OSCP Certified. After starting my OSCP preparation journey in September 2021, these two words were always on my mind.
It is something that I wanted to achieve since I started my journey into information security in the year 2015.
Come 2022, I finally get to write this blogpost and hopefully help people around the world with their queries and provide some sort of guidance.
I assume almost everyone who is into information security domain has at some point in their life has heard about Offensive Security.
This post is my sincere effort to detail what I went through, my preparation, what I could have done differently and my mindset while giving the Offensive Security Certified Professional (OSCP) examination.
You can find out more details regarding OSCP by visiting their official webpage at – PEN-200 and the OSCP Certification
After clearing my OSCP examination, a lot of people had reached out to me over LinkedIn to get my insights on how to clear it, especially how to prepare for Active Directory section that was added recently to the curriculum.
This post is meant to to be a helpful guide and a short Q&A, detailing all the frequently asked questions.
How To Start OSCP Preparation?
Firstly, I’ll list down all the resources that I had utilized during my OSCP preparation stage.
- OSCP Pen-200 course PDF
- OSCP Pen-200 Labs
- TryHackMe Offensive Pentesting Path
- PG Play + Practice
I would like to start with emphasizing the importance of OSCP Course materials and how going through them will ensure that you have prepared yourself thoroughly for the main exam.
Even though some people might find going through the coursework a tedious process and simply a waste of time, please trust me when I say this, it might really help you getting that final push to pass the exam!
Some might argue that utilizing the time used for working on coursework can be used to solve boxes on HackTheBox, TryHackMe rooms. This would only be true when you have a lot of relevant experience with almost everything that PEN-200 has to offer.
If you are relatively new or even 5+ years experienced in the field of pen-testing, you should still follow the course materials all through the end while working on OSCP preparation.
Given the fact that Lab Reports for PEN-200 now constitutes 10 points in final evaluation, going through the course work properly is a win-win situation!
Lab Machines. Are They Worth It?
The second most prominent question people have is in regards with Lab Machines. The questions revolve around, are they worth spending time on? Do they give you any advantage over working on machines from HackTheBox?
My answer is YES with conditions applied 😉
Lab Machines are great way to determine how you approach machines that are almost similar to what previous versions of exam had. The labs contain recently retired machines as well which will allow you to understand the level of boxes on final examination.
Having 90 days lab access along with PEN-200 attempt gives you a lot of time to go through all possible sets of machines in lab environment. There are few Active Directory Sets in lab environment as well which will allow you to hone your AD skills.
Please understand that you can never compare a particular resource better than other. Labs are great but then HackTheBox or Proving Grounds machines might provide you with even more hands on which in turn enhances your skillset.
So prepare a good timetable and try to incorporate all the resources because you can never solve too many machines 😉
A particularly good resource would be NetSecFocus Trophy Room google sheet which has a list of OSCP like boxes from multiple sources listed previously.
Active Directory – The Beast?
Honestly speaking, when Offensive Security notified the changes to Pen-200, which now emphasized the importance of Active Directory in main exam, it was a big change.
Active Directory now had a weightage of 40 marks for successfully compromising the entire AD set. No partial marking would be allotted.
Active Directory is a big topic and it having such a huge weightage in main exam meant some changes were necessary while going through OSCP preparation.
You can get the basics of AD by using following resources,
- AD Section in Pen-200 Courseware
- Practical Ethical Hacking – The Complete Course (AD Section plus overall its an amazing course!)
- TryHackMe Offensive Pentesting Path
The Pen-200 exam doesn’t expect you to be an AD expert. They will test your basic knowledge of Active Directory, various AD attacks and lateral movement.
Focus on completing the specific resources highlighted above and you can easily gain a good amount of knowledge related to Active Directory. As discussed in the previous section, PEN-200 also has Lab machines to practice AD attacks.
Student Forums & Discord – Hidden Gems for OSCP Preparation
Two things that helped me the most while I was going through the PEN-200 courseware as part of my OSCP preparation were student forum and official discord channel.
Please do yourself a favor and get your access to student forums as soon as your lab access starts for PEN-200.
You can request for access to student forums by sending an email to [email protected] with your registered email ID and mention all required details.
Official discord channel can be accessed by following the steps highlighted in student portal.
Having access to these two resources would save you from lots of headache while working through the courseware.
I’ll be honest here and say that PEN-200 is not a perfect course. It has its own issues which you can find an abundance of with a simple google search.
Unfortunately that means, at times you’ll be stuck while working through course materials.
The student forums and discord channel come into picture at this exact scenario. You can easily search through the forum to see if someone else faced a similar issue and even create a new thread with details about the problems you’re facing.
Discord channel is also a great place to get your queries answered by active members and moderators. It provides you an avenue to connect with fellow students, OSCP holders and even OffSec staff members.
Remembering Commands During OSCP Preparation?!
One of the prominent problem and doubt that some of you have asked me about is in regards to remembering commands, tools required while working through OSCP preparation or giving the main exam.
My answer would be that I didn’t memorize most of the commands 😉
I prepared an excel sheet which updated details with relation to commands like file names, IP addresses so that I don’t have to type them endlessly which can easily happen when you’re working through a particularly difficult box.
An essential aspect to preparing yourself to the best extend possible would be to have proper notes. Notes will help you remember stuff that you have not necessarily memorized but have experience with.
My workflow during OSCP preparation included taking notes for all the boxes that I had solved along with preparing a list of commonly used commands that I can refer back to while solving other boxes.
The most important thing would be to practice, practice and practice even more.
After working through n-number of boxes, eventually you’ll reach a stage where a simple glance from enumeration output would give you a hint at what to try next.
All Hail Enumeration
You might have already heard this multiple times from different sources but I’ll still tell you anyways. Enumeration is the key to getting that coveted OSCP certificate!
Even if you have solved multiple boxes, gone through the whole courseware, if your enumeration game is not on point, then you will have a hard time.
It’s almost always the little details, small snippet of code or missed port that might become the difference between owning a box or getting defeated by it.
Practice your enumeration and stick to basics. Keep your eyes open and your mind alert so that you don’t miss even a single detail. Focus on finding the most expected path first and then start with process of elimination.
Eventually you’ll find the exact attack vector and successfully compromise the machine. It also helps to always be ready to think out of the box.
Read The Documentation!
The final tip that I would like to give would be to read all the relevant documentation provided by OffSec with regards to PEN-200.
The various documentations highlight all required prerequisites along with what is expected from your during exam and throughout the coursework.
Please read them multiple times and make sure you are clear about them. If you are in doubt, don’t hesitate to reach out to their support team.
The documentation clearly highlight all important aspects regarding Lab Report which you’ll be submitting (please do it). It will also highlight the exam pattern and how new scoring system works.
With this, I would like to conclude this blogpost. I didn’t want to make it a technical one because these important aspect are not totally ‘technical’ technically (no pun intended).
Feel free to comment down your questions and queries and I’ll try to reply them with best possible answers.
Thank you for reading!