An OSCP has demonstrated the ability to use persistence, creativity, and perceptiveness to identify vulnerabilities and execute organized attacks under tight time constraints. OSCP holders have also shown they can think outside the box while managing both time and resources.

I’ve waited for a long time to pen down my journey to becoming an Offensive Security Certified Professional (OSCP). Before I go into the details, here is a brief overview of the dates and the number of boxes owned on the platforms I’ve used to prepare for the examination:

Overview

  • Started Penetration Testing with Kali Linux (PWK) Labs: 7 March 2021
  • Passed: 4 August 2021
  • Days Spent: 150

Breakdown of Machines Owned:

PWK Labs:

  • Machines owned: 68
  • Active Directory Networks Owned: 2/2
  • Hidden Networks Unlocked: 3/3

Proving Grounds:

  • Machines Owned: 37

Total machines owned: 105

Experience

I recently graduated with a Diploma in Cybersecurity and Digital Forensics. Prior to registering for the PWK course, I had minimal experience in penetration testing. For context: I pwned my first machine on HackTheBox on 24 January 2021. I was a real noob!

PWK Labs

I jumped in right away and got started with going through the PDF and completing every exercise there was. A few chapters in, I realised that this was way too much work for a mere 5 points. Besides, it also seemed like I knew the content and this was a quick revision. I honestly didn’t mind having that but felt that I was wasting my precious lab time when I could be hacking and gaining experience, instead of doing the exercises. So, I ditched the PDF and started hacking away. I only referred to the PDF when I felt like I did not know enough about a certain chapter. This certainly helped me create my hacking methodology quicker!

I wish I could have spent the full 90 days I paid for to have a go at the machines. However, I had many unexpected commitments pop up at the last minute and ended up not touching the labs for a good 1.5 months. My overall thoughts about the PWK labs is that it mimicked an actual company network and tested way more than what was needed for the exam, such as active directory and tunnelling.

Proving Grounds

I still did not feel prepared to take the exam after my PWK lab time and was deliberating on purchasing either Proving Grounds or HackTheBox. After much research, I settled for Proving Grounds and this is one decision that I have no regrets about! To be honest, I preferred this over the PWK labs.

I felt that the machines on Proving Grounds were more exam like. The machines also trained you to see through the noise and identify rabbit holes that were very well hidden. This was an essential skill for the exam.

Buffer Overflows

Buffer overflows are bound to come up in at least one machine on your exam that is worth 25 points! I was extremely intimidated by this at first. However, I stumbled across Tib3rius’s Buffer Overflow Prep on TryHackMe and this was all the practice needed to ace the buffer overflow machine within 20 minutes. Yes, you read that right – 25 points in 20 minutes.

I’ve documented the steps and the answers to all the overflows on my Github. Click here to check it out!

The Exam

I planned on attempting the buffer overflow machine first, then the 10 point machine and the other 3 subsequently. I scheduled the exam for 1 pm, woke up at around 10 am and took my time to wash up, have brunch, boot up Kali and the proctoring software. The proctor ate up about 20 minutes into my exam time – verifying my official ID and inspecting the room I was in, but I was okay with that as I still managed to complete the buffer overflow machine and 10 point machine within the time I planned for.

Following that, was a long 22.5 hours of scanning, falling into rabbit holes, and of course, rooting the machines! Prior to the exam, I read up on many writeups (both success and failed attempts of OSCP). One quote that stuck with me throughout the exam was that ‘You will run out of ideas before the time runs out’ by Rana Khalil. Every time I thought that I was not going to accumulate enough points to pass, I reminded myself about the quote and never stopped trying.

I took multiple breaks and even fit in a few hours of sleep. This is essential to ensure that you are fresh throughout the 24-hour exam. Ensure to document each and every step taken to exploit a machine so that you will be awarded the points you deserve. I used this as a template. It would be a shame to fail over improper documentation.

Lastly, I checked my email an unhealthy number of times and was overthinking every possible scenario where I may have screwed up after submitting my report. Although Offensive Security got back to me within 24 hours with the following email, it felt like forever!

 

Final Thoughts

The journey to becoming an OSCP has been a frustrating and tough ride. However, the feeling of achieving the points needed to pass on the exam triumphs the sacrifices and days (and nights) toiled at working towards this certification.

Additionally, I often see debates on whether hints/walkthroughs should be used to pwn machines. I would have been stuck for days if I did not succumb to looking at the PWK forum, or the hints on Proving Grounds. It is important to be honest with yourself and ensure that you have tried whatever you know before making that decision. Sometimes, I did not even know that the exploit path existed before looking at the walkthroughs!

Lastly, thank you to my family and friends who have always supported and given me words of encouragement in my endeavours! ❤️

Resources Used: