For my first post I’ll say a little bit about myself, I’m a Cybersecurity major at UTSA with a long history of tinkering with technology. I love breaking things down and understanding them, and my constant curiousity goes hand-in-hand for my love of penetration testing and offensive security. I love doing machines on HacktheBox and I had two previous certs before OSCP: CySA+ and Security+. I passed OSCP a few weeks ago as my third Infosec certification. I’m an active member of the security community at UTSA and love competing in CPTC.
The First Step - Entering the “Try Harder” Mindset
Trying Harder is a lifestyle, it’s a way of thinking. It’s never giving up, and keeping at it, no matter how difficult things get.
When it comes to penetration testing methodology, this directly relates. Trying Harder is staying optimistic and continuing to test everything that you possibly can, even when times get tough. Any potential vector could theoretically grant you command execution or present you with a finding, showcasing how important it is to test each vector thoroughly, from start to finish, from zero to one hundred.
Entering this mindset is critical for passing the OSCP exam, because Offsec specifically designs an exam to make you try harder. They purposefully throw rabbit holes into the mix, and diversify the exam enough, where if the exam taker does not partake in thorough testing, they will miss the low hanging fruit, preventing them from continuing with or passing the exam.
Training for the Exam
The OSCP exam is not just a test of skill or technical knowledge, it’s also a test of perseverance, time management, and reporting abilities. Offsec specifically tests an exam taker’s ability to adapt to situations, and do research on previously unknown vulnerabilities and knowledge, and utilize them to successfully exploit their infrastructure.
I purchased the 90-day lab experience, but deciding what Offsec course plan to purchase is incredibly situational, and I know people who have had good experiences with the yearlong subscription as well.
The best training possible for this exam is the practice exam labs available on the PEN-200 platform, being the OSCPA, OSCPB, and OSCPC. These exams will give the closest experience to the OSCP exam including the pivoting and Active Directory lateral movement.
If you desire additional practice for strictly initial access and privilege escalation methodology, HacktheBox machines on TJNull’s OSCP list are great practice. His list can be found here.
Here’s a screenshot of some of the machines on TJNull’s list:
Exam Day, and Preparation
I found that the most significant way I set myself up for success before the exam was to get a large amount of sleep before the exam. I slept 10 hours before the exam, and this allowed me to work on the exam for 19 hours straight. Reading over the entire exam guide before starting is also extremely important, as Offsec lays out exactly what they expect from you leading up to, during, and after the assessment.
My exam experience was quite abnormal. I started my exam around 10am and had Domain Admin on the Active Directory portion by 11am. I was so incredibly happy I could get DA early and leave more time for the standalone portion of the exam. The standalones, I did not have such as easy time with. I spent multiple hours searching for initial access on any of the standalone machines, and after gaining initial access, I escalated my privileges quickly. Then spent another long period of time searching for initial access on the other two machines. After taking a small 15-minute break, I gained command execution on the second machine and gained SYSTEM, and the third fell quickly soon after.
I ended up submitting the all of the low privileged, and Administrator/root hashes in 19 hours, and ended my exam with 5 hours to spare, feeling incredibly proud of myself.
Conclusion
I learned a great deal from this 90-day journey, but most importantly, I integrated the “Try Harder” mindset not only into my pen testing methodology but into everyday life. I had a fantastic time progressing through the course, studying late at night, and strengthening my methodology for this exam. I wanted to thank Offsec for creating such an amazing course and exam experience, and I can now understand why Offsec is so highly regarded in the Offensive Security community. I am so happy that I am officially OSCP certified!