OSCP Preparation and Thoughts
OSCP (Offensive Security Certified Professional) is one of the most popular industry standard certificates for pentesters, cyber security students to prove their practical skills set to their future employees. Although, there are many certifications out there such as CEH, SANA, elernsecurity’s certifications etc. However, SANA’s course may too expensive (around $7000 a week training), and elearnsecurity has better course materials than OSCP, but it comes with a poor industry recognition when looking for a job because they are not very popular as OffSec. Also, the OSCP exam is really challenge by rooting 5 vulnerable machines within 24 hours, it exams candidate’s experiences, judgement (if there is rabbit holes and not falling into it), multitasks, time management etc. Therefore, the exam comes extreme intense, and it’s normally for people fail the exam at first or second attempt, but l think that’s one of the values of this certification and why its so popular.
From my experience of OSCP, l think it’s not for candidate who is inexperience in CTFs or computer science related field to start with. Because when the course starts and after introduction some basic concepts then it directly jumps to some complex topics. Also, their lab machines have none guide and walk though. Therefore, if you have not had enough experiences then you will stuck in the middle very soon. I will share my preparation and tips in the next paragraph.
I’m studying Cyber Security and Digital Forensics in my university, therefore, it doesn’t teach in depth for pentesting. So, I had to study it by my own.
I started with tryhackme because its beginner friendly, it has many rooms that teach basic concepts and put you in practice. Mean while, Sir. Heath Adam @thecybermentor has great courses, he has twitter that shares discount code for his courses, so make sure to check out.
Practical Ethical Hacking, Windows Privilege escalation, Linux Privilege Escalation to fill the my gaps from tryhackme.
After took these two courses, I started VHL(virtulhackinglab)
It’s OSCP liked lab environment and has hints for easy and medium level machines, also it has a great Discord community that you can ask around for nudges if the hints aren’t enough to help. I did all the @TJ_Null’s list for OSCP liked boxes in VHL.
When two months VHL’s membership ended, I started Hackthebox, and did most of the @TJ_Null’s list for OSCP liked boxes
and watched IppSec’s walk though, IppSec uses different ways to solve a box includes how to patch the vulnerability, So it really helped for OSCP because you will run out ideas before run out time during the exam.
Here is updated version of @TJ_Null’s list of OSCP liked boxes by @rana__khalil and her OSCP Journey is also very helpful
For buffer overflow preparation, I’d recommend watch TCM’s video for walk though for a vulnserver
and tryhackme room created by Sir @Tib3rius
For practice, I suggest try to finish all the buffer overflow rooms from offensive path in tryhackme, then you should ready to go for buffer overflow.
Enroll for PWK course
I enrolled PWK course at November 2020, after studied the course materials and practice the lab, I booked my first exam at January 5th 2021.
Exam Day
My first exam started at 12:00 PM. After sat up all the software guiding by OffSec then the proctor told me that I may start exam. My first goal was target buffer overflow machine and it’s 25 points. After scanning ports I jumped to debugger machine and followed TCM’s video’s steps to debugger literally. I was nervous when time goes as l need 70 points to pass and I expected getting the passing mark before I exhausted (need to sleep), but because of nervous, I started to forget things that it’s nature to me in daily practices. Therefore, because I missed an obvious step result me stuck for 2 hours. That was way too behind in time and I felt I’m gonna fail. After I had a little break and ate some food then realized the obvious step I missed and then I finished buffer overflow box. The buffer overflow in exam was not too difficult, l could’ve done in 1 hour normally but in exam I did in 4 hours because of nervous:(
My next target is another 25 points machine. That foodhold was tough like hard level machine from Hackthebox, after stuck for 1 and half hour l got a hit. The PriEsc was straightforward, after around 3 hours, I’ve gotten 50 points.
Now I just needed root either 20 points machines then I’d have passing mark then I can rest. After gave notice to the proctor I took a quick shower. I jumped to enumerate those two 20 points machines, I wanted to find out which one is relatively easy to solve for me, less services to enumerate that I may fall into rabit hole and wasting precious time, also I was feeling that I’d be useless after middle night. After one hour enumerating I decided to which one that I can possibly root before middle night.
I directly jumped to that machine and focused to exploit it. After I target the right exploit and had some troubleshooting I got into the machine. Also, I was talking screenshots for every step for exploitation, then will need when write a report. Because if lack any important screenshots will result zero mark on the machine. I used Lightshot for the screenshot and its pretty handy to use for me. The PriEsc part was not that straightforward as the previous one, I had to enumerate a lot, then after target the right exploit, I used it to root it. After root that, I took all the screenshots and told the proctor that I need nap for couple hours. I slept at 3 am and the exam started at 1pm, therefore,I’ve been working for 14 hours, I needed to rest my mind and body for sure. I felt it was intense but also challenge experience, after got passing mark I felt relived because when I was working on the buffer overflow machine, I though I’d fail. Overall, the OSCP experience was awesome, OffSec does a good job for the challenge and push people to try harder.
Next day I was really tried and after gave notice the proctor I went to the 10 points machine, after found the right exploit I used MSF, because I didn’t have much time left. However, somehow, the exploit in MSF didn’t work? I had to troubleshoot for a while but I still didn’t work. When I realized I don’t have much time left then I stopped manually exploiting it but collecting all the screenshots I’ve missed. After collected all the screenshots the proctor ended the exam.
The rest of the day, I was writing the report and submitted it. After two days I received an email from OffSec that I passed.
Some tips:
- Preparation is key, it’s not a beginner friendly certificate and you will need experience.
- Learn different ways to solve one machine so that you will have more ideas when you stuck.
- When you stuck, try to ask people such as in Discord for nudge rather then look up writeups.
- Don’t be nervous and take break, it helps you have a clear head.
5. Try harder and don’t give up, asking people for different ideas, because there is no other way than reading, asking and pwning.
Thanks for reading and let me know if you have more questions. You can find me on twitter down below :),and Good luck my friend !
