Among cybersecurity certifications, none has the prestige and reputation for offensive excellence as the Offensive Security Certified Professional cert, or OSCP. The legendary difficulty and unforgiving nature of the OSCP exam has lent it something of an icon status. It’s the proof that a hacker has indisputable skill and, perhaps more importantly, work ethic.
But the OSCP exam is not cheap, and most people fail their first attempt. Thus, we’ve written this study guide to help aspiring exam-takers follow a path that will lead you to success. It won’t ever be easy, but with the right resources and mentality, you will make it.
How the OSCP exam works
When you pay for the OSCP exam, you get access to a virtual lab environment with boxes you can practice on, and ample study material to help you prepare. Your access to this material lasts for 90 days. After 90 days, you lose access to the labs, and have 120 days to take the exam itself. The exam is remote, you take it from home, and you have 23 hours and 40 minutes. During that time, you will use a Kali Linux virtual machine to access the exam.
Within that time frame, you will be given access to 5 boxes. Each box is worth a certain amount of points, based on its difficulty. After you’ve won sufficient points, you write and submit a writeup. There also need to include screenshots of the process, which you will use in your writeup. They take this very seriously – if you don’t include the screenshots, you will fail.
Of course, all of this is explained in the materials they give you. And yet, the web is replete with stories of hackers who failed their OSCP for leaving out screenshots, or not sending a proper report. As always, the key to any exam is to read and follow the instructions.
So the structure of the test itself is straightforward and simple. If you can follow instructions, you needn’t worry to much about this. What really matters is how you prepare, so let’s focus on that.
Hands-on OSCP exam training
When planning to train for the OSCP exam, the first and best resource you should turn to is the fantastic PWK (Pentesting With Kali Linux) course that you receive after you pay for the exam itself. You can actually read the first few modules for free by visiting the official site: PEN-200: Penetration Testing with Kali Linux.
That same course also includes interactive labs and learning materials! The lab environment is fantastic and you should spend a lot of time there, using these resources primarily. Other resources, like CTFs, should be a backup for variety and if you run out of boxes in the official PWK lab.
Of course, you don’t want to put all your eggs in one basket. Some test takers have complained that the real test is much harder than the boxes in the lab. That’s why you should also spend some time playing CTFs. But not all CTFs are created equal – so let’s look at some challenges that the pentesting community widely holds to be similar to boxes in the OSCP exam.
There’s actually a community maintained list of CTF games that are very similar to OSCP boxes, which you can find here: https://docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview#
While those are great, you should also devote a lot of time to absolutely mastering memory exploitation. Here’s a guide to do so, specifically focusing on the OSCP: https://boschko.ca/braindead-buffer-overflow-guide-to-pass-the-oscp-blindfolded/
Exam tactics and tips
Even with all the hands-on practice in the world, it can’t hurt to have some extra tricks to increase your chances.
If you want to have an easier time getting points to pass, practice memory exploitation techniques. Because on the exam, there is always one box that requires memory exploitation. Usually it will be quite a simple exploit. However, this kind of hacking is a rarer skill now days, and many hackers neglect it. If you get really good at this, you’ll be able to quickly own the box that gives the most points!
Per the rules of the exam, you can only use Metasploit on one of the five boxes. You get to choose which, but choose wisely. Once you’ve used it, you won’t be able to use it on the other boxes! It can be a lifesaver if you’ve figured out how a box is vulnerable but are stuck devising a proper exploit. Besides, Metasploit is a fantastic pentesting tool that you should learn even if you weren’t preparing for the OSCP!
So-called “rabbit holes” are also a big factor when it comes to succeeding during the OSCP exam. Essentially, rabbit holes look like promising ways to exploit a system, but really are only there to distract you and waste your time. These might be suspicious files, APIs, or some other resource that seems to be relevant, but simply isn’t.
Honestly, the best way to develop a good eye for rabbit holes is to play CTF games, which is where the term comes from.
Further reading
Hopefully, you now have a good idea of what the OSCP exam expects of you and how you can effectively prepare, as well as some tips for gaining a small edge. Still, learning should always come from diverse sources. We recommend reading blog posts and writeups from other hackers who’ve taken the exam, to give you some perspective.
First, here are some classic posts written by hackers after spending many grueling months studying, and then finally passing the OSCP exam:
- My OSCP Course/Exam Review, A 14/15 year olds perspective
- Hacking the OSCP: If at first you don’t succeed…
- My OSCP Journey — A Review
- I passed OSCP!
- My OSCP experience
- How I Passed the OSCP on My First Try
- My OSCP Experience
Of course, it’s also worth learning about what can go wrong. For that reason, let’s take a look at even more writeups. But these ones were written by hackers after failing the OSCP exam:
- My First OSCP Exam Attempt
- Not Another OSCP Blog
- I failed OSCP 5 times
- I took my first attempt at the OSCP, failed, and it was freakin awesome
- Failing the OSCP Challenge
- How I effed around and found out
I know, it’s a lot to read! But OSCP is not like other exams. It requires a dedication that some might call heroic.
Studying for the OSCP is intimidating, but don’t fret too much about coming up with a flawless study plan. Instead, spend your time in the labs, on CTFs, and practicing the skills that will count during the exam. It’s not perfect plans that will you there, but hard work, willpower, and unfailing personal discipline.
Leave a Reply