Since today, I’ve become OSCP certified!

It’s been a bit quiet here. Too quiet. However, I haven’t been doing nothing

After many months of work and a 24 hour exam, I got this mail today:

Mail from OSCP confirming I've got the certification

I’m super happy to have successfully gotten this certification, and especially to have done it on my first exam attempt! It’s a certificate I’ve worked for way more than any other.

In total I’ve written 175 pages, including the lab report, exam report, and course exercises, but excluding all my notes. I’ve hacked 41 systems in the OSCP lab, including the “big three”, Humble, Pain and (on my last day) Sufferance.

The Exam

In the exam, I was lucky to be in a constant flow. I got the first machine after two hours, and I never really got stuck. Six hours into the exam, I knew I had enough points to succeed. Thrilled, I kept attacking the final system.

This one was tricky. It was good I didn’t start by attacking this one. After three hours of trying all kinds of stuff on it, I found a really tricky way to get user privileges. This worked, however by now it was 1:00. I decided to get some sleep and clear my head.

I actually couldn’t sleep at all though. Frustrated, I got out of bed at 6:00, and continued working on the machine. I had already had an idea for root before I went to bed. I applied it, changing stuff as I was testing the idea. Finally I successfully rooted the system at 7:00.

Later that day I was a zombie writing the report from 12:00 to 00:00. But luckily not for nothing, as two days later I can call myself an Offensive Security Certified Professional. 🙂

Exam Tips

My main tip for anyone trying to get through the OSCP exam is: Try Harder. Haha, just kidding.

Actually, try not to try too hard. One of the things OSCP is about is finding low hanging fruit. If you’re doing things which are excessively complicated, step back and check out the simple stuff first. It’s all about having a simple methodology. What do you do if you find a web server? What do you do if you find an SMB share? Try to be thorough in your research, and actually understand what’s going on on the server. Don’t run exploits unless you have some evidence that they will work (software is present, version number is correct, configuration suits the exploit). Use the lab to continually improve your enumeration methodology. That is the one thing the lab is for.

Future

Now that OSCP is out of the way, I’ll be having more time to do other stuff. Some stuff I want to do is write some OSCP / pentesting tips on this blog. Maybe I’ll also start contributing to some open source projects again.

In the end I did get a bit addicted to the OSCP labs. Maybe I’ll get into HackTheBox to feed that addiction.

But first I think I’ll drink a beer and play some board games.

Thanks

I want to thank my parents and friends for their support, and my employer for giving me enough time to work on OSCP (this helped tremendously). I’d also like to thank a few friends in particular. I was able to stay with them during the day and work on my lab systems. Being able to talk to someone else about what you’re doing, and what’s going wrong, is a great way to keep learning. Also, the coffee is great.