Passing OSCP with a Penta Kill

I passed my OSCP exam, and I rooted all 5 exam machines in 11 hours and 4 minutes (excluding rest time). In the lab, I exploited 46 machines (40 rooted, 6 user). This article is to share:

• some of the good/bad decisions I made
• each and every resource that made a huge difference to me
• my exam strategy

Foreword

I have very little pentest experience before PWK, but I’ve been working in the cybersec industry as blueteam for almost 6 years, and I have reported several CVEs (mostly RCEs). To prepare for the exam, I purchased a total of 150 days of lab time to familiarize myself, and I worked VERY hard to pass this exam.

Study

The 382-page PWK PDF took me a month to digest. During that time, I wish I had known the following:

Try the Exercises in the Lab

I didn’t do any lab during my 30-day study, and it turned out to be a WRONG decision. Not only did I lose 30 days lab time (15 days cost $200), but the lab is just easier as you follow the exercises. Trying out the exercises will get you lots of low-hanging fruits, which you’ll find helpful for compromising other machines.

Don’t Delve into too much Detail

I delved too much into the detail of protocols like SNMP, SMB, POP3, IMAP, SMTP, etc. This cost me 2–3 weeks, and it didn’t pay well. Know enough to be able to USE…