How I Passed the OSCP Exam in 8 Hours
3 min readJul 17, 2023
Not the usual OSCP Tips and Tricks blog with 6 pages long literature on ‘my approach’ or ‘XYZ checklist of things you do and you get your OSCP which you would probably end up skimming in less than a minute. Also, people will tell you what worked out for them but in the end, it’s you and your methodology that you will craft during your OSCP Prep journey.
The exam is no Rocket Science tbh, and I failed my first OSCP attempt but that’s okay, you learn from your mistakes.
Here are my notes: topi.gitbook.io
Here are my two cents on the Exam:
- Ideal preparation path:
Heath Adams PEH course → PG Play → PG Practice → PWK Exercises (Highly recommended 10 points) → PWK Labs (In Total around 80 to 100 machines is more than enough)
Pro Tip: Do not get lost in the loop of HTB and TJ Null’s playlist, those are overkill for the exam in my opinion. PWK’s content is enough to pass the exam. - Book the exam first thing, because if you are thinking you will book the exam when you feel ready? it’s never gonna happen, you will never feel 100% ready and keep procrastinating.
- Find yourself a study partner on the discord groups or Reddit. It’s a lot easier that way because you both keep pushing each other. Study groups and Study partners would be my highest highest highest highest¹⁰ recommendation.
- It’s okay to look at hints and learn the attack vector but if you make that a habit, you will suffer in the exam 100% sure. When they say “Try Harder” They mean “Try harder researching”. Everything is out there, you want to Google Everything and Every keyword; Literally everything; For example: If I see an xyz CMS service running. My next step is: Google xyz htb, xyz hack the box, xyz poc, xyz exploit, xyz version x.x vulnerabilities, xyz github.
- Know all different file transfer methods (This is the most most most most⁵⁰ important of all), can’t emphasize enough on this one. Learn how to pivot using Chisel — Most important in AD Network.
- Takes notes of every single command, every single thing you see or learn. Keep a backup of a Kali machine and your OSCP notes handy before the exam.
- Always always always, Enumerate once you get the initial. believe me or not 70% of the time, the intended priv esc vector is a file in the D³ folder. I call it the Documents, Downloads, and Desktop folder.
- Refer to notes for common pitfalls
- One of my favorite Trio I like to run on the Active Directory network is MKW → Which is Running Mimikatz + Kerberoasting + Winpeas every time so that I do not miss any juicy vector.
- Lowkey tip: Always try to listen for shell callback on a port that’s open on the Victim machine.
- Common advice yet powerful: Take breaks, Very Very important. Fresh eyes always help.
- Remember Remember Remember: If you can’t find anything and you feel you have explored all the vectors, Try one more time looking at it from a kid’s perspective. KEEP IT SIMPLE as much as you can and you would be shocked to find juicy content.
- You do know that you can revisit the offsec course in mid of exam too right? just putting it out there. And also that you can use Metasploit once if nothing comes through with any other methods.
- topi.gitbook.io should be more than enough for your reference look-up notes.
- OSCP Mock A,B,C are probably closest to the real exam.
Feel free to hit me up on LinkedIn, if you have any questions or concerns.