Hey Martian🐱💻 !
My name is Sandesh and I have recently passed my OSCP exam . I am very happy about clearing this exam and would like to share my experiences about OSCP prep and exam
About a year ago , I had joined a Cybersecurity Course in HackerU. I come from a tech background , so this was all fun for me . Although it was tiring and too much to grasp in too little time , I enjoyed the course .
After completing the course , I was “distracted” by bug bounty posts on LinkedIn shared by cybersec community 😅 , and I started researching on how to earn “$$$ bounties “ . I learned a lot during this time but later realized this could have been done in free time rather than dedicating all my time to learning “how to get bounties” .
One of my friends from my batch cleared OSCP exam in October 2020 and I thought I should go for it . I asked my mentors ❤️ ( Swaroop , Yogi and Azaz ) about how I should proceed with preparations . All of them guided me well. Swaroop ( the head of HackerU , India ) had arranged many online meetings with Cybersecurity Industry Experts who shared their invaluable experiences with us and also answered our queries regarding OSCP exam . Yogi , at HackerU , is your best friend . He will help you clear your doubts and will share useful resources to study . Swaroop and Azaz are very experienced in this field and will guide you through difficulties faced during the course.
Coming to the course details , The course offered by HackerU is Master Certificate In Cyber Security Course (Red Team) which will help you prepare for OSCP exam . — ( https://www.jigsawacademy.com/master-certificate-in-cyber-security-red-team/ ) — —
The time I spent in HackerU was very productive and fun . Swaroop sir gifted me a book written by him “ https://www.amazon.in/Learning-Penetration-Testing-Swaroop-Yermalkar/dp/1785883259/ ” . It was awarded to me when I discovered a vulnerability in one the VM’s shared by one of the previous instructors :P
Also had a lot of fun with my super duper batch mates
FIRST ATTEMPT : So when I started preparing , I read a lot blogs about OSCP prep and how to crack the exam. I wanted to eat OSCP before 2021 . So , I took one month labs access in November mid week and on the same day , immediately scheduled the exam on 28th Dec 2020 . I practiced all machines in TJNULL’s list in one month and solved only 2 boxes in the OSCP labs (🦅 I strongly recommend you to complete as many machines in OSCP labs to increase chances of clearing exam in first attempt ) . I used to do HTB machines and watch IPPSEC videos for those machines. I attempted my first attempt on 28th Dec 2020 and solved 4 machines attempting 65 marks . So I didn't pass my first attempt . I wasn't disappointed by this failure . The next day , I paid for reattempt exam and scheduled my next exam on 27th Jan 2021 . I was happy about giving the first attempt , it was a awesome experience and helped me a lot knowing which areas I needed to prepare more (🌠Windows Priv Esc) .
SECOND ATTEMPT :On 27th Jan , I went in my exam with a chilled mindset and solved all 5 machines but couldn’t get root shell on two 20-points marks . So this time I attempted for 80 marks.
When exam started , I went after BOF machine and put all other machine on auto enumeration using nmap_automator tool . It took me around 4~5 hours to complete the BOF 😵 because I had issues while finding bad chars the first time . I reverted the machine and got the bad chars right this time. After this ,I went for 10 point machine and completed it in 1 hour .
Then I attempted 20 , 20 point machines and was able to receive only user access on both the machines. Just 2 hours before my exam ended , I started working on the 25 point machine and got user and root access . I was happy that this time I had attempted for 80 marks. I took some rest after ending the exam and then I prepared the report and submitted it the next day . I thought it would take a week for the results to come in but the result came within 48 hrs of submitting the report at 4 am in the morning . As soon as I saw the email , I send WhatsApp messages to all my Mentors and my Family members and my friends . Most of them were sleeping at that time . But few night owls 😁 read my message and called me .Everyone was happy . and I ,still, am not able to believe I cracked OSCP 🤩 .
There is this belief that OSCP exam is extremely tough and requires a hell lot of practice of practice and many many many months of practice . My view about this exam is different — it requires a lot of practice (yes) — it requires many many many months of practice (no) . If you have been preparing for this exam for 3~4 months , it is possible to crack the exam . Don't delay the first attempt .Give it as soon as possible and pass . OR Give it as soon as possible and fail AND practice again for a while and attempt again .( the reattempt fees is around $150 ).I feel , Its better to fail fast and try again , rather than waiting a looooonnnggg time before even going for the first attempt .
Cheatsheets I followed during my practice :
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
It is recommended to document and develop your own recon style which will help speed up things while solving boxes .( I will publish my recon style in few days ).
I ain’t a expert 😉 but if you want to talk more about my OSCP experience you may contact me at → email@example.com