lktniloc

OSCP (Offensive Security Certified Professional)

Published by

lktniloc

on

Exam Review – OSCP (Offensive Security Certified Professional)

Course Introduction

The OSCP (Offensive Security Certified Professional) certification is a highly regarded and challenging credential in the field of cybersecurity. It is offered by Offensive Security, a leading provider of training and certification in offensive security and penetration testing. The OSCP certification is designed to validate a candidate’s hands-on skills and ability to identify vulnerabilities, exploit them, and report their findings. The certification requires a candidate to pass a 24-hour practical exam, demonstrating their proficiency in various offensive security techniques and tools. The OSCP is considered one of the most rigorous and respected certifications in the industry, and it is highly valued by employers seeking professionals with practical knowledge and experience in the field.

Preparation Outline

1. Complete the pre-requsites for Bonus Points

To earn bonus points, you need to complete 80% of all the exercises and 30 lab machines, which usually takes about two months. From my experience, the lab work is more useful than the exercises because it helps you develop your pen-testing methodology. I highly recommend obtaining the bonus points as they will help alleviate a lot of pressure during the examination.

2. Privilege Escalation by Tib3rius

Privilege escalation can be a daunting aspect of penetration testing. I found the Privilege Escalation Course by Tib3rius to be an extremely helpful resource, which you can purchase on Udemy. It’s crucial not only to know how to perform privilege escalation but also to identify possible vectors with and without enumeration tools. One lesson I learned the hard way is to be able to adapt when tools don’t work and have the competency to enumerate manually.

3. More Lab Practices

In addition to the lab work, I recommend spending your remaining time on Proving Grounds and HackTheBox. You can refer to the TJNull list for the machines that are more “OSCP-like.” Personally, I found Proving Grounds to be much better than HackTheBox, as it focuses more on the standard vulnerabilities and misconfiguration vectors. My recommendation is to complete all the machines on the list and not to skip the hard ones. Ideally, most of your time should be spent tackling medium/hard machines.

Examination Day

1. Pre-Examination

On the day of the exam, I scheduled it for 8 AM, grabbed a cup of coffee, and reviewed the rules and regulations. Although I was nervous, I felt confident in my methodology, and all that was left was to keep pushing myself and try harder.

2. Proctoring

The proctoring process is straightforward; just follow the instructions of the proctor. Make sure you have read through the expectations and guidelines for hardware and software requisites and comply with them to have a smooth onboarding process.

3. Examination

I started with the Active Directory set first and smoothly attained initial access in about 20 minutes. Privilege Escalation took me some time, but within 2 hours, I had managed to obtain access to the first node. Thereafter, I encountered a big hurdle and was stuck for 3-4 hours before I decided to look at the other standalone machines. I started to perform automatic enumeration for the standalones and roughly had an idea of the entire situation.

After spending about 2 hours on all of the standalone machines, I felt that it was way too risky to gamble on the fact that I have to root all 3 machines minimally to pass the examination. Therefore, I went back to the Active Directory set, and after struggling for over 10 hours, I managed to fully root the DC, which secured 40 points.

With the remaining time, I took a cold shower and chose one of the standalone machines that looked the most promising to start working on it. Perhaps it may be due to the adrenaline after rooting the DC, but I had a clearer mind and managed to root the standalone in 30-40 minutes, which secured another 20 points.

At this point, I had already passed, and I decided to spend a couple of hours verifying my writeup, screenshots, and commands for the report. I made sure the exploitation could be replicated by copying and pasting the commands in the writeup, and I concluded the exam with 4 hours to spare.

Reporting

Reporting was fairly straightforward as I had already prepared my template, and all that was left was to copy and paste my notes into the report.

Final Advices and Thoughts

Throughout my OSCP journey, which spanned 4 months while balancing a full-time job, I had to make many sacrifices. However, this intense pace helped me better manage time constraints during the exam. Along the way, I learned to mentally prepare myself for encountering the unknown and to make informed decisions, especially when it came to strategizing for success. It’s important to continually improve your methodology and avoid careless mistakes by not overlooking simple things. In conclusion, always stay focused and keep pushing forward.

Leave a comment



Hello Visitor,

Welcome to my cozy corner featuring sharing of cybersecurity matters. I am an industry practictioner with several years of experiences in Offensive, GRC, Incident Response and Auditing. Join me on my journey!

Recent posts