How I cleared OSCP in my first try!!
Hi everyone,
Back after a gap! Was waiting patiently to put up this post.
Long story short. After much procrastination, decided to embark on the OSCP journey from Offensive Security. Hearing and reading multiple battle stories about OSCP, I was overwhelmed by what lies ahead of me before I sign up for it. And like the tagline, I told myself I will try harder!!
So I went ahead and sign up for the Learn One package which has 1 year access and 2 exam attempts for OSCP.
Well life had other plans for me, so got busy with work and family and didn’t had time to touch the exercises and boxes for 3 months. So I started late and had 9 months. Remember both the exam attempts have to be done by the 1 year mark. The race was on!!
Initially I aimed for the 10 bonus marks which can be obtained by completing 80% of each exercise sections and 30 flags from the boxes. The interface was intuitive and user friendly. In fact I enjoyed doing the exercises very much after going through the theory. Each exercise is like a CTF where you have to get the flag which is usually a md5sum. It is straight forward and there are no rabbit holes. Just apply what you learnt earlier in the section and the exercises are doable. Except for one problem.
There are just too much of them!! In between of juggling work and personal commitments I tried my best to do the execises and learnt alot in the process. But it left me too little time for the lab boxes. And lab boxes do not have any walkthroughs (except for some in the forums). And so be it, I have to go overseas for a work commitment for few weeks. And the 1 year dateline was approaching. So I made a decision……
I went ahead and registered for the exam for my 1st attempt. So that I can get a feel of the exam and planned to get the 90 days package after which so that, I will have enough time for preparation for my second attempt.
After registering, I started to follow the TJNull list and did proving ground practice boxes. It was the key, as it had walkthroughs (rmr you can only enable one walkthrough in 24 hours). I focused on Windows AD boxes as it was my weaker area (did the following boxes which I found extremely useful in understanding AD: Heist, Vault, Hutch).
So before my first attempt these were my preparation, EPN:
- Exercises: Going through all the theory and doing all the exercises.
- Proving Ground Practice: Going through TJNull’s proving ground practice boxes and revising using the walkthroughs.
- Notes: Created own notes including all the commands and techniques using Joplin.
With these 3 preparations under my belt, I attempted my first try. As everyone know, it was a 24 hours exam (23 hours and 45 minutes to be exact).
Without elaborating details of the exam boxes, did the boxes one by one. For the report, I just used the given template and used snipping tool to screenshot the steps. A key tool I used during the exam is my notes in Joplin and Google. You enumerated something and found something, Google, try and move on. Step by step managed to get the necessary flags to get the passing mark for the certification.
How long did I spent for the exams? The full 24 hours!! I took break for meals in between and a short nap of 3 hours. The rest of the time, I was testing and trying and trying to get the flags. Guess the tag line is pretty accurate, TRY HARDER!!!
At the end of the 24 hours, slept for a few hours before completing the report and submitting it (take note of the cutoff time for the report which is another 24 hours after the end of the exam).
In a few days time, got the good news that I have cleared OSCP!!! (wOHOOOOO — — — — -:)) What is supposed to be a tryout turned out to be an extremely fruitful experience. Guess the turning point for me was as I attempted each box, I managed to make progress and thus it fueled my adrenaline to keep going and going.
Many have different strategies and learning methodologies and there are numerous blogs about it. But my analysis is you have to be comfortable with the techniques covered and the key is practice till you are comfortable taking down solid notes. I used nMapAutomator for enumeration and some may use another tool but the key is use something that you are comfortable with and know well about it. Something that worked well with me is using the same Kali machine that I used for the exercises and practice boxes for the exam too. In that way I need not retype the commands, can just tab to autocomplete and change the parameters.
And most importantly, Do NOT Give Up and Keep Trying!!! Came across something in exams you have never encountered before, try the different techniques and use Google effectively. My assessment is that it is a test of the skillset rather then whether you have done something similar before (well it helps if yes).
The bottomline is:
OSCP is the most intensive and draining certification for me so far. But it is where I learnt the most penetration testing techniques. Couldn’t have it any better.
Cheerios!!!
