OSCP 2023 version — A Small write-up on preparation and my exam experience
Being in the tech industry for almost 8 years with 5 years into Pentesting, OSCP was always in my certifications list, I’ve started this journey back in 2020, but I didn’t continue it for some time. Its 2023, believed it’s going to be another great year for me if I put in my work and some effort. As a remote worker for almost half a decade, I always have good enough time for upskilling and certifications after my work hours.
By accident, I have booked this exam just a day before my birthday, it was finally ended up being an unforgettable birthday of my life. Even though I have submitted the report on time and confident enough as I have solved enough machines to clear the exam (80 points + some try on final machine), I was impatient till the result got arrived, after almost a week.
I am stopping right here. Let’s get into technical details and preparation stuff,
Web Apps / CMS
(Image source: https://rb.gy/zp043)
Working knowledge of web apps / CMS is essential for any pentester irrespective of certifications you opt for. To sharp up your web app / CMS testing skills, there are plenty of resources I have used, started with
- PortSwigger labs as everyone knows https://portswigger.net/web-security
- Download vulnerable apps (DVWA / BWAPP), learn about server-side attacks, that can get you access to the target
- Download vulnerable CMS and vulnerable open-source projects, practice it.
- Learn to use CMS scanners like WordPress scanner, Droopscan, Joomscan, etc, which may detect CVE and vulnerabilities like exposed admin panels, directories, etc
Exploits:
Finding, compiling, modifying exploit code is essential for getting initial access as well as PrivEsc. If you are a non-programmer, start learning basics of programming in python and shell-scripts, in which most of the exploits are written.
Tools of choice:
As mentioned in the FAQ and Exam Guidelines, you’ll have to follow the tools and restrictions (I don’t have much to say about it, as it is very much clearly specified in OffSec exam guide).
Network Pentest
1. Most of your Network Pentest skills can be practiced using HTB platforms, TryHackMe (some of the rooms are absolutely free), VulnHub, etc. based on your choice
2. Proving Grounds — OffSec offers monthly subscription to PG labs, through which you can practice lot of techniques to exploit the machine
OffSec labs:
While booking for exam, you will get access to labs as well, you can practice most of the techniques from there, especially if you want to practice Active Directory (Exam comes with an AD set of 40 points which is highly crucial to point to pass the exam)
Active Directory:
New and updated exam comes with 40 points for AD set, the main aim is to compromise the Domain Controller via various techniques (AD Enumeration, Kerbroasing, Windows Process Execution, lateral movement, pivoting, etc)
Most of these things can be practiced with Offsec labs, HTB and TryHackMe (some free Rooms available).
All of the above learnings can teach you about multiple tools, techniques, identifying and working with exploits, Privilege Escalation, etc
PrivEsc
Learn up to date techniques for windows and linux privesc using the Offsec labs, Proving grounds and HTB. There are free PrivEsc rooms available at TryHackMe for both Windows and Linux Privilege escalation.
Screenshot and notes:
I have used Microsoft OneNote, nothing more than that was required for me.
Reporting:
Reporting is a crucial part of the exam, even if you got the points that is required to pass the exams, a badly messed report can fail you. Make sure you follow all the reporting guidelines provided by Offsec. I would highly recommend using the reporting template provided by Offsec, as it will be easy and familiar for OffSec people to evaluate. Also, you have to send the report as per the file format, file size, encrypted, according to the provided guidelines.
How to wait for results patiently:
Even if you got good enough point to pass the exam, it will be highly frustrating for anyone to wait for results, despite you’re confident about your points. Just relax and get yourself distracted by going to movies, hangout or travel somewhere or some personal hobby of your interest, for a week or so. As per OffSec, it will take 10 days to get your results, you don’t need to think about it 24x7 just like I did impatiently, overthinking won’t change the results magically.
Finally got my results after 5 days, gotta be one of best moments of life and an unforgettable birthday for me in last few years
Now I am OSCP certified, what’s next for me:
Ok now I am an OSCP, what next? I have started my cloud pentest training with Pentester Academy, in 2022. Also, I have real time experience with AWS infrastructure as a part of my job responsibilities. I will practice more on it, look for additional open-source resources for practical learning and free labs, instead of going for a paid training for next few months. Cloud Security and Cloud Pentest are my interest as of now, I have already earned few certifications and trainings from AWS as sponsored by my employer. Down the line after a year, I may look into something like OSEP, I highly doubt if I will go for OSWE, as I have good experience with source code reviews in multiple programming languages not sure if it’s worth spending money on it for the sake of certification (my personal opinion)
Also, I will be on my learning journey with Rust programming which I have started few weeks ago.
This year, I have booked tickets for NullCon Goa 2023 event which is sponsored by my employer. (Unless if there is a personal emergency situation at the final moment), if you got to be there feel free hit me up.
PS: This write-up is approved by OffSec team,
Edit (11-Jan-2023): Unfortunately, I couldn’t make it NullCon Goa. On Aug-8,2023 I woke up with a dislocated shoulder. A couple of week before the incident I have pushed heavy on gym that caused ligament tear and weakened by shoulder labrum, so my shoulder got dislocated when I stretched after waking up. It has happened a couple of times on subsequent days, so doctors opted for surgery, currently I am recovering from a shoulder arthroscopic surgery, hopefully I can be better at least in a year. So that I can able to travel for conferences hopefully. Morale: Never push too much on gym, its not worth it, especially the workout that involves shoulders / hips / knees.
