How I passed my OSCP in 2024

Although OSCP is considered challenging certification, it is considered bare minimum requirement for entry level offensive cyber security role in 2024. Below is the compilation of resources I used and timeline of the study period. It took me approximately 4.5 month to prepare for the examination. I passed the exam with a score of 90/110.

Is OSCP hard?

I had a lot of self doubts and fear that I could not complete the examination. I saw a lot of people passing at multiple attempts in reddit and was worried even if I should register. I had a decent experience for web application security testing but not not with hacking AD. In my opinion, focusing on the course content and challenge labs provided by offsec is more than enough to pass the exam. If you want to practise more for standalone machines, you may subscribe for proving ground for a month.

Timeline :

May — June : Started Preparation With TJNull’s list with ipssec

During this period, I rooted 55 boxes from TJ null’s list from hack the box mainly related to windows & AD.

June 7 : Registered for the Offsec PEN 200 Course

After I registered with the course, I completed the module labs followed by challenge labs. I found the packet sized module labs very interesting & resourceful since it was not boring & covered a single vulnerability in detail. I completed the 80% course content of PEN 200 including challenge labs in 45 days.

July 22 — September 9 : Started practising with proving ground and rooted 40 boxes.

Free Resources :

Below are the list of free tryhackme rooms & youtube playlist that I highly recommend completing before starting the PWK course.

Wreath

Enterprise

Crocc Crew

Exam Tips:

• Offsec does not wants its student to fail a exam after paying 1649$. There will be always a way to pwn a box. Don’t fall for rabbit holes.
• While you are listening for reverse shell, always use ports that are already open on target. You may use https://www.revshells.com/ to generate reverse shells.
• While practising boxes, don’t just take screenshots of the commands used , copy paste the command in your notes. This will be super helpful during the exam.
• Just focusing on the course content and completing all the challenge labs provided is more than enough for exam. Make sure to have multiple arsenal for single task and dont rely on single tool.
• Copy all the reverse shells, privilege escalation binaries, enumeration scripts like winpeas, linpeas, in one directory so you can host the scripts from single port. This will save you lot of time.

• Its a open book exam, if you are stuck somewhere always search in internet. I personally felt https://ippsec.rocks/?# very helpful during exam. You can search for keyword related to box and reach the exact timestamp on youtube where the specific enumeration or exploit is done.

Notetaking and General Introduction:

While practising boxes, I made notes about the boxes along with commands used & screenshots in Obsidian which became very helpful during the exam. However, you can use any note taking app. For screenshots, I used flameshot which is very handy because of features like live highlighting image details, etc.

Exam Day:

Before booking exam, find the time where you can become super productive. I booked the exam for 6 am in the morning. I woke up early at around 4 : 30 am ate my breakfast & a cup of tea, made the desk & room ready. I made sure I had enough caffeine for the rest of the day.

The proctor was very friendly. I completed the initial steps & id verification & started the exam at sharp 6. I completed the exam in 11 pm midnight.. I had pwned 1 DC and 2 standalone machines and had 90 points which was enough to pass ( 40 + 20 + 20 + 10 bonus points) the exam. During my exam while solving AD I tried to gain initial foothold using metasploit but failed and reverted back to manual exploitation which worked. After banging my head for hours, I could not find a initial access vector for one of the standalone box, so I left the box. At 11 pm, I told the proctor that I will be closing the exam in next 30 minutes because I was already exhausted and had to sleep to make report next day. I went through my notes to ensure that I had all required screenshots & commands used. During the entire exam I took 3 breaks of 30 minutes each.

Reporting Day:

I found the reporting part little bit boring. You can find the official OSCP report template here.

https://www.offsec.com/pwk-online/OSCP-Exam-Report.docx

I tried editing the official template copying images from Obsidian to Word, but I had lot of issues like image resize, page formatting, time consuiming, etc. Being exhausted, I decided that I will be editing my markdown notes from Obsidian adding little more details and export the markdown files as PDF. I had a very clean notes which became super helpful. This was the basic format I used for reporting.

Using Obsidian To Create Final Report??

If you are planning to use Obsidian notes for final report, I recommend using following extensions.

GitHub - l1xnan/obsidian-better-export-pdf: Obsidian PDF export enhancement plugin

GitHub - sissilab/obsidian-image-toolkit: An Obsidian plugin for viewing an image.

GitHub - hipstersmoothie/obsidian-plugin-toc: Create a tables of contents for a note.

Result Day:

I prepared the report staying all night next day after the exam & submitted the report on 5:30 am and slept. My report was 93 pages long. According to Offsec, it typically takes upto maximum of 10 business days to receive the result. But I received the passing email after ~ 30 hours and 46 minutes.

New Offsec Change:

Offsec is releasing OSCP + after November 1st 2024 to comply with DOD baseline certificate standards. The only changes to new OSCP will be the plus designation is added which will expire after 3 years reverting back to OSCP, a low privilege account will be provided for AD and bonus points will be removed.

Bye bye until next write-up. Best of luck if you are preparing for the exam.