Road to OSCP
I recently became an OSCP holder and wanted to share my experience of the process. It’s no doubt that OSCP is still the gold standard in the industry, and will most likely stay way for a looong time. Knowing this and wanting to have a career in offensive security, obtaining OSCP has always been goal of mine. Since seriously starting in security more than 1 year ago, OSCP was one of those goals I had set out for myself, but knew it would be a long and hard journey before making it.
The Prepartion
Before OSCP, I had already done a few practical certs, so I kinda knew what I was getting into. A few months prior to taking the course, I had passed the the CPTS from HackTheBox which I absolutely loved and can’t reccomend enough. I would even say if you’ve done the CPTS you are more than ready to take the OSCP without any extra prep, which is what I did (almost).
At most, I breifly skimmed through the OSCP/PEN200 material, but found it nowhere close to the quality of material in the CPTS. In saying that the material taught is not by bad by any means. The Course is meant for an intro-level pentester and builds up all the knowledge needed to start in pentesting.
Like I mentioned earlier I had already done the CPTS and hearing from others experience, that was more than enough to pass the exam. I still wanted some extra practice before making my attempt, so did as people suggested and went through the TJNull list, mainly focusing on Proving Grounds boxes and ocassianly did a HackTheBox machine.
During this time, I really focused on speed and tried to be as efficent as possible given the timeframe of OSCP. I think I did around 40 Offsec boxes before being on the brink of going insane. Most of the boxes are braindead, and some will make you quesion your career path. I was around two months in of studying and still didn’t feel ready.
Exam Experence
I decided enough is enough, and scheduled my exam a week before midterms. The week leading up to exam, I did 0 practice. As my manager told me, no amount of studying will save you on the few days before your exam. And I think that’s true especially for practical certs.
The procorting process was pretty staight forward, maybe took an extra 30min to get all that setup. Throughout the exam I took a few breaks, mainly to use the restroom or get food.
I ended up getting enough points to pass within the first 5hrs of the exam. Once I had enough points I took an hour break to clear my head. Once back, due to my poor note taking skills I had to spend another 3hrs going back and collecting my screenshots for the report.
As most will agree, the report is the most annoying part of the exam. I ended up using the Word template provided by Offsec
Tips and Tricks
If OSCP taught me anything, it’s that security can be stupid and you should try anything and everything. It’s that mentallity of leaving no stone un-turned. There we’re a few times on the exam where I questioned myself, “no way this is the path, right?”, and low and behold it was indeed. Even if you have the slightest idea that something might work, try it or make note of it and come back to it later. I like to keep a notepad of quick thoughts of things i’ve tried and ideas.
The OSCP is 24hr exam and for that reason, speed and efficiency is everything. I reccomend making sure you have solid foundtaion for methodoligies going in. You should be able to know all enumeration steps you need to take when you see a service or how to find them.
Recap
As I’ve told others, I didn’t really learn much content wise from the OSCP, but I did learn how to play the Offsec game