My OSCP Journey Brain Dump

I recently got my email saying I passed the OSCP exam first time. This blog will illustrate the approach I used and what worked for me. I hope it helps out some of you who are trying to get it done.

(TLDR: The recommendations at the end might help)

My experience and why I did the OSCP exam.

After working and talking to people who have completed the OSCP exam, I sensed that there was something I was missing in my methodology. The people who completed the exam managed to work more efficiently and they were testing in greater detail which meant they could sometimes escalate a medium vulnerability to a high. So after completing the exam I was hoping to gain the following:

  • More self confidence in my own testing methodology. This would mean I am sure I haven’t missed anything critical during the test.
  • More efficient testing methodology. The PWK Labs would be able to offer a lot of experience and practice which is something that would help my methodology.
  • More knowledge.

My Journey (December — March)

January

After these two weeks I felt exhausted but I was itching to have a go at the labs. I forced myself to take a week break so that I would feel refreshed and I don’t get burnt out.

With 40 days remaining, I popped my first box. It was one of the easier boxes with a common windows exploit. After this, I spent a couple of days doing another box, Phoenix. This one felt very satisfying as the new things I learned in the PWK course really helped.

Ending the month of January, I managed to complete the course materials and make a start hammering my way through the Labs. My current skills allowed me to get user in roughly 6 hours and root in 6 hours. I also needed the forums to guide my thinking a bit. So far I was happy that I was able to do it.

February

I also managed to get the big 4 machines; Pain, Sufferance, Payday and Gh0st. I needed a lot of help on Sufferance and Gh0st though. After doing Pain I’ve never been the same since, that one does some serious character building!

March — Aborting the first exam attempt

The main thing that was bothering me was that I still needed the forums and I was always learning something after doing a box. The use of the forums had changed from pointing me in the right direction to confirming what I already thought. The stress and amount of work I was doing also made me feel exhausted which affected my performance. Thus, I postponed my exam by 1 month.

March — the final push

In the middle of February, the PWK course was updated to the 2020 materials where everything was improved. I looked through the syllabus and I found some of the content was information I learned myself in the labs. I thought that there would be extra ‘golden nuggets’ in the new course notes so I decided to upgrade my materials and buy 3 weeks of lab time.

This was one of the best decisions I made during my journey. The new course explained everything much better, there were a lot more exercises as well. I spent the first week of the labs going through the exercises. There were hundreds more pages and a lot more exercises to do. I still managed to learn a fair amount as well. Near the end of the syllabus, the lab exercises consumed a lot more of my time so I decided to stop the exercises and just read through them.

Covid-19 was in full swing now. Lock down had started and my company put me on furlough. This was perfect timing and I spent the time leading up to the exam doing all the boxes again.

I discovered the lab machines were more up to date and some of the original ways I used to exploit machines did not work. This allowed me to improve my privilege escalation skills which was the main thing I learned during this second phase.

Preparation in the week leading up to the exam

To avoid the burnout I experienced in the first attempt, I stopped popping boxes 2 days before the exam. I spent one day on buffer overflow practice before the exam.

I also did some loose capture the flags where I would go through a walk-through and scroll down the page slowly. After seeing the results of the scan I would try to guess what the next step would be. This requires some thinking but it is not so strenuous. This also allows me to understand other people’s methodologies and learn about different points of view.

The exam

My plan was to do 2 boxes before going to bed. Then have the following day to do the remaining boxes until I get 70+ points.

In reality, I managed to get 55 points before going to sleep and so I spent the next day getting the final box and then reporting for the rest of the day.

My thoughts about the OSCP

The three goals I listed earlier in the blog were definitely met and I am very happy with this achievement.

  • More self confidence.
  • More efficient and thorough testing methodology.
  • More knowledge.

My Recommendations

  • The forums are there to help but try your best to not be too reliant on it. Its great to see other people’s opinions.
  • Try harder mentality is great and all but also remember to take a step back if you get stuck.
  • Ask for help when you need it.
  • For every box, try to find something that you can learn.
  • Try not to burn out.
  • If you have a 9–5 job, try book a week or two off to study.

Appendix A: Normal revision weekday.

0545 — Wake up

0630 — Get on the bus. Catch up on sleep.

0800 — Get on the second bus to work.

0900 — Start work.

1700 — Finish work. Then get the first bus home.

1800 — Get on the second bus home. Do roughly 45 minutes of studying. This is mostly going through the course materials and doing lab exercises.

2030 — Get home and either study for an hour or go gym for 2 hours.

0000 — Sleep

Appendix B: Moving Forwards

Thank you for reading.

Turkey.

--

--

Blogging

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store