How I cleared OSCP in my First Attempt
OSCP Preparation Guide
In this blog, I am going to share my experience on OSCP and provide you guys some tip which might be useful for those who are preparaing for their OSCP exam. Since I took the recent OSCP exam which Includes the Active Directory structure as well. I would share some tips on this part as well.
Hi, I am Siva Rajendran and I am working as a IT Security Consultant for the last 4 years with main focus on penetration testing of web application and Internal Active directory assessments. Since the start of my career into Penetration Testing field, I wanted to do the OSCP certification. But I wanted to make sure that I am fully prepared and confident enough to clear the exam in my first attempt. So, I was preparaing myself alot in the last years in the area of Web Application and Active Directory. I did CEH, eJPT certification along with CRTP which gave me huge strength in Windows Active Directory environment.
OSCP Certificate
Before registering for OSCP
Before registering for OSCP, I made sure that I had enough experience with Web Application testing. Since my daily work aligns directly with this, it was helping me alot in the last few years. Along with that, I was actively participating in Bug-Bounty programs as well to hone my skills. These experience gave me indepth analysis in web application penetration testing field. Also, I did alot of HacktheBox and TryHackMe rooms in the last 2-3 years as well.
I felt I was missing alot in Windows Active Directory part and the recent change in OSCP which included Active Directory as 40 points machine. It is undoubtedly the integral part in clearing the OSCP exam. With this in mind along with my recent work, I was able to focus mainly working many Internal Active Directory assessments as well. I gained ample amount of experience in the past 1.6 years. To extend this knowledge, I regiserted for the Certified Red Team Professional (CRTP) course in Pentester Academy which helped me to get more deep understanding on Windows Active Directory environment.
OSCP Preparation Timeline
| Timeline | Activity |
|---|---|
| October 1, 2022 | Started with course materials |
| October 15, 2022 | Finished with course materials |
| October 16, 2022 | Started with OSCP Lab Machines |
| November 24, 2022 | Finished with OSCP Lab Machines |
| November 25, 2022 | Started with Proving Grounds Practice Machines |
| December 19, 2022 | Finished with Proving Grounds Practice Machines |
| December 22, 2022 | Scheduled the exam |
| December 25, 2022 | Got the official email from OffSec |
I took the 90 days labs time since It was default by Offensive Security pricing model, I started my course on October 1st, 2022 and I have immediately registered the exam on December 23rd, 2022. It took me 15 days, 87 hrs (approx) to complete course material PDF Guide and most of exercises. I was roughly spending 6 hrs everyday after work on my OSCP preparation. As per the New OSCP guidelines, It is possible to get 10 Bonus points when we finish 80% of exercise topics and submit the flag on the portal along with 30 lab machines.
OSCP Timesheet
After the PDF completion, I decided to do the OSCP Labs, There were different environments like Public,Dev,Admin,Production and some requires pivoting and tunneling to access the machines in other environments. I did almost 71 machines from the labs. It had 75 overall machines If I remember correct. Some machines in the lab were quite straight forward and few were really challenging. I went to Burp Suite Web Academy and completed the SQL-Injection lessons and Buffer Overflow room in TryHackMe as well. At the end of november, I have completed my OSCP-Labs and still almost had 4 weeks before the exam.
Now, I was contemplating to take a subscription either from HacktheBox or Proving Grounds Practice. This was one of the best decisions which helped me in clearing the exam as well. I have decided to take a month subscription from Proving Grounds Practice since it is directly from Offensive Security and there were many retired machines available as well. I decided to complete the famous TJ-Null OSCP-Like-Machines from Proving Grounds. I ended up finishing all the Windows machines and medium machines on Linux along with TJ-Null recommended machines. These machines were really tougher than the machines present in OSCP labs and this teached me so many techniques in the area of web application, privilege-escalation areas.
Now I have one week left before the exam, I decided to revise the buffer-overflow excercises and also I have done all the Extra-Mile exercises on the OSCP Course Materials for the Buffer-Overflow section to get deep understanding on this topics. I would definitely recommend the Extra Mile exercises as well, If you have time.
The Finale
One day before the exam, I was super relaxed and was skimming through my notes and checking the setup and taking necessary backup of the VM-Images. I started my exam at 11 am on 22nd December, I logged into the exam and followed the Instructions which was given by the proctor. I got 1 AD-Set along with 2 linux and 1 Windows machine. I did the exercises before, So I know I have 10 bonus points. My approach is first to finish the Active Directory set and get the 40 points secured. It took me less than 3 hours and I have managed to Pwned the active directory. The Active Directory set was straight-forward. The experience I gained from doing Proving Grounds Windows-AD type machine helped me alot along with CRTP experience.
Now I got 40 points from AD and already have 10 bonus points. I need now 20 more points to clear the exam. I took a 15 minutes break before starting the next linux machine. The linux machine was easier and I managed to get both user and root within 2 hour. Now I got 70 points and I was happier that I got the passing points. Now I took a 30 minutes break and went for the second linux machine. This was also easier and I have managed to root it within 2 hours. Now I got 90 points. It was almost 19:00 pm.
I took one hour break and came back to try the last windows machine, I managed to read both the user and root flag within first 30 minutes, But I can’t able to find a way to get a shell in the machine. I tried for 4 hours and did not manage to get the shell. So I went to sleep and came back after 6 hours around 4 am in the morning on 23rd December to give a go for another 2-3 hours. Still was not able to manage. So I gave up and started checking the old proofs and screenshots to make sure everything was there for each and every step.
Then I started to write the report and It took me 5-6 hours to complete the report with all the findings and screenshots and then I submitted the report to the OffSec
Christmas Day Present
On the 25th December, 2022 Christmas Day, I got the mail from Offensive Security that I have cleared my OSCP exam and the certificate is available for download. It was like a christmas gift to me. I was so happy that my hardwork paid off and all the skills which I have learned and consumed for the last years worked really well. I was able to get 80 points within 12 hours of the time and the Proving Grounds lab subscription helped me alot.
OSCP Mail
Bonus Tip: Preparation Guide
If OSCP is your first certificate in OffSec area, then I would recommend to start with eJPT course from Elearn Security along with TryHackMe, Burp Suite Web Academy and HacktheBox and then proceed to the following.
If you already have experince in Bug-Bounty Hunting or continuously working in OffSec area or actively participating in CTFs, I would definitely recommend the following.
-
First the OSCP Labs and course materials provided by OFFSEC, make sure to finish the exercises and have 10 bonus points. You never know, when It might come In Handy.
-
If you want to improve more on Active Directory: Certified Red Team Professional (CRTP)
-
Buffer Overflow Room from TryHackMe-BufferOverFlow Room
-
Definitely recommend this subscription for a month or so in Proving Grounds Practice
-
The Following proving grounds machines from TJ-Null List
-
Try to do as many machines as possible especially the machines created by @offsec
Proving Grounds Practice
-
The following machine are recommended for Active Directory Set:
- Vault
- Heist
- Hutch
-
Watch one Ippsec video a day. This helps alot to understand some techniques manually without using metasploit, which might come in handy during the exam.
-
Last but not the least, make sure to have notes on everything. I was using Notion for taking notes for my whole OSCP Journey