How to overkill the OSCP+

Welcome to this new post where I am going to talk about how you can overkill the OSCP+. I will drive you through the material that I used and I will give you recommendation that I would have liked to know before I started my preparation.

1. Introduction and Background

1.1 Who am I?

I am David and actually I am Cyber Security Analyst.

1.2 Background

Let’s start this. I will start first talking about my background. I started my journey on this tech world as computer technician repairing laptops, computers, servers and installing networks. I spent doing that 1 year, meanwhile I was studying to get my «Vocational Training in Higher Technician in Computer System Network Management». Once, I finished my studies, I was able to get an internship as System and Network Administrator where I spent almost 5 years. That position helped me to learn a lot of things because basically I did everything not just deal with systems and networks (Startup alert), specially about cyber security.

During that period of time I got my Master’s degree in Cyber Security Management, Ethical Hacking and Offensive Security. Then, I decided that was time to get into a cyber security position. It is when I became «Cyber Security Technician» where basically I was dealing with firewalls, IDS/IPS, DLP softwares, Proxies, Email Security, SIEMs and a lot of things more. To me that period of time was easy because I was familiar with almost everything, because I did the deployment of that kind of solutions when I was System and Network Administrator.

After close to one year I decided to search for a new position because I wanted to challenge my self. Then, I became a Cyber Security Consultant focused on Vulnerability Management. Where I was lucky to learn about how to deal with vulnerabilities on a large infrastructure on a big company.

However, for external reasons and the situation of the company I was forced to look for a change, then I had the wonderful opportunity to work as a Cyber Security Analyst where I improved my analysis skills a lot and that drives me to my actual position where after one year I changed again to a new company where I am still Cyber Security Analyst.

I shoud say that during all the time I was close to Offensive Security, helping the Offensive team and doing my own researching. Also, I was playing on hack the box and try hack me with some machines.

1.3 Why OSCP?

When you are on the Cyber Security field you probably have heard about it. Also, you will know that is a standard if you want to became an Offensive Security professional. In my case, I would say that I always wanted to be more involved on Offensive Security and it is why I got my CAP certification and my eCPPTv2 certification. Then, after that the natural movement would be OSCP and here we are.

1.4 My exam day

Pressure, panic, nervous and anxiety are word that describes my day. Why? Basically, because I failed my first attempt with 0 points but internally I knew that I was prepared to crash the exam this time. Here some recommendations:

  1. The first recommendation I will give you is schedule your exam around 13:00 PM. Then, you will have proper sleep for the next day.
  2. Prepare your breaks and food the day before but be flexible with the times. Sometimes you will be focused and close to find the hint that you need for the next step and we don’t want to break that but ALWAYS TAKE BREAKS!
  3. Water. Keep yourself hydrated and some snacks .
  4. Prepare you environment, your tools, your Kali machine and it’s very important to have some backups of your machine just in case.
  5. Prepare your template report before the exam. You will save a lot of time after the exam.
  6. If you get stuck take a break talk with some friends or family but topics that are not related to the exam. It will help you to start with a fresh mind and point of views.
  7. All these recommendations where really nice to me but the ultimate advice is that you know yourself and when you are really productive. So, adapt the recommendations that you find here and in other blogs to you.

2. How to prepare the OSCP+?

2.1 Material and Exercises

Once, you have access to the material, go through all the course and it is very important that you make notes of everything, even the exercises. I spent here like 3 months:

2.2 Last chapter of the material

The last chapter basically is focused on put all that you have learned during the course together. Don’t be afraid if you need help or follow the write up, just be sure that you are taking notes, updating your check list and improving your methodology.

2.3 Proving Grounds

This is the most important thing to do here. The course material just gives you the basics of everything but the exam is way more complex than basic stuff. I will advice you if you can go through these two lists where you will find multiple platforms where you can find machines OSCP style (the machines are close to the exam environment). One more advice is, don’t be afraid of using write ups to resolve some machines. You can’t do attacks that you don’t know, just learn something new and update your checklist:

Remember, focus on Proving Grounds Practice (click on the image to access NetSecFocus Trophy Room):

Again, remember to focus on Proving Grounds Practice (click on the image to access Lainkusanagi OSCP Like ):

My numbers after going through the machines list:

The most important part the write ups of every single machine I’ve done:

2.4 Challenge labs

Once, you have done the machines that I show you before, then, it will be time to start the challenge labs where you will find:

  1. Secura: You will start warming up with some basic exploitation, Pivoting and Active Directory stuff.
  2. Medtech: Large network where you will front enumeration, Pivoting, Active Directory and basic exploitation.
  3. Relia: Large network where you will front enumeration, Pivoting, Active Directory and basic exploitation but complex.
  4. Skylark: More complex network. I did not complete it.

Here it will be the time to master your pivoting skills with LIGOLO! and remember that if you get stuck you can ask in discord. The OffSec community is always willing to help everyone.

Remember take notes of everything and improve your check list:

2.5 ProLabs – Hack The Box

If the Proving Grounds are the key to pass the OSCP, the ProLabs from Hack The Box are the «put together» section. There is where more I improved and where I mastered my Pivoting, enumeration, Privilege Escalation and Active Directory skills.

Since this post is not for review the ProLabs I will put a basic description of them:

  1. Dante: A simulated corporate network environment that mimics real-world penetration testing engagements. Dante challenges users to explore a large and interconnected network, requiring skills in initial foothold, lateral movement, and privilege escalation (OSCP Style).
  2. Zephyr: Focused on modern web technologies and DevOps, Zephyr presents a cloud-based infrastructure with CI/CD pipelines and containerized environments. It tests your ability to exploit vulnerabilities in cloud configurations, APIs, and web applications.
  3. Offshore: A beginner-friendly corporate network designed to teach the fundamentals of penetration testing. Offshore features a straightforward environment to practice network enumeration, privilege escalation, and pivoting techniques in a structured manner.

Through all the labs it will be the time when you should do lessons learned and improve all your notes/check lists. Remember that if you get stuck you can ask in discord.

2.6 The real deal – Exam Simulations

Now, let’s break the mock exams:

  1. OSCP A
  2. OSCP B
  3. OSCP C

To be honest after going through all the Proving Ground machines listed before and the ProLabs I would say that these three mock exams will be piece of cake.

My advice here is, basically, try to do the mock exams like the real one with time limit. You should be able to do them like in two days taking breaks like 8 hours, then sleep and then the rest of the time. After that, prepare your template and make one report from the mock exams.

You can use these repository to automate the report:

2.7 Prepare you checklists

This is one of the keys for the exam. You can’t remember everything, so, it is necessary to have a checklist or various. Please make your checklists based and make it on your experience. If you use an external one you won’t know why something is there or how some commands work:

  1. Windows Checklist:
    • Initial Enumeration
    • Privilege Escalation
    • Post Exploitation
  2. Linux Checklist:
    • Initial Enumeration
    • Privilege Escalation
    • Post Exploitation
  3. Active Directory Checklist:

2.8 Note taking

As you can see I have my preference for this. I have all my notes on Notion, it’s perfect how it works and how you can organize everything. One of the things that I really likes is that I can link content between pages and how friendly is with the raw code. Just give it a try, you won’t be disappointed:

2.9 Tools

Which tools you will need through this journey. I’ve compiled all the tools that I used here on my github:

2.10 Aliases

One college of mine advice my to use Linux Aliases to automate some task like payload generation, the python web server that we need temporarily sometimes and so on. I have compiled my aliases on my github just in case that you want to take a look. You will need to use them in combination with the Offensive Security Tools Collection:

2.11 Discord communities

To be honest, OffSec community and Hack The Box community are really nice. Sometimes, it takes sometime to get an answer but you always will gate an answer from someone willing to help you. Thank you for that great community that we have created.

In case that you get stuck in some point or you just need to talk with some one about something related to Cyber Security just drop your message.

Final

My final words are:

YOU GOT THIS!


I hope you enjoy the post!

Happy Hacking!

Deja un comentario

Este sitio usa Akismet para reducir el spam. Aprende cómo se procesan los datos de tus comentarios.