This article provides insights into the OffSec OSCP certification exam with AD preparation. This covers the following:
- OSCP Exam Changes
- OSCP Exam Preparation
- OSCP Exam Tips
- OSCP Exam Scheduling
- Exam Logistics & Proctoring
- During the Exam
- Post Exam
- Additional Resources
Video Presentation
OSCP Exam Changes
OSCP Exam Structure
10 Bonus Points Requirements
Please visit our OSCP Exam Guide for the bonus points requirements.
Approaching the Exam
Attempt Active Directory
- AD gives you 40 points. You can be flexible on how to get the 30 points:
- AD + 1 stand-alone + Bonus points
- AD + 2 stand-alone machines
- AD + 1 stand-alone machine + partial points
- You must get all 3 AD machines. No partial points are awarded for this challenge.
Stand-Alone Machines along w/ Bonus Points
- Skip AD and focus on the 3 stand-alone machines w/ bonus points
- No room for error, as this gives a maximum of 70 points.
OSCP Exam Preparation
Study Approach
Go over the course materials for each module
- Read topic modules and watch the videos
- Hands-on Practice with the course lessons with your client and lab machines
- Take notes!
Complete exercises for each module
- Complete Topic Exercises
- Complete the Capstone exercises
Start exploiting labs!
- Exploit lab challenges
- Simulate a practice exam
Course Materials & Exercises
- The course materials and topic exercises are not a waste of Lab time!
- Builds a solid understanding of the fundamental concepts and techniques.
- The Challenges Lab
- Allows you to directly observe attacks on your machine.
- Gives you a user/admin perspective to better understand the target.
- The Windows Client and Server are a mini-AD environment.
- Accurately simulates the exam conditions and ideal practice for the exam.
- Topic exercises are great for practicing and for bonus points on the exam.
- Complete the Topic Exercises.
- Try the Extra Miles.
Start Exploiting the Labs!
- Build your methodology using the walkthroughs.
- Complete Module 24: Assembling the Pieces to understand the techniques, methodology, and thought process used to exploit a target.
- Refine and practice your methodology in the Challenge Labs.
Find and Exploit AD Lab Machines
- Post-exploitation is as important as initial enumeration.
- Unlike stand-alone machines, AD needs post-exploitation.
- Practice by finding dependencies between AD lab machines.
Practice, Practice, Practice!
Practice as many machines as you can on all 6 challenge labs.
- Try to exploit a machine using multiple approaches and/or techniques.
- Revisit challenges and exercises that were challenging or presented difficulties.
- Avoid relying on hints and walk-throughs.
Lab Machines Key to Success
Higher exam pass rate with >50 lab machines completed
Simulate a Practice Exam Environment
- Challenge 4 (OSCP A), 5 (OSCP B), and 6 (OSCP C) emulate the OSCP exam environment.
- If you have already finished all AD sets, redo it without looking at the notes.
- Practice your report-writing skills after exploiting machines.
- Repeat the exam environment to build confidence.
- Familiarity with time constraints will help you stay calm and centered.
- Remember, the exam is just another day in the labs.
Time Management
Avoid rabbit holes
- Set a timer per machine:
- I.e., 2-3 hours per stand-alone machine and 4 hours for the AD set.
- The 4 hours can be broken down for each AD machine.
- After getting a shell, allot another two hours for privilege escalation.
- If time runs out, move on. It's easy to get lost in troubleshooting.
- Working on a different machine or taking a break lets you come back with a fresh perspective.
Schedule your breaks
- The 24 hours is not just for hacking machines.
- Schedule time for breaks, eating, and sleeping.
- Stick to your schedule. Fatigue and hunger will slow you down.
- Take a step back or a short break after your 2-3 hour allotted machine time.
Don't Panic
- There is more than enough time to finish the exam.
- If you need to work for 24 hours, you need more preparation.
Reporting
- Keep a record of your journey through the PEN-200 challenges.
- Recommended practice for writing your exam report.
- Prepare a report template prior to your exam.
- Updated exam report template: PEN-200 Reporting Requirements.
- The template gives you a direction on what to document.
OSCP Exam Tips
Read the Exam Control Panel
- Read the instructions for each machine before you start.
- It will give you an idea of the structure of the AD set.
- Plan based on the objectives outlined in your Control Panel.
- Identify whether you will start with an AD set or stand-alone machines.
- Format your report template in line with the requirements of each machine.
Enumeration Tips
Initial Enumeration
- Perform light scans on your targets.
- E.g., scan for ten common ports on your exam machines.
- Manually interact with services found while waiting for thorough and longer scans.
Enumerate carefully
- Avoid heavy scans on multiple targets.
- Revert machines after running unsafe scans.
- Re-run scans to ensure all information are correct. Scans can be inaccurate.
- Use various tools to verify scan outputs.
Enumeration is a cyclical approach
- After gaining new access, enumerate again in the context of your new privileges.
- If you gain login access to a webpage, enumerate the webapp as that user
- If you gain domain user access to a machine, enumerate the domain as that user.
- This concept is often overlooked.
- Learners tend to stop enumerating after getting a shell/root access.
Exploitation Tips
Make sure to read exploits prior to using them.
- Do you need to set up files or permissions prior to running the exploit?
- Do you need to modify the exploit to match your target?
Check multiple exploits for the same vulnerability.
- Exploits may use different methods to exploit vulnerabilities.
- Some exploits might be compatible/incompatible with your target.
Active Directory Tips
AD Enumeration
- AD initial enumeration and exploitation is similar to stand-alone machines.
- Identify the machine's role (DC/client) and the services present.
- Identify the initial target into the domain (the low-hanging fruit).
AD Exploitation
- Have a cheatsheet of AD commands.
- Be thorough for enumeration, exploitation, and post-exploitation.
- Do not ignore standard enumeration; check applications and non-AD-related services.
- Try using the information you obtained on multiple domain machines.
Document & Backup!
- Document all commands, outputs, scripts, and code you use.
- Use terminal loggers to automatically log all commands and outputs in your shell.
- Take snapshots and backups of your work.
- Ongoing documentation saves time from rerunning any commands if you need the outputs again.
OSCP Exam Scheduling
Schedule your Exam
- Schedule your exam several weeks prior.
- We recommend at least three weeks before the desired date.
- You can reschedule your exam up to 3 times.
- You can reschedule your exam up to 48 hours before exam start time.
- Be mindful of the time and timezone (e.g., GMT).
- If you do not arrive within 1 hour of your exam start time, your exam will be canceled.
Exam Confirmation Email
“Penetration Testing with Kali Linux - Proctored Certification Exam Confirmation - OS-XXXX” email contains:
- How to start the exam and login to the proctoring tool.
- Technical requirements to take the proctored exam.
- Exam proctoring rules.
- Instructions on how to submit your exam report.
Exam Logistics & Proctoring
Exam Logistics
- Identify where you intend to take the exam.
- Check government cybersecurity laws. Some countries have strict firewall restrictions.
- Prepare a backup Internet connection in case of emergencies.
- Check for scheduled power outages in your area.
- Prepare food and snacks for the 24-hour exam.
- Water is critical; remain hydrated.
- If other people will be in the room during the exam, inform them regarding the exam protocol.
Proctoring Requirements
Technical Requirements
- Proctoring technical requirements are outlined here.
- Schedule a test session if you are using a Linux variant.
ID requirements
- Valid government-issued ID in English.
- Contains your full name, photo, birthdate, country, issue, and expiry date.
- Prepare a scanned copy in case your ID is not clear in the camera.
Mentally Prepare Yourself
- Be confident in the preparation you completed.
- Remember, the exam is just another day in the labs.
- Be calm and avoid worrying about the exam.
- Try eating out or going to the gym (activities that relax your mind).
- Be healthy.
- Get plenty of sleep and rest, stay hydrated.
During the Exam
Proctoring Process
Proctoring process can start 15 minutes before your exam time.
Log in to the proctoring tool with your credentials.
Overcoming Stress & Anxiety
- If you are panicking, take a moment to stop and collect yourself.
- Do activities that calm you, like meditating or taking a walk.
- Stick to your time schedule.
- As long as there is time, keep working.
- Many learners finish exams in buzzer beaters.
- It's ok if you don't do well.
- Many OffSec employees had multiple attempts.
- You will also learn and gain the exam experience.
Before Ending the Exam
- Double-check the exam requirements.
- Review and finalize all of your notes.
- Make sure you have captured all the necessary screenshots and proofs.
- If you have the time, re-exploit machines after a revert.
- Ensures your steps results are correct.
- Double check proofs and screenshots are correct.
Contact Protocol
- For exam machine or connectivity related issues please inform the proctoring team immediately via the exam live chat.
- OffSec Student Mentors (SMs) will not assist with exam objectives.
- However, reach out if you feel overwhelmed or need a sounding board.
Post Exam
Writing your Report
- Get sleep & refresh your mind.
- You have 24 hours for the report; there is time to rest.
- Take the time to write a detailed report.
- The report is important; it is the product you deliver to the client.
- It should be organized, professional, and will be clearly understood.
- Proofread your report.
- Double-check if the necessary screenshots and proof files are present and correct.
- We do not accept changes or updates to submitted reports.
Upload Login Page
Upload Report Page
Double Check the MD5 Hash
- After uploading your report, upload.offsec.com will provide the MD5 hash of your report.
- Compare MD5 hash of the uploaded file with your local copy.
- If the values do not match, your file did not upload successfully.
Additional Resources
OSCP Exam Resources
- What to Expect From the New OSCP Exam
- OSCP Exam Change
- PEN-200 Reporting Requirements
- OSCP Exam Guide
- Important information about exam scheduling in the Learning Library
- Proctoring Tool Learner Manual
Support Channels
What Do You Need? | Learners |
Exam scheduling | orders@offsec.com |
Proctoring | proctoring@offsec.com |
VPN connectivity issues | Inform the proctor via the exam live chat |
Exam machine testing | |
Non-technical exam-related inquiry | challenges@offsec.com |