OSCP: Try harder and try smarter!

17 Oct 2020

Hello world! I’ve recently passed the OSCP. In this post I’ll try to share the learning material which helped me pass. Most of these things are not mentioned in the syllabus but turned out to be essential. I collected many bookmarks while preparing for the OSCP but to be honest I only used a fraction of them. So, here are the ones I appreciated the most.

Happy Hacking!

---

Read this before signing up:

• The Journey to Try Harder: TJnull’s Preparation Guide for PWK/OSCP
• Hakluke’s Ultimate OSCP Guide

These two article series will give an overview of what the OSCP is about and if the topics are interesting for you.

• Offensive Security PWK FAQs

Read the section about the Exam.

---

Resources for working in the lab:

• HackTricks

This is my go-to resource when stumbling on a new service. The gitbook is well-structured and holds most of the topics you need in the lab.

• PayloadsAllTheThings

The PayloadsAllTheThings repository has plenty of tips and tricks. Bypassing SQLi payloads, reverse shells, privilege escalation and a lot more.

• Privilege Escalation Awesome Scripts

In my opinion, the one and only script necessary for privilege escalation enumeration.

• gtfobins / lolbas

Linux and Windows binaries to bypass security restrictions.

• windows-kernel-exploits /SecWiki

Pre-compiled kernel exploits for privilege escalation.

---

Practical preparation:

Even though the PWK labs are great, there are many free labs to train your skills.

• Web Security Academy

This is a great training place for all web security related things. For the exam preparation I would suggest doing at least the command injection and SQL injection exercises.

• TryHackMe - Buffer Overflow Prep

The Buffer Overflow are 25 points in the exam. I would really make sure to prepare properly and get these points within a short time. The TryHackMe lab is the perfect place for this. You got more than ten vulnerable binaries where you can improve your skills.

• HackTheBox - OSCP like boxes

I started working on the list after my lab expired. Being able to solve some easy and medium machines is a self-control mechanism to check if you are ready to pass the exam.

---

Knowledge persistence:

• Joplin
• Xmind

One of the most important things while practicing in the lab is taking notes. I started with classical solutions like OneNote and Joplin but these notebooks became a complete mess in no time. Because of this I started using Xmind. With Joplin for taking notes while working on the machines and Xmind for noting every command used I could work most efficiently. Retrospectively, using Xmind and Joplin is a practical example for the separation of concerns.

• OSCP Methodology Mindmap Picture
• OSCP Methodology Mindmap Xmind file

This is the Mindmap I created while preparing for the Exam.

---

Tips and tricks:

• Restart the machine before debugging the exploit!
• Create your own cheatsheet.
• Email proctoring@offensive-security.com a few days before your exam to get a test proctoring session.

---

HackTheBox Status: