Advice from someone who failed the OSCP 3 times then passed.

Published in

Heck the Packet

4 min readJun 18, 2021

I failed my first 3 OSCP exams back in 2017–18, and finally passed this year, pulling off the most galaxy brain move of taking a 3 year long break before going again. This isn’t meant to be a “do these boxes and learn this thing” type of blog, it’s much more high level and is best suited for someone who really hasn’t prepared for the exam.

For ease of content and because I know people like the dotpoints, here’s my list of things that I think you should be doing before you sit your exam.

Mentally Prepare for the full 24 hours
Write the notes for everything you’ll use
Buffer Overflow shouldn’t be hard
Go have a snack and forget everything
Don’t Give Up

Mentally prepare for the full 24 hours

A quote I heard from every 3rd person who did the OSCP exam was;

In the first 8 hours, you’ll know if you passed or if you failed.

This constantly repeated in my head throughout the exam, what if I am not good enough to finish the exam, times ticking, did I do enough yet? This is what is told to you by people who passed the exam with a large amount of experience behind them, and this exam is not a race, it’s a marathon, it’s 24 hours, use it to your fullest.

Write the notes for everything you’ll use

The OSCP is hard, nobody denies that and they publicly mention this in all exam material. You can think you’re 100% ready to pop every machine and do it with your eyes closed, but remembering which commands does what, and that one random shell you popped is a massive confidence boost, and saves you grepping through your history file mid exam.

Even if you have 48 hours before your exam and you’ve written no notes, this can be done. This exam, I wrote every command I thought I could use, and consulted numerous cheat sheets to distill information, everything from common files to loot from local access to SQLi strings, the main point of this is to have quick reference that you can refer to.

Buffer Overflow shouldn’t be hard

In the exam, you should not find a buffer overflow hard, it should be a quick 1–2 hours at max. You should be well versed if you spent your lab time wisely, if you’re like me and didn’t, the course material runs it through really well. That should be in your notes, and should be a step-by-step guide. I used 3 major resources for the exam, which I combined into 1 notes file to make a very simple and easy to follow Buffer Overflow step by step. These 3 should be enough to have you ready for the exam, if it’s your first attempt and you are struggling, follow the PWK documentation, it does an amazing job and the videos are a great quick reference guide.

Go have a snack and forget everything

No, seriously forget everything, go to McDonalds and get a Sausage Muffin and a Vanilla shake, have a mild coma on the couch and question your life choices. By the time you come back you would have forgotten all your assumptions that you had before that and you can come back with a clear mind. This helps when you have been stuck trying to exploit something for a long period of time, most of the time you will have an assumption that prevents you from exploiting the machine, maybe you didn’t update a payload, maybe you didn’t read the manual, or maybe you didn’t remember to trigger the exploit and have been waiting on a netcat listener for the last 5 minutes.

(this saved me at one point in the exam, and I wouldn’t have passed without that terrible mix of Sausage muffin and vanilla shake)

Don’t give up

I almost handed in the towel 3 times on my last exam, each time I felt defeated, my sleep deprivation had gotten to me, bed was calling, I had not enough points to pass, I consumed enough caffeine for 2 days and had nowhere to go. Don’t give up, never give in, and if you are stuck, keep pushing new directions, every second pushes you further on these machines. If you need a motivational video, here are some of mine: