In March 2021, I successfully obtained OSCP certification. I received several messages in my inbox asking for tips and tricks on taking OSCP. First, I will tell you my background and preparation I did during the course and undergoing the exam.
I worked as an IT Helpdesk from 2013 to 2019. My basics are: PHP (beginner), SQL (intermediate) and troubleshooting skills in end user computing. In 2020, I was transferred to the IT Security department. A brand new field for me. I took CEH on February 2020, but since the test was more theoretical, I felt less confidence in the skills I got.
In September 2020, I took OSCP with 90 days lab. While waiting for my lab to be activated, I took Practical Ethical Hacking course from Heath Adams. This was very useful for me, who felt lack of basic hacking.
After completing half of the course, my lab started. I spent first month watching videos and reading PDF, but the progress was very slow. 30% of the time the lab has run but the modules I have finished haven’t reached even 20%. Finally, I immediately started practicing in the lab. I only able to allocated 10 hours average in a week. It’s hard since I have a job at day and spent my time for family at night. As a result, I only able to completed average 3 machines per week, of course with help of hint from the forum. At the end of the lab period in December 2020, I only completed 24 machines in total.
If I only able to complete 3 machines average in week, of course I wouldn’t be able to complete the exam which required hack 5 machines in 24 hours. So I scheduled the exam for mid-March 2021. I still had almost 3 months to study outside the lab. In January, I focused on studying the writeups of the machine from TJnull’s list. Instead of replicate the steps, I just read it and try to understand the contents of the writeup. I thought that was the most effective way because I was running out of time.
Then, in February I took another Heath Adams Course, which are Windows Privilege Escalation and Linux Privilege Escalation. I rewrote the summary of the material. I also practiced Buffer Over Flow from Tib3rius room at Tryhackme.
At this point, I have understood a few things about basic enumeration, gain access, and privilege escalation. But one thing that I still weak was the methodology. Without a strong methodology, I wouldn’t be able to crack the machine without the hint and walkthrough. For this reason, in early March 2021 I took Proving Ground Practice from Offensive Security. At that time there were only 2 weeks left for the exam.
In 2 weeks of training in the Proving Ground Practice, I only completed about 6 easy machines and 2 intermediate machines. However, from there my methodology was finally formed. I also felt ready to take the exam.
In mid-March, my exams began. I chose to take a schedule that starts at 10 am local time. Within 2 hours I finished the Buffer Over Flow machine. Until the end of the lab period, I managed to complete 1 BOF, 1 machine 25 ptr, 1 machine 20 ptr, and 1 machine 10 ptr. I failed to complete 1 machine 20 ptr. With a total of 80 points, I confidently made a report. Two days later I got an email telling me I passed. That’s my 6 months journey in getting OSCP.
Now, I will try to recap the tips and tricks, because what I did above was not a good practice. I should have strengthened the basics first and then took the lab. But in reality I took the lab first. After the lab was finished, I just started to learned the basics.
Here are the tips:
1. Take Practical Ethical Hacking course from Heath Adams. Finish it.
2. Practice on multiple machines at TryHackMe and HackTheBox.
3. Learn Buffer Over Flow at https://tryhackme.com/room/bufferoverflowprep.
4. Take the Windows and Linux Privilege Escalation course from Heath Adams.
5. Practice in Proving Ground Practice. Ignore the Play because it is not so relevant to the real world and the exam.
6. Take the OSCP and complete as many machines as possible in the lab.
7. Take the exam.
Keep in mind, the biggest challenge is how to find a vulnerability in a machine. It is not about how to exploit these vulnerability. After you find them, the rest is easy. So, you have to build a strong methodology. The following below is an example of a method I created to help me enumerate.
Also tricks from me :
1. Use nmapAutomator to helps you during exam. But when it comes to create report, just use output of standard nmap so you no need to include several pages of nmapAutomator’s output.
2. Create multiple workspace on your Kali machine, just like image below. It helps you to focus and get a tidy workspace. Also, rename your terminal tab to make you easier move from one to another tab.
Those are the tips and tricks from me, hopefully it can help you in completing OSCP.
