The famous and all mighty HR gatekeeper, no introductions needed. If you live in a cave and haven’t heard of OffSec or the OSCP exam, you can find details here.

Background and Preparation

This is an exam that I actually did not wanted to do, at least not at this moment. But for employment and career reasons I ended up forcing myself to. I had previously passed the eCPPTv2, and had real-world pentesting experience. Although I had had done some CTFs in the past, I wasn’t active on competitions and such stuff.

My employer paid for the 30 day package, this was before the change and you’re now forced to buy 90 days. As I already work in the field I only managed to do around 24 machines on the PWK labs, including both AD sets and 1 of the big 4 which wasn’t hard at all. I did not touch the training material until my lab time ended. 

After that, I took a quick look at parts of the video lessons, skipping the stuff that was already well known to me. I did not touch the PDF nor its exercises.

Lastly, I bought 1 month of PG Practice and 1 month of HTB VIP to follow TJNull’s list. I managed to crack 29 on PG Practice and 28 on HTB.

Labs and Training Material

First of all, I’m not an OffSec hater. I think there must be a reason for them to have such presence on the market, and I plan to take more of their certifications in the future. However, I really can’t say I enjoyed the whole experience.

They basically give you access to the platform during your lab time, so you have to download the PDF and videos so you can access them locally after your lab time expires. For what I saw in the material, it doesn’t do a good job of preparing students for the exam, and that’s why I decided to only go through the labs and then pay for other platforms so I could keep practicing. The training is basically just a brush on some of the most basic concepts and techniques with simple examples, and I was really disappointed with that as I was expecting to learn cool stuff along the way. The video lessons are just a copy/paste of commands, they didn’t bothered explaining what was being done and how the student could build or identify such things on its own.

Exam Experience

I won’t be discussing any exam specifics here. If you want details, guides or anything related to the exam you should refer to Offensive Security’s guides and materials.

I scheduled my exam for a saturday at 9am. At around 2pm I had compromised the Active Directory set, then moved to the first standalone machine.

At around 4pm I had the pass rate of 70 points, so I started doing the report while scanning the other hosts.

I finished with 80 points, having compromised the full AD chain and 2 standalone machines. As I already had 10 additional points, I focused on doing the report for the rest of the time and didn’t bother doing the last machine. At this point I was getting tired and didn’t wanted my brain to melt.

I took numerous small breaks along the way, and I wasn’t rushing through the exam, instead I was just trying to keep the momentum and focusing on reaching one small objective at a time.

For the exam report, I used the template recommended by OffSec, which can be found here. I did some changes according to what I usually deliver on my daily job, added a few things to have a more robust report at the end, as poor report quality and failing to provide all the details may lead you to failure.

I submitted my final report around 4pm on the next day, and got my results around 24h later stating that I had conquered my OSCP.

Final Statements

Overall this was much more on the stressful side of things, it wasn’t technically difficult or complex by any means. I think this is basically because of all the mystery involved and the high prices, as you end up being scared of failing for not knowing what will be on the exam and depending on your financial conditions you might have a big struggle paying for retakes.

I’ve seen people failing this up to 7 times, talking about how hard and awful their experience was and so on. However, now being at the other side after passing the exam, I think it may be worth the struggle depending on your goals. This is mainly because of how the whole industry sees certifications, especially for OffSec and SANS, as it may help you getting your first job or getting promoted if you’re already in the field. We’re basically talking market value.

This may be seen by most folks as “ridiculous, waste of time and money” and so on, but at the end you have to sacrifice time, energy and sometimes even money to get what you want. That’s just how things work and trying to go against the tide will not make you succeed.

General Advice

1. One that can be controversial is to avoid communities, such as reddit or discord. As I just reported above, you can get overwhelmed, stressed and cultivate a giant fear of the exam by just reading “Failed with X points on my Y attempt” threads. You can certainly be the one that will pass on the first try, it’s just an exam and if you fail just do more prep and go back to it again.

2. Stuck on a machine for hours or even days? Check a write-up. The idea here is to learn, not to bang your head against your keyboard until you figure it out. If your objective is to crack a giant stone, would you use a pickaxe or keep trying harder by hitting the giant stone with a wood stick? Try smarter.

3. Don’t stress yourself or let fear take over. This is supposed to be an entry-level certification, it is testing you on things that are really not that complicated. Just think that you will need a lot more than this in order to succeed in this field.

References and Study Resources


Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *