My Journey to OSCP


Since I passed my OSCP exam last week, I thought it will be helpful to do a writeup to share my experience with how I prepared my OSCP. This writeup will not include any details on the exam nor the PWK lab. Not only it is unethical to do so, but also it breaches the agreement Offensive Security has expected us to follow.

I started my PWK course back in May. Before start my PWK course, I spend 3 months since January on the Virtual Hacking Lab (VHL) and finished all the 41 machines on there. At the very beginning, passing the OSCP exam this year was not on my to-do list and I thought that would happen a few years later. But after I finished my VHL and obtained their two certificates for the completion, I feel compelled enough to give the OSCP a try to see how it is. So, at the end of March, I decided to take my PWK in May then do the OSCP exam. Before I signed up for the PWK course in the mid of April, I also did one-month TJNull OSCP alike boxes on the Hack the Box (HTB) to give myself some extra practice, here is the link to the list.

I cannot recommend enough how the VHL helped me during my OSCP preparation. The VHL has 41 unique machines you can tackle. It rated from beginner, advance to advance+. Since I do not have any prior experience in penetration testing, I started with doing the beginner boxes. I finished most of the beginner boxes with the help of Metasploit. When doing the advance and advance+ machines, I did them without the use of Metasploit. Not only because Metasploit is restricted once on the OSCP but manually doing the boxes is more fun and could teach you more things compare to just use the Metasploit. The VHL student-run discord also helped me tremendously with my OSCP preparation. Not only people on there are helpful and friendly, but the encouragement I got from some nicest people on there really boost up my confidence to prepare my OSCP, here is the link to VHL discord. I also mentioned I did one-month TJNull OSCP alike boxes on HTB. The way I approached these boxes are mostly to try to tackle them first myself with some complementary help from 0xdf’s HTB write up, which gave me some great idea of the things I can try and the methodologies I can use when doing a box.

My PWK course starts on May 2. The updated 2020 PWK course is a blast in terms of the quality and the content it offers. You can see a list of updated content the new PWK includes here. I spend roughly a month to tackle the course material and the exercises. My recommendation is DO NOT despite those benefits from the exercises and the bonus points by doing the lab report. I knew the bonus points might not sound like a lot, and some people might argue it is not worth the time and effort, but to my personal experience, it not only helped me to grasp and retain the knowledge I learned from the course but also took some pressure off my shoulder since I knew I have the bonus points in hand before starting the exam. You can read more about the requirements to obtain the bonus points here section of “Bonus Points”. Also, DO read the exam guide at least twice before you start the exam, it will help you to avoid losing unnecessary points and meet the requirements of the Offensive Security set.

The two attempts I had for my OSCP exam both start in the evening. The First attempt starts at 23:00, the second attempt started at 22:00. I choose to start my exam at night so first I do not have to worry about my dog since she is sleeping, also I can have a normal schedule to go to bed at night after the exam. Of course, I prepared lots of Coffee so I can stay awake and Try Harder. My first exam was scheduled in the middle of my PWK subscription, so I can have a feel about what is the exam looks like. Also, I can see where I am. I failed my first attempt with some points short. After I failed my first attempt, I scheduled my second attempt at one month later and kept practice in the Lab. The second attempt also went not quite smooth, but with some dedication and the not giving-up attitude, I was being able to get myself close enough so I can use my bonus points to pass. After the end of the exam, I went straight into the report writing and spend roughly 3 hours on it.

To summary, I will give you a few general tips on how you can prepare the OSCP without giving any details on the exam or the labs away:

  • If you have not had much experience in penetration testing in general, I would recommend you use VHL to get a general feeling, even build up some of your methodologies on enumeration. Enumeration is the key to the OSCP. Link
  • HTB TJNull list is another great resource as I mentioned early. Link
  • If you wish, join the VHL discord server to seek for advice and help. Link
  • Relax before and during the exam, I always tell myself I can take again if I fail. This helped me to stay chill so I can focus on my exam. And ALWAYS stay in a positive vibe!
  • Read Exam Guide twice before starts the exam and double-check you have done everything correctly after finishing your exam report based on the guide.
  • Take some rest every few hours during the exam, I stayed awake the whole time, and it was a pain to stay awake all the time.
  • Do not give up even close to the end. This helped me tremendously I could say. You can always find surprises if you keep trying while you think that is all you can find.
  • Do your lab report and the exercises. Get those bonus points.
  • If you feel weak on Privilege Escalation, I found Tib3rius’s courses helped me a lot. Link
  • Write down everything you have done into the exam report even you didn’t fully compromise the machines. This might give you some unexpected partial points. I used CherryTree for my notetaking.

I am grateful for all who helped and supported me during my OSCP journey. Especially those I met on the VHL discord server, and many other resources along the way. And thank you Offensive Security for providing an amazing experience! Until next time :)