oscp exam review
Exam date: 10/30/2021 (Passed)
NOTE: this review is not as per the new 2021 OSCP exam changes.
Post Exam Review
This post talks about my approach and maybe if it helps any of you!. I did consolidate my notes and shared it down if it helps.
I did meet amazing friends throughout this journey who have helped me a lot - giving tips on improvement, shortcuts; nudges on box rather than directly answers; quick and faster ways to do stuff etc.
My Template Repo: https://github.com/iamkashz/reporting-template
My Background: Been working as DevSecOps Engineer (not penetration testing) for 3 years.
My Approach:
Started "seriously" in Feb 2021 with TryHackMe. I went through the Beginner and Offensive Pentesting course (did skim through Active Directory as well as PWK labs have AD boxes and it really helps in the PWK Labs). Spent a month in it, took notes and was building my methodology for enumeration and privilege escalation.
I purchased Tib3rius Linux & Windows PE course and was a good crash course on Privilege Escalation.
By end of March, I completed 15+ TJ Nulls OSCP boxes list and I was getting confident with my process.
I also started doing "active" HackTheBox and I really feel that helped me.
Personal Note: Based on my experience, I feel doing the active HTB boxes (easy & medium) really helped me as I wouldn't see walk-through on Google Search first page or anything and really had to understand and try attacking every possible attack vector I could find. Yeah! it was hard but that helped me to "TryHarder!".
I purchased the OSCP with 30 days of Lab Access but then realized that I'd definitely need the 90 days one. I contacted Offsec and they made me pay the differential but then gave me a voucher which I can redeem for the 60 days - WHICH REALLY HELPED as I could get 30 days then evaluate my progress, do other stuff and then redeem the 60 days at a later stage opposed to the continuous 90 days lab access.
My 1 month of PWK labs started in May, and I started really slow but by mid-month, I was able to amp up my speed in doing boxes, and I was able to complete 30 boxes in 30 days of the Lab access.
I joined Proving Grounds around mid-July and really put in the time and in a month, I had all easy, medium boxes in PG Practice done. For some, I did see the walk-through as I was stuck, but most of them I was able to identify the attack vector and root it. - I REALLY recommend the PG boxes. They are "REALLY" good practice.
I subscribed to VirtualHackingLabs for a month, but only used it for a week. I did all the Advanced+ boxes in 5 days and got the VirtualHackingLabs Advanced+ Certification. The boxes were good, but I feel what helped me most was the Report Writing for the Certification - I got practice and made a template for Reporting (shared down).
While doing PG, VHL - I did complete any easy HTB box that was active.
Personal accomplishment - I ranked #44 to pwn the "DRIVER" HTB box.
I did get burnt out and took a month break from this and that really helped.
I re-activated my PWK labs access in September End, and learn about pivoting and double pivot (the PWK labs subnet). I completed all machines the Dev, IT department.
Two ways to pass:
25+20+25
25+20+20+10
I was going to attack the BOF first, then move to any of the 20 pt which I felt was easier based on the scans and depending on that go for the 25 pt or the other 20 pt and 10 pt.
Two days before the exam, I really relaxed myself and just read all the boxes I had done, just to review and update my notes.
NOTE: The 24-hour exam is really STRESSFUL. Do get in the break and calm yourself before it begins.
I had issues with sharing my 3 screens and that took over an hour. IMPORTANT TIP: Download PortableChrome and run it using that - I had issues with Brave, Edge, Firefox. The proctors were really chill, and I did get the 1-hour time extended for the exam.
Exam started at 1pm, I scored the needed 70 points by midnight. By end of the exam, I was at 90 points.
Reach out on discord for any help!
Last updated