Offensive Security Certified Professional (OSCP) is a foundational course of Offensive Security. This post is for the target audience who are unsure about enrolling for OSCP certfication, guidance for OSCP preparation, a dedicated schedule to prerpare for OSCP (Yes! even for newbies)
Speaking about my OSCP journey, I received my OSCP certificate in November 2019 and I was able to clear it in my second attempt. A lot of miscalculaltions, improper time management, inadequate pentesting environment lead me to failure as well as success. Not only OSCP helped me in honing my Pentesting Skills but also attributes such time-management, never-give up attitude and most importantly, PATIENCE.
A person planning to enroll OSCP needs to have a lot of patience as at times (ALMOST EVERY TIME!), you get stuck, confused and reach a dead-end while practicing machines. Just like in school/college days, when get stuck in solving mathematical problem and the only person to look for are our professors (Kidding, your best friend always has the solution;P). My role would be something similar like a professor/friend to help you schedule and prepare for OSCP certification.
Enough about my part, getting to the main part i.e OSCP Guidance and Schedule. But before that, let us cover few introductory sections.
1)Certification Process: Virtual labs are assigned to you once you have bought the labs package to practice your skills and once the period is completed, you are asked to set a date for examination. The OSCP exam is 24-hour time limit and consists of a hands-on penetration test in Offensive Security’s isolated VPN network with a procture monitoring your work throughout the examination. You’ll receive the connection pages few minutes prior the examination which you have no prior knowledge or exposure. Post the exam, 24-hour time is alloted to for creaating and submitting the report.
2)Labs: Virtual labs are a dedicated lab consisting of a network of machines where one can practice/hone their pentesting skills. One can access these labs with the help VPN connectivity provided once you have paid for labs and time-frame of the labs depends upon the package you have dediced.
Below is my 3 months journey of OSCP preparation. I segregated into 3 parts as follows:
Pre-Enrollment Phase
Prior enrolling for OSCP, I had decided to clear out the very basic of Pentesting. In order to acheive that, I focused on the following things
-
Linux Basics (Temrinal command usage): One needs to have a good hands on experience on
Linux operating system. To get familiar with the commands and working of Kali linux, I practiced challenges provided over Bandit Overthewire. There are a total of34 levelsand I set a deadline of7 daysto finish. This will not only help you to make you familiar with terminal commands but also help one to learn security concepts. -
Basics of CTF: Once done with the above, I decided to understand the structure of
CTFand how different scenarios and exploit environment are developed for CTF players. This step will make you understand the CTF environment. I was able to get a list of machines from my colleague Pratik Jadhav. Following is the list of machines I solved before enrolling for OSCP:
List
| Sr.No | Machines |
|---|---|
| 1 | hackfest series -> hackfest2016 : Quaoar,hackfest2016 : Sedna and hackfest2016 : Orcus |
| 2 | Kioptrix Series |
| 3 | SkyDog Series: Skydog, Skydog 2016 |
| 4 | billu box |
| 5 | sickos:Series 1 and 2 |
| 6 | Fristileak |
| 7 | droopy |
| 8 | Milnet |
| 9 | Necromance |
| 10 | Troll 1 |
| 11 | Acid Series: Server & Reloaded |
| 12 | Lord of the root |
| 13 | Sokar and Pwnlab machines |
| 14 | Darknet |
| 15 | DonkyDocker |
| 16 | Mr ROBOT -> Easy to Medium |
| 17 | Minotaur - > Medium |
| 18 | pipe machine |
| 19 | Zico machine. Great Machine |
| 20 | LazySysAdmin |
| 21 | covfefe |
| 22 | hBreach Series:Breach 1 and Breach 2 and Breach 3 |
Out of the above, I was able to understand and solve 10-12 machines. The entire step took around 13 days to conclude.
Post-Enrollment Phase
Once you have thoroughly followed the steps in Pre-Enrollment Phase, I can assure you are ready to enroll for OSCP labs. I followed the above and purchased OSCP labs (60 days).
On purchasing the labs, you get a buffer of a week or so before the lab access gets started. As walkthroughs of machines mentioned in Pre-Enrollment Phase were available online, to test my pentesting knowledge, I started solving HackTheBox machines. I was able to solve 2-3 easy machines during the buffer period (Without any hint).
Once the labs access is started, you get study materials with respect to OSCP (pdf and videos). I highly recommend you’all to finish the pdf/videos as soon as possible. I mostly finished the study material during my fillers time. For instance, I read the study material while traveling, lunch, coffee breaks and more. This not only helped me to understand the core of approach but strengthen the basic.
In the 60 days of access, I was able to solve around 35 machines. In the given period of time, I would ask the ones appearing for OSCP to solve atleast 30 machines.
Pre-Examination Phase
Once the Lab access is over, make sure you set an exam date atleast 14 days post to expiration of lab access. Exam date can be selected anytime once the lab access is provided.
As mentioned above, I got a buffer of 14 days post lab access expired. During this phase, the very first thing I practiced Buffer OverFlow. There are lot of online open sources softwares where one can practice Buffer OverFlow.
Following is the list of software to practive Buffer OverFlow
- Slmail
- Floatftp
- Pcftp
- Minishare
Concept of Buffer OverFlow with good hands-on will take 3-4 days.
Post Buffer Overflow, we can again continue solving the remainder machines which were listed in the Pre-Enrollment Phase. Along with that we can make notes of all possible methods/steps discovered by you while practing lab machines.
Summary
| Phase | Topic | Timeline (Days) |
|---|---|---|
| Pre-Enrollment | Linux Basics | 7 |
| Basics of CTF (10-12 machines) | 13 | |
| Post-Enrollment | HackTheBox Machines (2-3 easy machines without hint) | 7 |
| Lab notes (full) + Lab Machines | 7 | |
| Lab Machines | 53 (60-7) | |
| Pre-Examination | Buffer Overflow | 2 |
| Remainder Machines | 6 | |
| Notes + Revision + Attacking Machine Through Setup | 2 | |
| Total | 94 |
It is roughly going to take 3 months of preparation and appearing for OSCP certification. Candidates following these schedule are requested to sincerly follow the TimeTable given above. For any doubts/queries, you can contact me from About-Me
Apart from the above steps, I recommend you’all to watch one video per day of Ippsec
I dedicate my certificate and this post to my mentor, Vijay Kumar who introducted me to Pentesting, CTF platform, Pradnya Patil for supporting and solving all the doubts I have had throughout my journey and Avadhut Bambarkar for guiding me for examination and suggestions.