OSCP Review

OSCP Review

This review is a few months after the fact and since passing, I have already earned my CRTO (which I hope to review at a later time).

The journey prior to purchase:

The simple act of purchasing the PEN-200 learning package is a huge leap within itself as most will wonder if they are ready take on this challenge I was one of these people. Fear of what was beyond the path lesser traveled was a plague that had held me back for a small amount of time.

Prior to purchasing, I had Comptia's (A+ Net+, Sec+, CySA+, Pentest+), INE's eJPT, and TCM's PNPT. Before continuing, I want to emphasize-THIS IS NOT THE ONLY PATH. Approach the OSCP in a way the suites your lifestyle and funding available. Some people may only need pen-200, some others may need more.

In regards to learning platforms, I had been using Hackthebox and Tryhackme platforms. For beginner level learning, I highly recommend Tryhackme (However this is not by any means meant to discourage Hackthebox usage) Hackthebox (in my experience), was a tad bit harder and may result in early discouragement.

As of this writing, the current pricing is $1599 for 90 days of labs time and 1 attempt or $2499 for 1 year of lab time and 2 attempts (LearnOne). As far as my experience, I had purchased the Pen-200 LearnOne plan in November of 2023 on a black-Friday sale for $1999 (luckily). However, as we will discuss later in this post, I only needed the 90 day plan.

Time to Learn:

As soon as I had access to the learning material, (which was a few hours after purchase) I immediately dove head first in. Alot of the early chapters and concepts were more of a review (thanks to the PEH course from TCM academy and HacktheBox academy pentester pathway). If I were to say, honestly, about 70% was a refresher with new ways to improve on my methodology.

The course material itself consisted of reading material followed by some kind of video. Most sections had a practical application portion in which a personal VM was spawned and you would complete small exercises to ensure you understood what concepts were taught. Roughly estimating, this material took me maybe a month to 100% complete.

Really not much else can be said, just power through the course and Create your own notes. Using someone elses course notes my help you pass if you are lucky but in reality, you want notes that you understand and know how to reference (This is one of the reasons I have private notes).

Lucky lab time:

Once you complete the learning material, then you should be prepared for the labs. These consist of 3 simulated company labs and 3 OSCP practice test. Please note-as of the time of writing, 1 of the simulated company networks had been declared by Offsec as "out of scope".

My strategy had been to take out the 2 company networks over a 1-2 week span and then use the practice exams with a timer to gauge where my skill level currently was. After about a month, I had completed both networks and all three exams with some assistance on newer concepts from discord research.

Looking at this in comparison to the exam, some concepts were easier and some concepts were about the same. The key item to take away from the practice environment is, that you are learning CONCEPTS-not answers. I have seen some confusion that if you can pass the labs, the exam will be a cake walk. However I disagree. You should strive to understand the "how" and "why" of every aspect and alternative pathways that can be present in each exercise.

I'll wrap up this section by emphasizing the 10 bonus point you can obtain by submitting 30 proofs from the lab. Please strive to obtain these. No one is gonna think any different if you pass based on bonus points.

Outside practice:

Around this time, I officially scheduled my exam on February 19th. At the time of scheduling, I was roughly 3 weeks away and it was time to grind.

During this time I went through and completed every single proving grounds practice box on TJ nulls Version 3 list. The game plan was to complete 2-3 boxes a day up until the week prior. Keeping to my set plan, I was able to complete all my boxes in a shorter amount of time and only used a few nudges only when I needed to refine the methodology.

The exam:

Here it is, the moment I have been waiting for time to shine and ace the exam in 2 hours....right?

I had scheduled my exam to begin at 1930 (EST) as I had just rotated off of night shift. Remember, play to your advantage. Do not schedule out of convenience. I had signed early and verified my ID and such and had about 10 mins to sit in silence until I received the VPN pack. Once I got connected it was off to the races. Time to show this exam what I am made of.

**SIX HOURS LATER**

I did not have a darn thing. I kept thinking, "How did I come this far to get zero? Am I actually cut out for this? Did I miss something?".

After taking a break and coming back, I took a deep breath and started from zero and stopped assuming and then something worked. About an hour, later I complete the AD set. Sweet! This should be smooth sailing now.

**SIX HOURS LATER**

I was lost yet again. "How in the world did I complete the AD set and cant get a single foothold?." I immediately took another break and came back to look at what I thought was a box I could get a foothold on. After some brain power, I got a user shell and immediately went to take a nap.

**ONE REALLY SHORT NAP LATER**

I will be honest with you all, I lost track of what time it was and time just kinda flew by and all of a sudden I am sitting there with 1 Hour left and 50 points and 10 bonus points. At this time, some may have said the heck with it and moved on but I was going to go down swinging. A few moments later, with 15 mins to spare, I was root/system. I did it. I had the needed points for the technical portion.

The Report:

This section will be fairly brief as report writing is pretty straight forward. Even though I had the minimum needed points, I was going to submit a report. I'd rather fail due to a bad report, then not try whatsoever. In total, I submitted my report with about an hour to spare.

The wait:

48 hours later I received official word I had passed and felt a great relief. All my hard work finally had paid off. I will say the wait after submitting the report was more draining than the exam itself. I felt like I was stuck to my email every waking second.

Final Thoughts:

  • Great exam. I highly recommend it to anyone wanting to test your own skill.
  • Create you own set of notes!
  • Focus on your methodology.