Post

40 Days to OSCP

Posted Updated
By Hong Wei 4 min read

Note: As with any certifications, NDA/policy dictates that questions or answers cannot be discussed here. The purpose of this post is simply to share experiences.

Clicked on this article expecting click-bait? Well, not really, I suppose. I did take the exam just 40 days after enrolling in the PWK course. It was a hell of a journey. But was it worth it? Hell yeah.

Resources:

OSCP Offensive Security Certified Professional

It seems inevitable that anyone who successfully completes this examination will share their thoughts, regardless of whether it’s a message or a video detailing the painstaking preparation process.

Full Disclosure: I earned the CEH (Certified Ethical Hacker) Master certification, which provided me with a foundation in Linux and red teaming concepts before embarking on this course and examination. Additionally, I am currently employed full-time as a DFIR Analyst, offering me valuable insights into the tactics and methodologies employed by threat actors, as witnessed in my previous cases.

Why the OSCP?

  1. Before embarking on the OSCP journey, it’s crucial to understand your personal motivation. Ask yourself why you want to take this exam. Is it for job advancement, opening up more career opportunities, or acquiring knowledge? Having a clear personal reason will help maintain motivation, especially during challenging times. Passion becomes your driving force when the initial excitement fades away. As for me, well it’s due to [REDACTED]. -> Anyone who is relatively close to me can slide in my DMs for this.

  2. The OSCP heavily relies on Kali Linux (Well it’s called PWK for a reason). Getting comfortable with Linux is essential. Familiarize yourself with basic commands, file systems, and navigation. Develop the skills to efficiently work within a Linux terminal, as it is a fundamental aspect of the exam.

  3. Take detailed notes for all modules and machines. Document your thought process, commands used, successful exploits, and lessons learned. These notes become invaluable during the exam and help reinforce your understanding. Create a systematic approach to organize your notes, making it easier to review and refer back to specific information. If anyone needs any guidance on this, feel free to bump me up.

  4. Avoid spending too much time on a single machine. If you encounter difficulties, it’s often more productive to move on to another machine and revisit the challenging one later. Effective time management is crucial during the exam, and learning to allocate time wisely on each machine contributes to success. Learn when to give up and take hints. I cannot stress this enough.

  5. The OSCP exam is designed to be challenging. Embrace a “Try Harder” mentality, a mantra often associated with the course. Persistence is key. When faced with obstacles or setbacks, approach them with a determined mindset. Keep trying different approaches until you find a solution. If something ain’t working, take a break, workout, do something else. It really helps.

Personal Process:

  • 11th January: D-Day.

  • 20th January: Completed Learning Modules in the PWK Course.

  • 25th January: Pwned MedTech (Challenge Lab within the PWK Course)

  • 31th January: Pwned Relia (Challenge Lab within the PWK Course)

  • 3rd February: Pwned OSCP Challenge Lab A (Simulated Exam Environment within the PWK Course)

  • 5th February: Pwned OSCP Challenge Lab B (Simulated Exam Environment within the PWK Course)

  • 7th February: Pwned OSCP Challenge Lab C (Simulated Exam Environment within the PWK Course)

  • 15th February: Completed TJ’s Nulll Recommended List on PG Practice ONLY (Linux Machines)

  • 19th February: Completed TJ’s Nulll Recommended List on PG Practice ONLY (Windows Machines)

  • 20th February: Exam Day.

Exam Day:

  1. D+4 Hours - Gained Foothold in Standalone A

  2. D+5 Hours - Pwned Standalone A

  3. D+10 Hours - Gained Foothold in Standalone B

  4. D+11 Hours - Pwned Standalone B

  5. D+12 Hours - Gained Foothold in Standalone C

  6. D+13 Hours - Pwned Standalone C

TL;DR: People suggest cracking Active Directory and one standalone machine to pass, but I struggled to even gain a foothold in Active Directory MS01 after multiple attempts. It was frustrating, and after around 10 hours, I realized my only viable option to passing the OSCP might be solely focusing on standalone machines, which wasn’t an enjoyable experience to be fair. I guess I didn’t try harder. Sighs.

Exam Strategy

Contrary to the common advice of practicing on HTB boxes and TryHackMe machines before taking the course, I take a controversial stance and suggest focusing solely on the PEN-200 PWK course. In my experience, the machines in the OSCP exam are distinct from those on other platforms; OffSec creates their boxes uniquely. I believe that the PEN-200 course and the PG Practice are adequate, but with a strong emphasis on practicing PG Practice. I feel that the challenge labs within PWK are kind of insufficient, based on my personal experience.

Closing

It’s been hell of a ride. Breathing, eating and living the OSCP throughout these 40 days is mentally taxing and exhausting. I cannot have any other words to express this hell of a journey. For anyone that may be taking on this course, GLHF.

Certifications
Certifications OSCP OffSec
This post is licensed under CC BY 4.0 by the author.