Passing the OSCP while working full time

Only have 15h a week to study? Setting career goals for 2020? Want a cert where you will learn a lot?

You will notice that the OSCP is not a very welcoming cert for those who have to work 40+ hours a week and on top of that might even have a family or hobbies.

Reading people’s experiences where they are able to focus 100% of their time on the OSCP and finish the guide/exercises in a couple of weeks, plus the fact that lab access is bought by days, can be intimidating for those who can’t allocate more than 15 hours a week to study.

I found the OSCP an incredibly rewarding course where I learned more than with any other cert (and I’ve done a few!). That is the reason I am writing this article: to encourage those who might be hesitant to sign up for it.

The best material to prepare for OSCP are the PWK labs, there’s no discussion about that.

However, the issue with them is that you will receive the guide/videos at the same time you receive lab access and the more time you spend reading the guide the less lab time you will have.

I probably spent 250–300 hours preparing for the exam so at 15 hours per week that should take you a good 5 months.

I put together a plan so you can make the most out of the lab time, so as soon as you get lab access you can start using them.

The steps I suggest are:

1. Familiarize yourself with the PWK content.
2. Read some online OSCP reviews like Tib3rius’, blacksh33p’s. It helps understand what you should expect and also evaluate if the OSCP is right for you (there’s a lot of things one can do with 300 hours!).
3. Go through Georgia Weidman’s book which covers most of PWK content. Alternatively, Google everything that is on the PWK Syllabus and make sure you understand it.
4. Support that with a couple of the OSCP notes online. (1, 2, and my favourite).
5. Do the Local Privilege Escalation workshop and go through Tib3rius Linux Priv Esc course on Udemy. This might not be fun but you’ll learn a lot.
   Also check g0tmi1k linux privilege escalation guide and FuzzySecurity Windows Privilege escalation guide, everyone recommended these two but it wasn’t until I did the LPE Workshop that they made sense. Guifre also has a few good reference guides. Unless you come from a sysamin background, privilege escalation is one of the toughest chapters out there, and without it there’s no way you can root a machine, so I strongly recommend you spend a lot of time here.
6. (optional) Join the OSCP Discord channel.
7. Spend a weekend or two doing the Dostackoverflowgood workshop and then VulnHub’s Brainpan to nail the Buffer Overflow. Make sure you understand how to use mona.
8. Sign up for Hack The Box (HTB), get the VIP subscription, and make your way through the OSCP like boxes with the help of IppSec videos and online write-ups. I can’t recommend IppSec highly enough — I learned so much from there but I understand it can be overwhelming sometimes (especially when he fires up Burp).
9. HTB rates machines by difficulty so… maybe start with the easy ones.
10. Document how you compromised the machines and make sure you avoid using Metasploit as you only get to use it once in the exam.
    HTB can be very frustrating since a lot of boxes require a “lucky guess”, where for example a password will be the name of the machine, meaning it won’t be crackable through a Hydra or similar. Make sure you don’t pick the habit of checking the write ups as soon as you get stuck, use them as a last resort.
11. Use AutoRecon while really understanding the commands behind it. At the beginning I didn’t quite understand it so I did everything manually, after a few machines I switched to it and I must say it saved me on a few boxes. Plus it keeps everything organised in folders, which when you are attempting to compromise multiple boxes in 24 hours helps.
12. Take notes of everything as if you were teaching it to yourself from the past. If life happens and you need a couple of months off you will appreciate it later. There’s a lot of discussion about recommended tools but OneNote and its cloud sync and search function were the best for me.
13. When done with the HTB boxes from the list sign up for PWK keeping in mind it takes a couple of weeks to receive the material/lab access. As soon as you do go through the PDF which should be quite quick as you would be familiar with the content by now.
14. Start with the exercises and go to the videos if anything doesn’t make sense. I found the videos more detailed than the pdf.
15. Move to compromising machines from the lab, you will need to report 10 of them using different methods plus the exercises to get an extra 5 points. A lot of people report that there is a wall around the 60–65 points (passing score is 70) so def worth doing.
16. Before the exam do make sure you have read the OSCP exam guide and all the emails you receive from them.

Other advice:

Each one will have a different experience but a few things that I didn’t see anywhere:

• Set up and write down a realistic agenda of what you want to achieve every week, helps tracking your progress and making sure you don’t abandon your studies.
• Don’t stress out if you’re not fluent in Python or Perl, but you should be able to read what code does and be able to modify it.
• Learn how to stay focused for long periods of time. This was incredibly hard at first since I have a job were I juggle multiple things at the same time: Keep your phone and other distractions away while you study, use pomodoro timers, … These studies will take a lot of your own time, make sure make the most out of it.
• The day(s) before the exam should be spent relaxing so your brain is fresh when you start: Do not study at all, watch a good movie, exercise, avoid anything that might stress you out. I can’t recommend this enough.
• During the exam avoid drinking too much coffee, eat meals half the size as usual, avoid sugar, and keep in mind you have 24 hours for it which should be plenty. Don’t rush, don’t stop.
• The proctoring software and webcam stream put a strain on my 8GB RAM Macbook. I was using three screens during the exam but still the Kali VM was frustratingly laggy on the exam day and forced me to not record my exam using OBS (as many recommend). Make sure you have a capable device.
• Consider your first attempt as part of the labs. Reattempts can be done almost immediately after failing (if there’s availability) and are not too expensive compared with the PWK cost. This helped me relax a lot before and during the exam.

I rarely check Medium, even less with the paywall these days, so if you have any questions I’d suggest Reddit or the Discord group.

Good luck.