Beginner’s Guide To OSCP 2023
On April 9th 2023, after 9 months of preparation, I officially became an Offensive Security Certified Professional (OSCP)
Brief Background
Prior to my preparation for the OSCP, I was a newbie in the field of penetration testing.
I had just obtained my first entry-level cybersecurity certification, the CompTIA Security+. I was a beginner in Kali Linux. I had little knowledge of what a bind or reverse shell was.
There was something about the puzzle-like aspect of ethical hacking and the “Try Harder” mindset that I was drawn to (not to mention Offsec’s involvement in the show “Mr. Robot” definitely earned them some cool points), so I decided to set my sights on the OSCP and become an ethical hacker.
Notes
Before starting your journey, I recommend finding a hierarchical note taking application that you are comfortable with. I use Trilium Notes. Note taking in an organized manner is crucial for this exam and for pentesting in general. It is definitely in your best interest to build a cheat sheet for yourself as you progress!
Below is an image of my cheatsheet on Trilium Notes. On the right hand side you can see how the current note is organized into headers and sub headers. The left hand side shows the hierarchal tree of notes. I particularly enjoy the feature of linking notes.
Pre PWK
The official 90-day PWK course includes a lengthy syllabus as well as a lab environment. You want to spend as much time as possible in the lab environment, so I think it is best to have some fundamental knowledge prior to the official PWK course.
I recommend TCM Security (Your best deal is “The All-Access Membership”)
(I went through the following 4 courses. If you are newbie like I was, I recommend at least going over Linux 101 and Practical Ethical Hacking)
- Linux 101
- Practical Ethical Hacking
- Linux Privilege Escalation for Beginners
- Windows Privilege Escalation for Beginners
Through these courses, there were a couple walkthroughs of Vulnhub machines, which was very helpful just to get an idea of what rooting a vulnerable machine looks like. I also recommend trying some Vulnhub machines on your own and using walkthroughs to guide you.
After getting more comfortable with Linux basics, getting a bit familiar with common tools such as BurpSuite, dirb, ffuf, metasploit, nikto, hashcat, and learning the basics of web application attacks, you’ll be ready to jump into the PWK course.
PWK course
The syllabus of PWK course goes over everything you need to know to pass the exam and includes hands-on exercises. You can choose to learn with PDF or video. Here is the syllabus for PWK.
I recommend you aim to spend at least 45 days in the lab environment, which means finishing the syllabus in 45 days. Try to keep a good pace and keep track of where you are in the course.
For the Lab environment, I ended up rooting about 50 machines. I’d say aim for at least 40, but the more the better.
Try to use and contribute to the discord community to help one another out. It was very helpful for me to make some friends and compare solutions with other students throughout the course.
At first you may rely on the forums and discord community to give you nudges when you get stuck. It is best however, over time, to develop the “Try Harder” mindset and not give up so easy.
This mindset is a more crucial aspect to passing this exam than I initially thought. You must be patient and resilient, and have the ability to keep calm and not lose your cool despite the frustration.
Bonus Points
The updated format for obtaining bonus points is, in my opinion, a big improvement on the legacy format that was available when I initially purchased the course.
The new format includes submitting at least 80% of the correct solutions for topic exercises in every topic in the PEN-200 course and submit 30 correct proof.txt hashes in the Offsec Platform. You can read more about it here.
I highly recommend you go for the bonus points, as it will help you better understand the course material and drive you to complete more labs, in addition to giving you 10 points towards the exam.
Post PWK
Following the 90 day course, I decided to get more practice using Vulnhub. You can’t go wrong with the NetSecFocus Vulnhub VM List curated for the OSCP exam.
After rooting about 50 PWK machines and 15 Vulnhub machines, I took the exam for the first time, but was not successful.
What I Learned From My First Attempt
I was a bit defeated after my my first attempt, considering I had been studying so hard, and barely was able to apply all of the knowledge and techniques I had learned.
I was not completely prepared for the exam the first time around.
For one, I had never taken a 24hr exam before. I didn’t take into account the necessity of taking breaks, going for exercise, and a maintaining a fresh mental state.
Time Management
I had not really planned in terms of time management. I got stuck halfway through the Active Directory set, refused to move on, and became exhausted and defeated. I had not been timing myself as I was preparing, so I had no idea how long it should take me to get each flag.
One crucial aspect to passing on the next attempt was making a strict schedule/ plan. I set aside 15min and 30min time slots for food and break. I made a plan to start with Active Directory and get the first local.txt within 2.5hrs max.
I game myself 1.5hrs for each standalone local.txt and decided that if had made no progress in 1.5hrs (2hrs max) that I would move on to a different machine.
Below is a note that stayed open throughout my next exam, which includes my time management plan plus some healthy reminders.
More Practice
The final reason why I believe I was unsuccessful was simply being technically not ready.
Although it is possible to pass the exam after rooting labs in the PWK and use no other resources, you can’t go wrong with more practice. While I found Vulnhub a very helpful resource, I believe it was a monthly subscription to Proving Grounds Practice that really gave me that extra push in technical preparation.
My opinion is that proving Grounds Practice is the best platform (outside of PWK) for preparing for the OSCP, as is it is developed by Offsec, it includes Windows vulnerable machines and Active Directory, it is more up-to-date and includes newly discovered vulnerabilities, and even includes some machines from retired exams.
Conclusion
Let me be the proof that it is possible be a pentester newbie, and 9 months later pass the OSCP and score 70 points in 8hrs.
Remember to build fundamental knowledge on Linux and Ethical Hacking to start off, “Try Harder” throughout the PWK labs, and use VulnHub and Proving Grounds Practice as additional recourses.
Make sure to time yourself rooting machines, create a time management plan for your exam, and take a break when needed. Lastly, don’t forget to take detailed notes and build a cheat sheet throughout your journey.
Good Luck!
