I figured it was time for another milestone post! I recently have achieved the OSCP and it was quite the journey for me. Let’s delve into timeline of this adventure:
2020 - Humble beginnings
Back in 2020 I purchased the course with the 30-days of lab time. A package that is no longer available with how PEN-200 is today. This was before the time that Active Directory (AD) was integrated into the exam and still contained a buffer overflow machine. I took this exam a little after my lab time expired and sadly failed with around 50ish points. My methodology was not fully developed, it was more of a mindset and the increased levels of stress for taking this 24-hour exam for the first time. It was time for me to focus on university and slowly build up methodology.
2022 / 2023 - Reality Strikes
Over these last two years, I played within many CTFs, competed within cyber defense competitions, and met many wonderful people that made me push my knowledge and technical skills further. I additionally started working professionally within the field. This allowed me to learn quite a lot about detecting different Tactics, Techniques, and Procedures (TTPs). This detection knowledge allowed me to start thinking differently when approaching boxes on Offensive Security’s Proving Grounds and HackTheBox’s machines as well. During 2022 I also found an amazing note taking software called Obsidian. I was able to build out multiple mind-maps and utilize tagging for cheatsheets I found on GitHub relating to enumeration steps, commonly-used commands, and general methodology reminders. With everything being written with markdown and having folders dedicated to attachments made life great for write-up creations.
Beginning of 2024 - Exam Preparation
The start of 2024 was wild, I started my official job search after graduating from university. It was finally time to start grinding away for rooting boxes and going over old notes from previous exam attempts and finally hit a home run! Over February and March I took extensive notes while going over the boxes provided within TJ Null’s OSCP prep list. At this time I was already paying for VIP access to HTB and OffSec’s Proving Grounds. I really did not want to purchase an extension of lab access to the PEN-200 for budget reasoning.
Credit to https://adithyanak.medium.com/ for the most relatable meme…
While rooting a majority of the boxes on this list, I encountered many tools that became a major aspect of my methodology. I wanted to share some of the tools that genuinely helped me throughout this journey:
- https://github.com/antonioCoco/RunasCs
- https://github.com/Tib3rius/AutoRecon
- https://github.com/nicocha30/ligolo-ng
- https://github.com/Fahrj/reverse-ssh
The above programs helped me immensely for enumeration, pivoting, and gaining stability for any unstable shells that I encountered. I highly encourage anyone reading this post to give love to the contributors for those repositories.
Exam Start
Tick tock, 8AM rolls around… I have woken up and eaten breakfast. Mentally preparing myself for the 48-hour journey ahead. I made sure to stack up on energy drinks and snacks for this time window as well. I sign into the proctoring portal and get everything configured in a timely manner, its time to rock-and-roll! Exam has officially started, the first 4-6 hours were stressful but looking promising. All initial enumeration came back for all boxes and I had rooted the AD set! 40/100 points have been completed so far! Another four hours down the road and I successfully rooted one of the independent boxes and gained a foothold on different independent machine. 70/100 points acquired! I could stop now since this is a passing score, but I wanted to be absolute sure that I pass this attempt. The time now is around 12-1AM, it is time for me to get some sleep because the red bull was wearing off…. My alarm sounds and my lovely family doublechecks that I am awake by 5AM. It is time to look back on these other boxes with some sleep on my belt. Another two hours have passed, another box has been rooted! Now we’re at 90/100 points! I am ecstatic, but losing steam from the minimal sleep. I take my last two hours to review all screenshots I’ve taken within my obsidian vault and ensured my steps were laid out in a way that could be repeatable for anyone reviewing them.
Exam End / Reporting Starts
The technical portion of the exam is finally over, it is time to do some reporting. I utilized the template OffSec provides on their FAQ and slowly started to move over my notes into more of a professional format. Within the first four hours of reporting, my brain is crashing… I decided to take a 4-6 hour nap and get back to the grind. Few more hours pass and I finally submit the report to their portal. With further exhaustion, I sleep for a good 12-14 hours and pray that my report passes judgement.
Lessons Learned
After two to three failed attempts over four years, I realized what I did right when preparing this time. Being outside of a job and finally completing my degree saved me much more mental capacity and allowed me to prosper when studying for this attempt. Here are a few tips I would give for anyone looking to take the OSCP:
- Ensure all notes and cheatsheets are easily searchable and have references for backup!
- Every 1-2 hours take a little break to walk around your apartment or house, grab a glass of water!
- The exam isn’t a technical hellscape, stick to the core of your methodology and you will succeed!
- Understand when you are following down a rabbit-hole, you gotta reel yourself back before wasting further time!
Thank you for reading! Huge thanks to my peers and the mentors that gave me the motivation to beat the mind over matter game! I hope my advice has been helpful and has inspired you! Lastly, don’t forget to try harder!