Passing the OSCP was one the most difficult professional tasks I’ve ever had to do. It caused a lot of stress in my life and kept me awake at night with nightmares about pinging servers. I wanted to quit more times than once.
I was concerned that I wouldn’t be good enough on test day. I was worried that I wasn’t prepared enough. Or I would panic for hours and get stuck.
But I don’t regret the experience at all. I passed. I’d like to share my preparation for the OSCP, including what worked for me, what I would change, how the lab helped and the additional cybersecurity training resources that I used. Perhaps I can save you some sleepless nights and extra grey hairs.
Pre-Game: What Do you Know?
It is important to plan ahead for the OSCP exam because time is money. OffSec bundles together the Penetration Testing with Kali course and lab access with the OSCP exam fee in one package. The package costs between $800 to $1,500 depending on whether the access is for 30, 60, or ninety days. OffSec states that the course can be done online and is self-paced. However, the clock begins to tick once you have access.
Learn how to become a security expert with SPOTO’s Cybersecurity Training
You should plan ahead before you rush to sign up for the course. Visit OffSec’s OSCP webpage first. They recommend:
You will need to have a solid understanding of TCP/IP, networking, as well as basic Linux skills. A basic understanding of Perl and Python is a plus.
Let’s simplify this: You must know networking. Linux is essential. Although programming may seem like an optional skill, it is essential.
These things can be learned on the spot during your coursework. However, it is better to get some practice before you start the OSCP course. You only have so much time before the course ends. Why not learn some new skills before the clock begins to tick?
Before you touch the OSCP practice labs you need to be proficient in networking, Linux, Bash and Perl.
Here’s how I pre-gamed OSCP.
You will need to know about networking
What are your networking skills? You don’t have to be a full-time engineer or a CCNP. However, you will need to be familiar with the basics such as subnets and ports, DNS, pings and TCP connections.
Although you might need some refresher, I felt confident in what I knew. I have been a network administrator for many years and was A+ and Network+ certified.
How I Learned Linux
However, I knew that Linux skills would be different. I wasn’t so proficient in Bash. A fantastic (and completely free!) resource was Linux Journey. Linux Journey was a great (and free!) resource. It breaks down Linux basics in very small pieces. It covers essential concepts such as permissions, file system, and processes. You’ll quickly see the similarities to Windows, but you will need to be familiar with the details if you want to use the terminal frequently.
After finishing the Linux Journey, Bandit was my next challenge. This set of exercises uses some of the knowledge that you have gained to apply it to a real VM you will SSH into. To get a password for the next level, you’ll need to complete a basic exercise. You’ll learn a lot about manipulating files, as well as some tricks like exploiting the SUID binaries or cron jobs.
Scrappy Scripting
Bash, Perl and/or Python scripting were the final prerequisites after Linux. I did some basic work with Bash and Python scripts. Bash will be covered later in the courseware. There are approximately four million Intro to Python websites. Just pick one that mentions network connections and spend a few hours on it.
You won’t be writing scripts from scratch. Just learn to follow the flow in an existing script and you will be fine.
Next: Start with Virtual Hacking Labs
It’s possible to learn scripting languages, networking, Linux, and networking if you are comfortable.