TACKLING THE OSCP
“Fall seven times and stand up eight.” – Japanese Proverb
Following two failed attempts, I persevered and obtained the coveted OSCP on the third time around. The overall journey took me about a year and half of studying, practicing and scouring the internet through countless resources. In the following sections I will provide an overview of the exam and its requirements, share insights into my preparation and go over what candidates can expect while taking the exam.
What is the OSCP?
The Offensive Security Certified Professional (OSCP) certification is a milestone achievement for entry-level security professionals aiming to delve into the world of ethical hacking and penetration testing. It's an internationally recognized certification that not only demonstrates your technical prowess but also your ability to think critically and solve complex cybersecurity challenges.
This is an entirely hands-on penetration testing certification. It focuses on teaching practical penetration testing skills and emphasizes a "Try Harder" attitude. Unlike other certifications that rely on multiple-choice questions, the OSCP requires candidates to successfully compromise machines and systems within a controlled lab environment. This approach to certification is why it is considered the "golden ticket" into Offensive Security and coveted by so many organization prospects. It doesn't just ask you to check a box, it tests your ability to apply what you have learned in the coursework to real-world scenarios and showcase technical aptitude.
Prerequisites:
To attempt the OSCP, I recommend at least the following:
A solid grasp of computer networks and essential security principles is imperative. Proficiency in comprehending how devices communicate via different protocols such as IP, DNS, HTTP (among a myriad of others), as well as understanding the fundamental security aspects associated with each, are the foundation that every aspiring security professional should possess before embarking on this journey. If you're seeking a solid starting point to fortify your understanding, I highly recommend considering certifications such as CompTIA Network+ and/or Security+.
Basic Operating System experience with Windows and Linux is also necessary. As the majority penetration testers spend a good amount of time in Kali Linux, it is imperative to be comfortable at the command-line. For the Windows side of things, you will want to understand the basics of how Active Directory works, such as domains, objects and groups.
Recommendations:
Before attempting the OSCP, I highly consider one takes the training course, which includes lab access, videos and a PDF.
Practice. Hone your skills on various platforms like Hack The Box and TryHackMe. These platforms offer a wide range of challenges and machines that mimic real-world scenarios. There are plenty of lists out there that the community has made to highlight which boxes are most like the exam. I did around 25 different Hack The Box machines at Easy/Medium difficulty and felt that was sufficient.
Be comfortable with your tools. There will be times where certain tools do not work, so always have a backup tool that does the same thing. Know nmap and netcat and all of their flags.
While having a background in programming isn't a strict requirement for pursuing the OSCP certification, it's beneficial to have a grasp of fundamental programming concepts like objects, variables, arrays, and functions. Furthermore, since many of the exploits encountered are written in Python, a basic understanding of Python can be invaluable. You don't need to become a coding expert, but having the ability to comprehend how an exploit functions and where adjustments can be made to align it with your objectives is definitely advantageous.
Find a good note taking tool. Whether you opt for OneNote, Obsidian, CherryTree, or even a basic notepad application, the capacity to capture comprehensive notes and screenshots while tackling the OSCP exam is indispensable for achieving success. Effective note-taking stands as a pivotal skill that not only aids you during the exam but also molds you into a successful career penetration tester.
What to Expect from the Labs and Coursework:
Like previously mentioned, the OSCP courseware includes instructional videos, a comprehensive PDF guide, and access to a virtual lab environment. The labs are where you will spend most of your time honing your skills.
Lab Environment:
The OSCP labs provide a diverse range of machines and networks to practice your skills on. You'll encounter systems with various vulnerabilities and degrees of complexity.
The lab machines are your playground. Your goal is to gain access to these machines, escalate privileges, and collect flags that prove your success. Before attempting the exam I compromised around 30 machines and felt this was enough to get a substantial grasp on the overall methodology.
Course Materials:
The courseware covers a wide array of topics, from information gathering and vulnerability assessment to exploitation and post-exploitation.
The course contains everything one needs to know. Everything needed to pass the exam is covered, even if it is brief. While it does a good job of going in depth on topics, there are times where I found information lacking in areas, while others I felt were covered too much. Supplement knowledge where and when one sees fit if you feel like you want to know more on a specific topic.
The videos are split into modules that compliment the book material. While there is a lot of overlap between the two, the videos do have a little bit more information the PDF does not cover.
Self-Paced Learning:
You have three months of lab access, but you can extend it if needed.
You can work through the materials at your own pace and start practicing immediately.
The OffSec forums and Discord server are a great place to collaborate with others on any ideas or issues you might want to discuss.
Taking the Exam:
The OSCP exam is a 24-hour practical test that challenges you to apply what you've learned in the labs through compromising various flags on a given machine.
Exam Format:
The exam consists of five machines: Two (2) standalone machines and an Active Directory environment consisting of three (3) machines.
You'll need to obtain a minimum of 70 out of 100 points to pass the exam, with each flag being worth 10 points.
During the exam, you are allowed to reference your lab notes, courseware, and any other materials you've created during your preparation.
Again, effective note-taking is essential for success. Make sure to follow your methodology and document findings thoroughly throughout the exam.
Try Harder:
The OSCP is known for its "Try Harder" motto. You'll need to demonstrate determination, perseverance, and creative problem-solving skills. Stay away from rabbit holes and understand that this is a foundational certification. Keep it simple.
The exam is designed to mimic real-world scenarios, where attackers don't always follow a predictable path. Embrace a hacker's mindset and pose the question: "What do common user errors and bad habits inadvertently expose?" It was during my third attempt that I adopted this mental shift, and I firmly believe it served as the key to passing.
Report Submission:
After successfully compromising the exam machines, you'll need to submit a comprehensive penetration testing report detailing your findings. My final submission report was around fifty (50) pages.
The report format is provided in the courseware, but one has the option to create their own.
Conclusion:
The OSCP is a challenging but highly rewarding certification for entry-level security professionals. It equips you with practical skills and knowledge that are invaluable in the field of cybersecurity. By completing the OSCP certification, you not only prove your technical prowess but also gain the confidence to tackle complex security challenges. The journey might be tough, but the experience and knowledge gained are worth every effort. Beyond mastering the intricacies of Offensive Security, you'll discover a newfound resilience—a steadfast resolve to persevere through adversity, ultimately shaping you into a more formidable and resourceful security professional.
About the Author
Jay Koziol is an Offensive Security Engineer based in the Nashville, TN area. Jay has worked as a Penetration Tester for companies such as Schellman and Anitian, trailblazers in the FedRAMP security assessment space. He is currently working for Triaxiom Security where he specializes in Network Penetration Testing, emulating real-world Techniques, Tactics, and Procedures (TTPs) used by adversarial threats. At present, his focus is in Red Team Development with the aim of ensuring his team remains well-versed and prepared within the dynamic and constantly evolving threat landscape.