…and why it probably won’t work for you.
Background
An important factor is one’s prior experiences. It is very likely that I was coding, setting up web-servers, routers, hacking WiFi, and compiling Apache before you were born. Keep that in mind as I explain what worked for me. No I’m not 100 yet, just 37.
Beyond that, I have a Master’s in Computer Science, researched in Wireless Communications for 3 years, worked as an Embedded Software Developer for 3 more years, and worked as a Security Analyst in a SOC for a year and a half after that, before embarking on my OSCP journey. Why do I need the OSCP if I did all that? Personally, I don’t need it, but HR doesn’t care how may PhDs you have, or what you do in your free time. All that matters nowadays is certifications from private companies.
Timeline
Prior purchasing the OSCP course, I set up a plan on how to get there. I wanted to be structured and do as much as possible to maximize my chances of passing the exam. The plan was:
- Complete the Offensive Pentesting TryHackMe learning path.
- Complete TJ_Null’s list of Hack The Box OSCP-like machines.
- Enroll in the OSCP/PEN-200 course and complete your certification.
I completed 1. Being super-motivated in the beginning, I started on TJ_Null’s list. I did a few machines on the list and a few others that attracted my attention (Lame, Brainfuck, Shocker, Bashed, BroScience). Then life got in the way, motivation kinda went down and I didn’t do much more.
On May 25th 2023 I purchased the OSCP course. Due to work and life, by mid-April 2024 (almost a year later) I had only gone through 18 out of the 25 chapters in the training material, and I had completed zero (0) challenge labs. With a bit over a month left in my subscription, I started panicking.
So what did I do? What I do best; isolated myself from the world and focused 110% on one single task. April 21st-23rd I finished all remaining chapters in the training material and did all of the Capstone exercises. I had decided that if I’m gonna have any chance to pass, I will need the 10 bonus points. That meant that I had a bit over a week to complete 30 out of the 57 challenge labs. Starting on April 23rd, I went full beast-mode on the challenge labs. By April 28th, and after I had lost 4 kgs, I had completed 37 our of the 57 challenge labs and therefore earned the aforementioned 10 bonus points. Btw, thanks to the guys and girls in the #pen-200-challenge-labs Discord! Invaluable help!
I decided this is enough, I got of out of my cave, and had a BBQ for May 1st with some friends, to replenish my lost weight during the week of horror.
The day is May 2nd, 08:00 AM, and the exam starts. I started with the AD-set, but I was struggling to gain foothold. At around 10:30 AM I gave up on the AD-set, and started focusing on the other independent machines. By 03:20 PM I had pwned all independent machines and took a breath of relief. I had technically passed the exam since I had 60 points + 10 bonus points = 70 points.
I took a break for half an hour or so, had a cup of coffee, and went back to tackle the AD-set. No kidding, I was banging my head on the AD set for hours and hours, until around 02:00 AM the NEXT day, without getting anywhere. Eventually, I gained foothold. I cannot go into details but I can say that OffSec loves their rabbit-holes. If you get stuck somewhere it is likely a rabbit-hole. Having gained foothold, I pwn the entire AD-set and get domain admin by 04:15 AM.
By that point I’m completely exhausted. I haven’t slept for over 22 hours. I spent another hour checking that my notes are compete, I checked out and went to bed. The next day I wrote the report as detailed as possible and uploaded it to the portal according to OffSec’s instructions. By May 5th I had the pass mail in my inbox, 12 days after I started working on the challenge labs.
Reflections
Was the exam hard?
Not really. Not hard, but tricky. The recipe that works for me is curiosity. Privilege escalation was easy for me since I click and look everywhere and don’t even have to do any advanced enumeration to get there. What I suck at is initial enumeration. For that I probably needed a checklist, but my chaotic nature eventually worked out and I got in. What should you do? Do that works best for you.
Did I do any PG boxes?
Nope, didn’t touch them. Just the training material, and the following challenge labs: Medtech, Relia, OSCP-A, OSCP-B, OSCP-C.
How did I take notes? What was my structure?
I had no structure. Studying in constrained time conditions meant that I had to do the best I can with the limited time available to me. My tactic was to have a document and just dump any useful commands that I find in there. Then Ctrl+F in that document during the exam and hack on! How should you take notes? The way that works best for you!
Should I put more focus on A or B?
All subjects within the OSCP study material are equally important. Just because I got something on the exam it doesn’t mean that you will get the same.
Do I have any final thoughts?
Yes. Do like me: Assume that you suck at this and prepare for failure. The best way to prepare for failure is to ensure you have the 10 extra bonus points on the exam. By doing so, you may accidentally learn something and score 100 + 10 points on the exam.