It’s just another Saturday, I wake up around 6:30 am, get ready and head into the office to start my 12-16 hour day of Penetration Testing with Kali Linux (PWK/OSCP) training from Offensive Security. Although, it’s not like the last 16 Saturdays, today is exam day.
I sat down at my desk around 7:30 am, just before the exam started at 8 am. The exam credentials and instructions came right at 8 am, and away I went. I spent the next 15 hours working on the exam without leaving my chair for more than a minute or two at a time. The exam started off really well but by mid afternoon I was stuck on something I thought should be easy. I decided to move on to other machines, which was a fantastic idea looking back. I realized the brain fog was starting to set in around 11 pm and needed a break. So I went home around midnight, took a nap from 1-4 am, and then went back at it. I left the office that night knowing I was close to passing the exam but I didn’t want to leave it up to luck.
I spent the remaining 3 hours (half-asleep) on the last box. There were so many damn rabbit holes I just couldn’t find the right thing to exploit! About an hour before the exam ended, I went back through my notes to make sure I had all of the required screenshots (Exam Requirements). After the exam time expired, I worked diligently on the report, which is obviously one of the most important parts of any pen test. After completing and then reviewing the report numerous times, I packaged everything up (Lab Report/Exercises/Exam Report) and sent it off to Offsec for their review.
OSCP Exam Complete
An email came a few hours later saying they had received my documents and that I should receive a pass/fail email in the next 3 business days. I received the pass email within 2 business days of submitting my report! I was so happy to have passed the OSCP on the first try! I’ll never forget the moment I received the email from Offsec, the stress and weight of the exam was immediately gone. Waiting for that email was absolutely painful even though I knew the report covered all the requirements and I had enough points to pass. It may not seem like it from this review, BUT this was the most grueling exam that I’ve ever taken. I don’t want to give too many details away about the exam but imagine banging your head on the wall or a desk for 24 hours straight…Welcome to the OSCP exam! 😉
OSCP Exam Recommendations
- Rotate through machines every 3-4 hours.
- Organize all notes and exploits for easy/quick access.
- Avoid rabbit holes – #1 helps with this.
- Take breaks, if you need to :).
- Know your limits.
- Spend at least 2-3 days working 14-16 hours straight on the PWK labs. Simulate the exam experience by attacking 3-5 machines during this period. I did this multiple times and it really helped me prep for the exam.
- Complete all exercises and the lab report for an additional 5 points on the exam.
The coursework was great! The course came with a PDF and instruction video’s. PWK syllabus can be found here. There were a few gaps where the PDF had more info than the videos and vice-versa but that’s really my only complaint.
OSCP Coursework Recommendations
- Complete ALL coursework/exercises before working on the lab machines. I cannot express this enough.
- Understand each exercise, don’t just complete the exercise and move on. Understanding is key.
- Utilize the PWK Forum and Offsec support as needed.
The first time I accessed the PWK lab I was a bit overwhelmed. There were a ton of machines in the public network and I didn’t know where to start. From there I devised a plan to go after the low hanging fruit first (the easiest to exploit). Some of the coursework helps you find the low hanging fruit, but after that, it’s all on you to devise a work-plan. The lab environment was awesome. There were all different kinds of servers from Solaris to XP and everything in-between. There were many different kinds of software and services running on these machines, which gave me a good look at many different vulnerabilities and exploits.
OSCP Lab Recommendations
- Make sure you’ve read the Exam Requirements BEFORE starting on the lab. Practice what you need for the exam throughout your lab work.
- Find the low hanging fruit.
- Rotate through machines every 3-4 hours. Take good notes so you can come back to the machine later.
- Get a good feel for Metasploit, Meterpreter and sqlmap but do not rely on it through-out this course. Get comfortable finding and editing exploits, you can only use Metasploit/Meterpreter on one machine on the exam.
- Utilize the PWK Forums only when stuck on the same machine for 8+ hours.
- Document everything you do and everything you learn. I used OneNote.
Start to Finish Recommendations
- Make sure your significant other, family, friends, etc. have a good understanding of the dedication needed to pass this exam.
- Make a promise to yourself to dedicate a specific number of hours every day to PWK. I chose to dedicate on average 4 hours a day for 4 months.
- Purchase 90 days of lab time when you will not have any vacations or extended periods away from the lab.
- Spend the first 2-3 weeks working on the exercises and coursework.
- Spend the next week or two rooting the low hanging fruit; and then, move on to harder machines and other networks.
- Root as many machines as possible without using Metasploit, Meterpreter, and sqlmap (or as little as possible).
- Once the lab time expires, work on buffer overflows, reporting and Vulnhub (See below).
- Take 2 days off previous to the exam. Go have some fun, because the upcoming exam will be anything but :).
Most importantly, DO NOT give up. The motto for Offsec, if you’re not familiar, is Try Harder! If you don’t succeed the first time….try, try, again :).
If you’re not familiar with vulnhub.com, check it out. They have a ton of Boot2Root/CTF style vms and some of them are similar to lab machines. Below is a list of vms that were similar to lab machines that I completed while studying for the OSCP:
- Kioptrix Level 1
- Kioptrix Level 1.1
- Kioptrix Level 1.2
- pWnOS v2.0
- SickOs 1
- SickOS 1.2
- FristiLeaks 1.3
- LordOfTheRoot 1.0.1
I don’t think I would have been successful in passing the exam if I did not complete these Vulnhub vms. I would HIGHLY recommend you complete all of these before taking the exam. DO NOT complete these vms without understanding every single step you take to root them and remember, document, document, and then document some more :).
The exam and training couldn’t have gone any better. If you follow the Start to Finish Recommendations above, I know you can pass the OSCP too! Offensive Security did a great job putting this course together and I can’t thank them enough. I can say I successfully Tried Harder! I look forward to taking the Crack The Perimeter class next year as I work towards the Offensive Security Certified Expert (OSCE). Check out this link for a list of links I used while studying for this exam. I hope this was helpful. Thanks for reading!