Passed the OSCP, lets be blunt for a minute

Since this post has gone up I got the email stating I passed.

First off, the title is misleading, I do not know if I passed yet or not, so hopefully I do not jinx myself. However, I do know that I got 100 points, that was including the 10 bonus points and I did it within 30 days of buying the course content. This post is much more of the mandatory look at me I passed post… but I want to give some more insight on what to do beforehand.

Something that everyone wants to say but nobody does… stop asking questions that are impossible to answer. Questions like, am I ready to take this test, how hard do you think it will be for me, what information do I need to pass it and so on. Nobody knows you, nobody knows your skill level, nobody knows anything about you. How should we know if you are ready to take an exam? How should we know how long it will take you to learn the information? You could be a damn rocket scientist, we don’t know. If you need to ask questions such as that, you are not ready, if you cannot look up information and find it on the 100000 posts about OSCP, you are not ready, because obviously your own skills with googling something are lower than my 4 year olds. Do not message me on discord asking 10000 questions, in all honesty I don’t care. Also, if you need to ask what tools can and cannot be used, you are not ready to take it, because again you cannot Google simple shit… Now that we are done with that, lets continue.

Find a good community, ChadBNoob has a great community on discord, again if you are not an ass and do not ask the above questions people will help you out. The people on there are extremly intelligent and always trying to figure out some new stuff. They also love to collaborate with different projects are going through different machines. It really is a great group of people. Another person I want to give a shoutout to is Cyrano. We definitely studied together and were able to help each other through some of the harder parts while studying.

The reason I say the above is because the OffSec discord is very busy, there are a lot of people asking questions all the time on there and it gets to the point where many questions just get lost in the mix. This is not to say that the OffSec discord is bad, just reading through it I learned a lot, and it was fun to watch people give hints without giving answers. It was also hilarious to see the occasional try harder, which I still to this day find to be one of the funniest mottos ever.

A little background about where I am at this time, I do not do penetration testing. I am currently in the service and will retire in around a year. So for everyone out there I am just a dumb Marine. However, with being a dumb Marine when I decide to do something, I am going to do it. I bought the course content on the 27th of June and took my test on the 28th of July, so right around 1 month afterwards.

Currently my family is in America and it is just myself and my four year old son here in Okinawa, so I am single dadding it at the moment. I first need to give the worlds largest shoutout to my son. Even at four he knew daddy was taking a test and couldn’t really be bothered. He played with himself throughout the entire day, which was amazing.

I started with the AD set, I was a few hours into it and the worst thing that could have ever happened, happened. My once in a year sickness decided this would be a good time to creep up on me. About two hours in I started to feel very sick, I had a headache, felt very weak and much more. I tried to take a shower, but ended up sitting down and waking up with cold water on me, had cold shivers and much more. At this point I decided to lay down, I tried to get on the machines a few times between being sick and laying out, which was at 7pm. To this point I probably had around 4 hours hands on keyboard. I did not exploit a single machine yet, and would get very dizzy sitting for too long. My son was also feeling sick and went to sleep also around 7pm. Now, again, my son played a huge part in this. At 11pm he came into my room and said he had a nightmare. I laid with him until he feel back asleep, got up, came out to the computer and decided I was in the do or die timeframe. By 1am I had 90 points, plus another 10 points from doing the labs and material, so 100 points total. I decided around that time I was good, went back to sleep and woke up at 6am to get my son ready for school. From there I made sure I had all of my screenshots and everything added up while he was eating breakfast.

So why does all of the above matter, who cares if I was sick during the test and everything else. Because if I never put in the effort beforehand, before ever even thinking about taking the OSCP, I would have been stuck. But doing many machines, over 500 the past few years, the machines were all pretty easy. At one point I thought, that is it, this is a joke… but then I thought to myself it is not a joke because you did your due diligence beforehand, you did the TJ Nulls list, you streamed close to everyday, doing different boxes on Try Hack Me and HTB, along with Proving Grounds Practice and Play. The test should feel like a joke by that point, you should be able to get through it very quickly by that point because rabbit holes do not exist anymore, you know when you see a rabbit hole, you know what should and should not work beforehand and everything else.

Here are a few things I highly suggest to do beforehand. All of the community rated easy and intermediate machines on Proving Grounds practice. Notice I stated community rated, those machines will prepare you for the exam and you will be above and beyond the knowledge needed. Free boxes on Try Hack Me, just do as many free boxes as possible, and also the actual courses OSCP A, B, and C Virtual Machines. Do those ones multiple times, I actually felt that OSCP A was harder than the exam itself.

Virtual Hacking Labs will also prepare you for the exam and VHL Pro Labs you will be beyond exam material. However, VHL does a great job and having to utilize multiple exploits, or multiple different things found, to be able to get the information needed, much like the OSCP does.

Now what you all really want to know about, AD. The AD section of the exam was not difficult and it was pretty straight forward. There was not any crazy rabbit holes in it, really the hardest part is that you may have to reset the AD environment and you may have to run stuff multiple times. Learn to use mimikatz, impacket, and powerup and you will be golden.

Now, how does it compare to other exams I have taken. First, CRTP I felt was much harder than OSCP. If you are able to get through CRTP you should have no problem with OSCP, especially the AD section. Also, eCPPT I felt was on par with OSCP, as long as you understand that eCPPT does not do anything with AD, but looking up information and enumeration I felt were on par. Lastly, VHL, the beginner and advanced certifications were on par with OSCP if not a little more difficult, the Pro Labs was much more difficult, but the AD section of Pro Labs was kind of a joke.

Lastly, remember this is a beginner certification in an intermediate level field, you need to do your due diligence beforehand. You need to be comfortable with enumerating machines, finding exploits and then working from there. The Linux priv esc was not difficult at all, it was actually quite simple. Do not go into this exam thinking that the material is going to teach you everything, you need to go out there, find machines and do it yourself. You should already have a good foundation when entering this exam, if you do not it will be very difficult.