åŒãæ¡çšããŠããã®ã«å¯ŸããOSCPã¯å®å šã«å®è·µçãªè©Šéšåœ¢åŒãæ¡çšããŠããŸãã
4.2. ä»ã®ãããã¬ãŒã·ã§ã³ãã¹ãèªå®ãšã®æ¯èŒ
åžå Žã«ã¯ãCertified Ethical Hacker (CEH)ãeLearnSecurity Penetration Tester (eCPPT)ãªã©ãä»ã®ãããã¬ãŒã·ã§ã³ãã¹ãèªå®ãååšããŸãããããã®èªå®ãããããã¬ãŒã·ã§ã³ãã¹ã¿ãŒãšããŠã®ã¹ãã«ãè©äŸ¡ãããã®ã§ãããè©Šéšã®å 容ã圢åŒãé£æ床ã«ã¯éãããããŸããOSCPã¯ããã®å®è·µçãªè©Šéšåœ¢åŒãšé«ãé£æ床ã§ç¥ãããŠããŸãã
4.3. ã©ã®èªå®ãéžã¶ã¹ãã
ãããã¬ãŒã·ã§ã³ãã¹ã¿ãŒãšããŠã®ãã£ãªã¢ãè¿œæ±ããå Žåãã©ã®èªå®ãååŸãããã¯éåžžã«éèŠãªæ±ºå®ãšãªããŸããéžæããèªå®ã¯ãå人ã®ãã£ãªã¢ç®æšãåŠç¿ã¹ã¿ã€ã«ããããŠäºç®ã«å¿ããŠç°ãªããŸããOSCPã¯ãå®è·µçãªã¹ãã«ãæ·±ããããšèãããããã§ãã·ã§ãã«ã«ã¯æé©ãªéžæãšãªãã§ããããäžæ¹ãåºæ¬çãªç¥èã身ã«ã€ãããåå¿è ã«ã¯ãPenTest+ãCEHãé©ããŠããŸãã
5. OSCPååŸã®ã¡ãªãã
ã»ãã¥ãªãã£ã®åéã§ã®èªå®ã¯ãå°é家ã®ã¹ãã«ãç¥èã蚌æããããã®éèŠãªæ段ãšãªã£ãŠããŸãããã®ã»ã¯ã·ã§ã³ã§ã¯ãOSCPãååŸããããšã®ã¡ãªãããããããæ¥çããã£ãªã¢ã«äžãã圱é¿ã«ã€ããŠè©³ãã説æããŸãã
5.1. æ¥çã§ã®è©äŸ¡
OSCPã¯ããããã¬ãŒã·ã§ã³ãã¹ã¿ãŒãšããŠã®é«åºŠãªã¹ãã«ãšç¥èãæã£ãŠããããšã蚌æããèªå®ãšããŠãæ¥çå ã§éåžžã«é«ãè©äŸ¡ãããŠããŸããå€ãã®äŒæ¥ãçµç¹ã¯ãOSCPãæã€å°é家ãæ¡çšããéã«ããã®èªå®ãéèŠãªè³æ ŒãšããŠèæ ®ããŸãããŸããOSCPã¯ãå®è·µçãªè©Šéšåœ¢åŒãæ¡çšããŠãããããååŸè ã¯å®éã®ã»ãã¥ãªãã£ã®çŸå Žã§ã®ã¹ãã«ãæã£ãŠããããšãä¿èšŒãããŸãã
5.2. ãã£ãªã¢ãžã®åœ±é¿
OSCPãååŸããããšã¯ããããã¬ãŒã·ã§ã³ãã¹ã¿ãŒãã»ãã¥ãªãã£ã¢ããªã¹ããšããŠã®ãã£ãªã¢ãè¿œæ±ããäžã§ã倧ããªã¢ããã³ããŒãžãšãªããŸããå€ãã®äŒæ¥ã¯ãOSCPãæã€åè£è ãåªå çã«æ¡çšããåŸåããããŸãããŸããOSCPååŸè ã¯ãå¹³åçãªçµŠäžãé«ããªãå¯èœæ§ããããŸããããã¯ãOSCPãæ¥çå ã§ã®é«ãè©äŸ¡ãåããŠããããã§ãã
5.3. OSCPååŸè ã®å£°
å€ãã®OSCPååŸè ã¯ãè©Šéšã®é£æ床ãå®è·µçãªå 容ã«ã€ããŠãéåžžã«æºè¶³ããŠããŸãããŸããOSCPãååŸããããšã§ããã£ãªã¢ã®æ©äŒãå¢ãããšæããå°é家ãå€ãã§ããäžæ¹ã§ãè©Šéšã®æºåãåŠç¿ã«ã¯å€ãã®æéãšåªåãå¿ èŠã§ãããšãã声ããããŸãããããããã®åªåããã£ãªã¢ã®æåã«ã€ãªãããšæããååŸè ãå€ããOSCPã¯ã»ãã¥ãªãã£ã®åéã§ã®ãã£ãªã¢ãè¿œæ±ããäžã§ã®äŸ¡å€ããæè³ã§ãããšèšããŸãã
6. OSCPã®åŠç¿ãªãœãŒã¹
OSCPã®è©Šéšã¯éåžžã«å®è·µçã§é£æ床ãé«ããšãããŠããŸãããã®ãããè©Šéšã«åæ Œããããã«ã¯ååãªåŠç¿ãšæºåãå¿ èŠã§ãããã®ã»ã¯ã·ã§ã³ã§ã¯ãOSCPã®åŠç¿ã«åœ¹ç«ã€ãªãœãŒã¹ãæ¹æ³ããµããŒããæäŸããã³ãã¥ããã£ã«ã€ããŠè©³ãã説æããŸãã
6.1. ããããã®åŠç¿è³æ
OSCPã®åŠç¿ã«ã¯ãå ¬åŒã®åŠç¿ã¬ã€ãããªã³ã©ã€ã³ã³ãŒã¹ãéåžžã«åœ¹ç«ã¡ãŸããç¹ã«ãOffensive SecurityãæäŸããå ¬åŒã®ãã¬ãŒãã³ã°ã³ãŒã¹ãPWK (Penetration Testing with Kali)ãã¯ãè©Šéšã®å 容ã«å¯æ¥ã«é¢é£ããŠããããã匷ããããããããŸãããŸããå€ãã®æžç±ããªã³ã©ã€ã³ã®ãã©ãŒã©ã ãããã°ããOSCPã®åŠç¿ã«åœ¹ç«ã€æ å ±ãæäŸããŠããŸãã
6.2. å®è·µçãªåŠç¿æ¹æ³
OSCPã®è©Šéšã¯å®è·µçãªãããçè«çãªç¥èã ãã§ãªããå®éã®ãããã¬ãŒã·ã§ã³ãã¹ãã®ã¹ãã«ãå¿ èŠã§ãããã®ãããä»®æ³ç°å¢ã§ã®ãã³ãºãªã³ã®ç·Žç¿ããCTF (Capture The Flag)ã€ãã³ããžã®åå ã¯ãå®è·µçãªã¹ãã«ã磚ãã®ã«éåžžã«åœ¹ç«ã¡ãŸãããŸãããããã¬ãŒã·ã§ã³ãã¹ãã®ã·ããªãªãåçŸããã©ãç°å¢ã§ã®ç·Žç¿ããè©Šéšã®æºåã«ã¯æ¬ ãããŸããã
6.3. ã³ãã¥ããã£ãšãµããŒã
OSCPã®åŠç¿ã¯ãæã«ã¯å°é£ã§å€ç¬ãªãã®ãšãªãããšããããŸããããããå€ãã®OSCPåéšè ãååŸè ãåå ãããªã³ã©ã€ã³ã®ã³ãã¥ããã£ããã©ãŒã©ã ã¯ãåŠç¿ã®ãµããŒããæ å ±äº€æã®å ŽãšããŠéåžžã«åœ¹ç«ã¡ãŸãããããã®ã³ãã¥ããã£ã§ã¯ãåŠç¿ã®ãã³ããè©Šéšã®çµéšè«ãããã«ã¯åŠç¿è³æã®æšèŠãªã©ãå€ãã®æçãªæ å ±ãå ±æãããŠããŸãã
åèæç®
- 7 Reasons You Canât Compare the PenTest+ and OSCP –
ãã®èšäºã¯ãCompTIA PenTest+ãšOSCPã®æ¯èŒã«ã€ããŠè©³ãã説æããŠããŸããOSCPãšPenTest+ã®è©Šéšã®é·ãã圢åŒãçŠç¹ãé£æ床ãªã©ã®éãã«ã€ããŠã®è©³çŽ°ãªæ å ±ãå«ãŸããŠããŸãã