📜 My OSCP+ experience

My OSCP Preparation

Before earning the OSCP certification, I had already obtained the eJPT, which is an excellent certification to get started in offensive cybersecurity. It gave me a solid foundation, which was crucial in tackling the OSCP, as the OSCP takes the knowledge gained from the eJPT to a much higher level.

To organize my study, I followed the OffSec 24-week study plan, which I found extremely helpful. This plan covers 1.5 modules per week, and the last 5 weeks are dedicated to lab work, which helps prepare you effectively for the exam. During my preparation, I also worked on machines in Hack The Box (HTB), following the recommendations from Tjnull's extensive machine list. I also used other platforms like TryHackMe, Proving Grounds, and Vulnhub, though I focused mainly on HTB and Proving Grounds machines.

One resource that was invaluable to me was PayloadsAllTheThings, a comprehensive guide on payloads for common vulnerabilities. This resource helped me tackle many of the challenges during the exam. I also uploaded all the tools I used, plus a few extras, to my GitHub.

The OSCP Exam Experience

The OSCP exam I took was updated to the OSCP+ format, which made it different from the practice labs I had worked on. Instead of attacking the first web server in the traditional way, in this exam, OffSec provided me with the credentials of a low-level user to access the first server, which I wasn’t aware of at the beginning. I spent about 3 hours enumerating the server without getting anywhere, which was frustrating. This is where the key factors of patience and "Try Harder", as OffSec says, come into play. After that time, I decided to take a break and work on an individual machine to clear my mind before lunch. When I reviewed the exam rules, I realized that I already had the credentials for the first server, which was a valuable lesson: always read the rules carefully before starting.

After lunch, I took a brief break to relax and came back to the exam with a clear mind. It’s very important in this exam to know when to disconnect, as it can be mentally exhausting. I returned to work on Active Directory (AD), and in about 4-5 hours, I had fully compromised it. For the last two machines, I took another break for dinner, which allowed me to approach them with a fresher mindset. Finally, in an hour, I had compromised the penultimate machine. For the last one, I found an SQLi vulnerability but couldn’t gain remote access. With 80 points and extreme fatigue, I decided to call it a day and leave the report for the next day, giving myself time to rest and clear my mind.

The Report

As for the report, you have 24 hours to complete it. Personally, I started at 5 PM, as I didn’t want to overwhelm myself in the morning. I also took a break to go to the gym and clear my mind. If you’ve taken enough screenshots during the exam, the report is not that difficult. You just have to go step-by-step through each screenshot and explain what you did. My advice is to review the report several times to ensure everything is clearly explained and that someone else could replicate your attack. Also, make sure to include the flags along with details like the server IP, hostname, user, and, of course, the flag.

Conclusion

The journey to OSCP certification is not easy, but it is incredibly rewarding. The preparation, although challenging, allows you to develop essential cybersecurity skills and learn how to solve problems in a creative and meticulous way. Throughout the process, not only is technical practice important, but also time management, patience, and the ability to stay focused, especially during the exam. As OffSec says, "Try Harder": perseverance and focus are key to overcoming this challenge. If you're thinking about pursuing this certification, I encourage you to dive in and enjoy the learning process, because in the end, each step brings you closer to becoming a more well-rounded and capable cybersecurity professional.