My main goal while at university was to achieve my OSCP before graduating in 2023, obviously this would be hard and it would take a lot of time and dedication to achieve but in September I had finally passed my OSCP on my first attempt.

Preparation

Before I started OSCP I had to do a few things in order to prepare for that big exam. I wanted to achieve at least one entry level certification to test my skills and for this I chose the eJPT. I found the eJPT relatively easy passing it within 3 weeks of when I initially bought the course. After passing this I decided to go over capture the flags leading up to when I bought the Pen 200 course in May.

During this time I went over most of TJ Nulls OSCP like boxes that can be found on Hack The Box, this can be found Here . While doing this I also went through TCM Academy’s Practical ethical hacking, Linux privesc and windows privesc courses in preparation knowing these are key parts of the OSCP exam.

Studying

Once I bought the Pen 200 course and saw the money leave my bank account it was time to study. I had around 4-5 months free of study and had 3 months of access which I further upgraded for 1 extra month. To start I went through all of the videos and pdf taking notes on each section so that I can refer to it later if I ever got stuck. The process of going through all of these videos and taking notes was long but worth it in the end, once done I moved on to the OSCP labs where my goal was to at least crack 30 of these machines due to the new bonus points system that requires you to provide the proof of 30 machines and to complete 80% of the exercises. I went through around 2 machines per day and made sure to go through the active directory machines at least 3 times each to drill active directory into my head. Once I was happy with how many machines I had done I moved on to completed the exercises, overall I found these exercises pretty useful but sometimes they could be a bit of a drag if you got stuck. I completed around 99% of the exercises and felt happy about my all round knowledge.

From here I found out about proving grounds which is also hosted by offensive security. I used TJ Nulls OSCP like proving grounds list found here. I went through around 30 machines here going through the easy and intermediate machines as I had heard that these were very OSCP like.

I also focused on some try hack me rooms that would help me with my buffer overflow and active directory knowledge. For this I used the Buffer Overflow Prep room that I found very helpful as it would guide you through the process so you can understand it a lot easier. I also did a few sections of the Wreath box, mostly focusing on the pivoting sections and I have to say that doing this probably made me pass the exam.

Exam day

I booked my exam for September the 19th at 12pm. I woke up at around 8 and ensured that kali vm was working correctly and all the proctoring software was good to go. At the start of the exam I used auto recon on the ip’s to help me map out the network and from there I got started on the AD machines. I managed to get a foot hold on the first AD machine in around 30 mins and got root 30 mins later. From here I used what I knew from the OSCP labs to pivot and root the other 2 machines and I achieved control of the Domain Controller in around 3 hours. From here I went through the other machines slowly knowing that I could pass if I dont get distracted. At around the 9 hour mark I was happy and confident that I had passed and I had all the screen shots and notes to create a good writeup. From here I ended the exam and started the writeup, I did around 70% of the writeup after the exam and finished the rest in the morning after that I sent it off and prepared for my results.

I got the email saying that I passed on the 23rd which is around 4 days after I had finished the exam. It was good to see that my hard work had paid off and that I had tried harder.

Tips for passing the OSCP

This section will include a few things that I wish I knew before starting the OSCP

The first is to use autorecon, this tool really helped me during the OSCP and I believe if you use it in combination with some simple nmap scans it will make your life a lot easier. Next is to focus on privesc, the Pen 200 course does not have very good privilege escalation notes so I recommend looking into third party courses like the ones on TCM academy or ones provided by Tiberius. The third tip is to really focus on active directory and learn to pivot around the network as well as laterally move on the network, tryhackme is probably the best place to learn this and it has some great resources. The final tip is to use proving grounds practice as the machines hosted there are probably the most oscp like and are really hard but it drastically helps when studying for the OSCP.