Another Try Harder OSCP Exam Review
Here’s another narrative on my journey to achieving the OffSec Certified Professional (OSCP) certification. I’ll share my experiences with the course and the preparation strategy I followed for the exam. Given the abundance of posts on study and practice resources, documenting my process might be beneficial for someone who feels a bit adrift.
Credit: OffSec
Unlike many certification programs that rely on multiple-choice questions, success in the OSCP exam hinges on hands-on practice, which could stem from professional experience or engaging in Capture The Flag challenges as a hobby. Simply cramming books won’t cut it for the OSCP.
Professional experience in the field can be a double-edged sword for the OSCP. The advantage lies in the acquired skills to meticulously search for vulnerabilities and the resilience developed over time. However, the drawback is the reliance on automated tools in a professional setting, which might not be allowed in the exam, presenting a challenge to adapt.
Every time I think of the OSCP exam, this keeps popping up in my mind.
Call Offensive Security: Holidays
When I enrolled in the PWK (Penetration Testing with Kali Linux) course offered by Offensive Security in the past, I wasn’t quite prepared to embark on this path, nor had I planned to start then. Time was wasted eventually and I didn’t proceed any further. After years of working as a blue teamer, I became more curious about offensive security. Then, I restarted my learning journey to learn more about offensive security and red teaming skills.
Exam Preparation Resources
Here are my exam preparation resources:
PWK Penetration Testing with Kali Linux
TCM Courses:
- Linux Privilege Escalation for Beginners
- Windows Privilege Escalation for Beginners
- Hacking Active Directory for Beginners (over 5 hours of content!)
The Journey to Try Harder: TJnull’s Preparation Guide for PEN-200 PWK/OSCP 2.0
Learning Pathway
I started my journey with the Zero-Point Security Ltd Certified Red Team Operator course. (Refer to CRTO Exam Review)
Then, I proceed with the TCM Security PNPT course. (Refer to PNPT Exam Review)
I got the order wrong. I should have started with the TCM Security PNPT certification exam and then the ZeroPoint Security Certified Red Team Operator course. Anyway, I took both exams without any issues. So, I gaining more confidence back to take the OSCP exam next. I purchased the exam voucher and booked the exam. Too bad, no exam slots are available anytime soon for my region. It ended up that the only available exam time slot for me was the Easter🐰Long weekend holidays. Oh well, I would have to sacrifice my holidays and family time to do the OSCP exam.
Exam Day
Quite unlucky, my family member was sick and I didn’t have enough sleep the day before the exam and couldn’t reschedule the exam in a short period. So I only had like 3 hours of sleep then kicked off the exam on Easter Saturday at 0400 in the dark morning 🌃 and spent several hours on one of the standalone machines. Despite some initial hitches🗜, I soon hit my stride🏃. After a few hours, I finally gained access to the first machine 🖥. I breezed through the initial rhythm but then hit a significant snag that threw a wrench 🔧 in my progress on another standalone machine. A several 💻 refresh doesn’t work either. Then, I started to realise that I had set up the host firewall locally and no wonder some of the ports were not working at all 🤦, which was a bit of a time sink ⌛. Persistence paid off though; by evening 🌆 at 2000, I was back on track to work on my AD set machines, wrapping up around 0100 🌃. I notified the Proctor to end the exam at the 21st-hour mark. I was so exhausted and totally trashed and really needed some sleep. For the whole exam, I took an hourly 15–20 min break to stretch, rehydrate and re-energise myself. I only took about 30 minutes of power nap during the exam.
Exam Report
Woke up again on Sunday at 0900 to start working on the exam report. I used the exam report sample template provided by Offensive Security. While it might not win any design awards, it’s efficient and straightforward which is exactly what’s needed for the OSCP exam. No need to reinvent the wheel in terms of report styling here. Compiling the exam report was relatively smooth, thanks to the quality of my notes and many screenshots taken during the exam. However, this stage also showed where my notes could have been better. I didn’t rush through this process allowing myself to take breaks and ensuring I got plenty of rest overnight. After rigorously reviewing and ensuring everything was in order, I submitted my exam report on Sunday at 1400.
Try Harder and Wait Longer 🤪
The acknowledgment email from Offensive Security mentioned that results would be communicated within 10 business days. The waiting game is the most painful period. I’m just wondering if my exam report got accepted or not, as I heard that OffSec is quite strict about the exam report and submission. So, I’m anxiously waiting for the exam results each day. Time flies each day, and I still don’t get it. Day by day, I check my email periodically, and it hasn’t arrived yet. On a late Thursday evening at 1942. The wait was worth and I finally got the exam results email from OffSec in my mailbox.
The OSCP journey is as much about personal growth as it is about professional development. It’s a testament to your determination, willingness to “Try Harder” and ultimately, capacity to conquer what initially seems insurmountable. So, to those about to embark on this journey, I salute you. May your path be fraught with challenges, for we truly evolve through these challenges.
Thanks for the OSCP exam journey. OffSec
#offsec #oscp #cybersecurity #penetrationtesting #redteaming #offensivesecurity #learning
