If you search for KeyWords “My OSCP Journey “ on Google, there are possibly 2000 + blogs with the same name, so why have I taken the trouble to post yet another one? It’s because so many friends, colleagues and LinkedIn Connections have asked me about the manner in which I planned my OSCP. Perhaps because they could relate more to me. Hence,I thought of jotting down my journey of passing the OSCP. Probably there are n number of good ways to get to OSCP, I’ll list what worked for me. Hopefully, in some ways it will inspire you. So let’s start without any additional ado.
My Background
Before going further, let’s talk a bit about my professional background. I’ve been in the security field for the more than 6+ years. After finishing my graduation in Electronics and Communication, I did CCNA certification in 2013. This helped me to have a sound understanding of Networking Concepts. Then for the first 3 years of my job, I worked extensively in Network Security specially on devices as Firewalls, Routers, Switches, VPN, SSL Certificates and Proxies. It was during my third year when I began learning about the basic Linux to complete my day-to-day operations. Then for the following 3 years, I worked extensively on Web Application Security, Web Application Firewalls, DDoS Mitigation and Bot Management. While working for Akamai, I got in-depth knowledge of TCP/IP Layer, DNS, and HTTP/HTTPS. During this time, I started learning beginner level Python, SQL, XSS, RFI, and LFI. All in all, if I desire to summarize my background before attempting OSCP, it would be network security, web application security and basic knowledge of Python and Shell Scripting. In other languages such as C, Ruby, JS it would be sufficient to interpret the logic of the code.
Before Booking the Exam
Approximately 2-3 Months before booking the exam, I started working on refreshing the basics of Linux and upgrading my knowledge on it, practicing more on python codes, reading more about Web Application Security and OWASP Top 10. (Hacker’s Handbook, 2nd Edition Helped me). Additionally, I started solving challenges on OverTheWire (Bandit and Natas). Solving OverTheWire challenges will yield you a mindset to solve similar problems. In Summary, below were the resources that I had used before booking the exam:
- Linux Journey
- OverTheWire(Bandit and Natas)
- Python Programming
- Understanding the Basics of Assembly Language.
But If I could go back in that time, I would have done a few of the VulnHub, HackTheBox machines and would have watched IPPSec on YouTube. I would highly recommend watching the IPPSec video whenever you get time, trust me every time you will learn a new trick which will aid you in the exam. Just before booking the exam, just ask yourself:
1. Are you feeling comfortable with Linux to perform a search, grip, moving, copying, understanding various system processes?
2. What if you have an only Command Line (Linux and Windows) to perform all the work, will you be able to do it comfortably?
3. Will you be able to spot a malicious chunk of code that you have downloaded?
4. Can you explain the working of a program in terms of assembly in plain English?
If you are satisfied with the responses to the above questions, then go ahead and book the exam.
After Booking the Exam
The course material will be supplied to you via email 24 hours before your Lab time starts. I recommend watching the videos offered as course material at first. Although the videos provided in the course material will just give you a bird’s eye view, not in-depth knowledge they are good to get started and be familiar with the course synopsis. After finishing the videos, start working on the Lab Manual provided. Try to work on the exercises provided at the end of each chapter. I would recommend using a note-taking application on Kali (KeepNote or Cheery Tree). Don’t forget to take periodic backups of these notebooks as it happened with me where Cherry Tree got corrupted and I have missed my entire Lab Screenshots. The advantage of taking proper screenshots and documenting the WorkBook exercise is that when you will be submitting your Final report after the exam, you don’t need to cast an extra effort into rearranging the screenshots and explanations. Attaching the Report of WorkBook exercise and 5 Lab machines can help you earn 5 additional points. I finished my lab workbook in some 25 days. I would recommend to finish it within 15 days at max if you have used up 3 months lab. The last bit of advice in this section would be to crack each lab machine manually, as it will shape your thought process to think manually instead of automating with Metasploit. Form a habit of taking a screenshot of every successful step.
During the Exam
The total duration of the exam is 23 hours and 45 minutes in which you have to achieve at least 70 out of 100 potential points to pass. The OSCP exam consists of 5 machines. You are provided with objectives and point values for each machine.
- 25 point buffer overflow machine
- 25 point behemoth riddled with rabbit holes
- 2 x 20 point machines
- 10 point machine
The few basics which go without saying like Get Proper Sleep before the Exam, Stable Internet Connection, Red Bull Cans and stable machine with a good amount of RAM. I used my office laptop with 16 GB RAM without any additional monitors. The Offsec software which monitors our activity is very lightweight and will not add any additional burden on your machine. Some people use 2 monitors, which again depends upon how you feel comfortable. Now getting to my exam strategy, it was; to start with the Buffer OverFlow first as your mind will be fresh and it carries the maximum 25 Marks. I aimed to finish it within 1-2 hours. Luckily, I was able to finish BoF within 40 mins. After finishing the Buffer Overflow, start with the 2nd 25 Mark machine and if you are not getting anywhere, even after spending 2-2.30 hours then move to the next 20 marks machine. The advantage here I feel is if you hit the big machines first it will give you the extra encouragement and confidence to move to the other machines. In General, if you feel your mind is shut down and you have reached the dead-end, stop everything, inform the examiner and take a short walk for 20-25 mins. This feeds your brain some air and fresh ideas. After solving each machine, take as much as screenshot possible. I have seen many people forgetting the screenshot of the root flag without an IP config output. Although OffSec will not cut the whole points they may cut a few points because of such small errors. Use your habit of taking a screenshot of every successful step here :)
After finishing the exam, you have 24 hours to submit the exam report along with lab exercise if you are going behind the 5 points. Once you upload the report, you need to send them an email informing the same. They(OffSec) will acknowledge if your report is successfully submitted for review. Reach out to the OffSec team if you haven’t received an acknowledgment from them. Lastly, I would recommend reading below 2 pages again and again as it will answer a bunch of your doubts about the exam.
Exam and Reporting requirements
During your exam preparation you have to search and read a lot of Blogs. Instead of giving you an exhaustive list of resources.I think consolidated list below help you:
FAQ
Q: Do I need to be well versed in Programming?
A: During your course, there will be a lot of exploits written in various languages, you should be able to modify the interesting piece of it according to you. With that being said, I think if you can understand what exactly is happening the code and then modify a part of it then you are good to go.
Q: How many hours per day should be sufficient to clear the exam?
A: Clearing the exam shouldn’t be your only goal :P. If you are working, I can understand taking the time out for study could be hard. I had made my target to give at least 2-3 hrs on weekdays and 8-9 hours on the weekend. Luckily, I was working in with Akamai at that time and I had a 3 day week off, which gave me a good time to prepare for my exam. I remember taking 5 days leaves before my lab was about to finish.
Q: Should I renew my OSCP Lab or Go with HTB?
A: In my opinion, it depends upon how many machines in the lab you have cracked so far. If it is somewhere near to 30+ then I would recommend taking the HTB as it will provide you machines with the latest vulnerabilities. If it is less than 20 or below, then I think it is better to continue with the OSCP labs renewal. An advantage of renewing the lab is that you can reschedule your exam for a long time.
Q: What type of Tools I can use in the exam?
A: Read the Exam Requirement provided by OffSec. In Short, anything which can automate the process of exploitation that is not allowed. The main focus, of course, is to learn the techniques to exploit the machines. Hence, tools such as SQLMap, RotenPotato, ExploitSuggestor are not allowed in the exam but tools such as Nikto, DirBuster, GoBuster, etc.
Q: Does this course/exam good for me?
A: If you are reading this blog, you might have already figured out how this course can help you in the future. All I can say is it will help to condition your thought process to think like an attacker. I have few blogs where people criticizing the machines in the lab have age-old vulnerabilities that are not present in current machines, but I think they are missing the whole point, the goal here to condition your thought process.
Q: When you will receive the exam result?
A: OffSec claims it to be delivered in 5 Business Days, once they have acknowledged the report you have shared. Most of the time, I have seen it would be on the 3rd Day.
Still Having Questions or Queries? Feel Free to contact me via Twitter or LinkedIn.