Try Harder - The Journey To My OSCP
I tried harder and the effort paid off, I am now officially an Offensive Security Certified Professional (OSCP)
The journey was arduous but well worth it and I learned a TON!
I am lucky enough to work with one OSCP and another friend who was gonig through the labs at the same time as I was. The mentoring I recieved from the current OSCP before even registering for my lab time was invaluable. He gave me a lot of info about the labs and exam, some blogs to read and pay attention to, and some times and how to approach the whole course. What he did not do was give me answers, he really just set me up for success by getting my mind right before I embarked on this journey.
Our current OSCP also recommended that I use Confluence to track my notes and progress through the labs. You can see some of those trials and tribulations here and here. As a platform for note taking and organizing thoughts, there is not a better tool. But be ready to spend some time installing it and managing it before you start your OSCP if you plan to go this route. Or just go the easy route and utilize a cloud instance.
Being able to organize my thoughts this way really helped. I was able to search for things (loot from one place useful in another place) and I was able to format my notes the way that made sense to me. Additionally, with the export functionality in Confluence, the reporting portion of the course was a breeze.
The PDF and accompanying videos were very useful. Some of the material I had seen before and was fairly comfortable with but other parts were definitely new or at the very least a better version of things I had seen before.
Some of the scripts in the text proved to be extremely useful and will definitely be useful outside this course as well. Additionally, the combination of videos and text really helped to drive the points home regardless of what type of learner you are.
Lastly, the exercises were well designed to help me practice the skills I was learning before I was unleashed on the labs.
Although there is no requirement to actually go through the text and do the exercises, I focused on completing the coursework before I even took a look at the lab environment. I think this helped establish a baseline for me. Trying to jump right into the labs would have just confused me.
Never in my life have I had access to such a broad range of hands on targets. Most courses offer a single VM with some vulnerabilities in it. The Penetration Testing With Kali (PWK) course (the course for the OSCP) has more targets than you could ever want and they all test your skills in some way.
Because the labs are remotely accessible I was able to work on them through 2 vacations which really helped with my progress. The free form style of the labs also allowed me to continue progress through the labs even after our first son was born right in the middle of my lab time (he has already gotten his first lesson in penetration testing).
I found quickly that the goal of the labs was not to get every box or to just beat your head against the desk until you figure things out. The forums were a huge resource and really helped me to grasp the concepts that were being taught.
Excitement, being overwhelmed, excitement, despair, excitement, nervousness, excitement, fear. Those are the emotions I felt through my lab time, in order. It was a roller coaster but sticking with it and "trying harder" were the keys to being successful.
As my exam time neared I was fearful that I had not made it far enough in the network to be successful on the exam despite only having 1 target in the primary network that I had yet to conquer.
My exam was set to start at 6AM, I woke up at 5:30, ate breakfast, got the computer ready, and then at 5:57AM this happened...
Needless to say I about crapped my pants. A quick restart and I was up and running again, crossing my fingers that this wouldn't happen again (first time it had happened at all). Then promptly at 6AM...i didn't get the expected exam email. WHAT GIVES!?!?!? It went to my junk folder.
With all that sorted out (whew!) I was ready to start. I started with the easiest box (least points) and had a terrible time figuring that one out and after about 2.5 hours, moved on to another target. I was pretty nervous already at this point. Luckily the next target fell to my assault in about 1.5 hours. From there it was pretty steady until later in the evening when I need just one more box to get enough points to pass.
In the middle of all this my mom texting me and all I saw in the preview was "Grandpa is in the hopstial...". My heart dropped to my stomach, I didn't know what to do. I called Briana into the office and told her to read the message and tell me if I needed to stop my exam. When the text came through I was too nervous and engulfed in what I was doing I didn't want to be distracted unless it was necessary. Luckily it turned out to not be an urgent issue so I continued my exam.
The two remaining boxes both had given me nothing. I decided to go all in on one of the boxes and spend the next 6 or so hours scouring my enumeration results to find what I needed and finally at 1:30AM after 19.5 hours of sitting at the computer, I felt I finally had the points I needed. The last target that I compromised to me was the literal definition of "trying harder". I spent about another hour trying to get the last target but finally gave up and went to bed.
The next morning I went to work on my report. Since I had documented all of my exam work, lab work, and exercise in Confluence, getting my report together only took me a couple hours (most formatting). I went to work with my head held high knowing that if I had not passed the exam it was due to a submission error.
Then after 2.5 days of constantly checking my email, I finally got the notice that I had passed and am now an OSCP.
I had a blast with this course and loved (almost) every moment of it. It was extremely difficult, a total time suck (don't do this in the summer), and I can think of no way that I would have learned more. I am glad and thankful I had supportive family, friends, and work.
For those looking to attempt the OSCP I have these tips:
- Document EVERYTHING you do and find. It will serve you well later.
- Enumerate, Enumerate, Enumerate and know what you are looking at
- If you don't know what something is, that means it could be a vector. Research it and find out how it works.
- When you are hitting a wall, move on and come back later. Sometimes you just need to let your mind relax to see the obvious.
- Use the forums, not as a crutch, but as a learning tool.
- TRY HARDER!