This article provides insights of the OffSec OSCP certification exam with AD preparation. This covers the following:
- OSCP Exam Changes
- OSCP Exam Preparation
- OSCP Exam Tips
- OSCP Exam Scheduling
- Exam Logistics & Proctoring
- During the Exam
- Post Exam
- Additional Resources
Video Presentation
OSCP Exam Changes
OSCP Exam Structure
10 Bonus Points Requirements
Please visit our OSCP Exam Guide for the bonus points requirements.
Approaching the Exam
Attempt Active Directory
- AD gives you 40 points. You can be flexible on how to get the 30 points:
- AD + 1 stand-alone + lab report
- AD + 2 stand-alone machines
- AD + 1 stand-alone machine + partial points
- You must get all 3 AD machines, no partial points are awarded for this challenge.
Stand-Alone Machines along w/ Bonus Points
- Skip AD and focus on the 3 stand-alone machines w/ bonus points
- No room for error, as this gives a maximum of 70 points.
OSCP Exam Preparation
Study Approach
Go over course materials for each module
- Read PDF and watch videos
- Practice the course lessons with your client and lab machines
- Take notes!
Complete exercises for each module
- Complete Topic Exercises
- Document your PDF exercises*
- Complete the Capstone exercises
Start exploiting labs!
- Exploit lab challenges
- Create a lab report
- Simulate a practice exam
Course Materials & Exercises
- The course materials and exercises are not a waste of lab time!
- Builds solid understanding of the fundamental concepts and techniques.
- Your assigned machines are extremely valuable.
- Allows you to directly observe attacks on your machine.
- Gives you a user/admin perspective to better understand the target.
- The Windows Client and Server are a mini-AD environment.
- Exercises are great for practicing and for bonus points on the exam.
- Complete the Topic Exercises & PDF Exercises.
- Try the Extra Miles.
Start Exploiting the Labs!
- Build your methodology using the walkthroughs.
- Complete Module 24: Assembling the Pieces to understand the techniques, methodology, and thought process used to exploit a target.
- Refine and practice your methodology in the Challenge Labs.
Find and Exploit AD Lab Machines
- Post-exploitation is as important as initial enumeration.
- Unlike stand-alone machines, AD needs post-exploitation.
- Practice by finding dependencies between AD lab machines.
Practice, Practice, Practice!
Practice as many machines as you can on all 6 challenge labs.
- Try to exploit a machine using multiple approaches and/or techniques.
- Re-do exercises and lab machines that presented challenges.
- Avoid relying on hints and walk throughs.
Lab Machines Key to Success
Higher exam pass rate with >50 lab machines completed
Simulate a Practice Exam Environment
- Challenge 4 (OSCP A), 5 (OSCP B) , and 6 (OSCP C) emulate the OSCP exam environment
- If you have already finished all AD sets, redo it without looking at notes.
- Practice your report writing skills after exploiting machines
- Repeat the exam environment to build confidence.
- Familiarity with time constraints will help you stay calm and centered.
- Remember, the exam is just another day in the labs.
Time Management
Avoid rabbit holes
- Set a timer per machine:
- I.e. 2-3 hours per stand-alone machine and 4 hours for the AD set.
- The 4 hours can be broken down for each AD machine.
- After getting a shell, allot another two hours for privilege escalation.
- If time runs out, move on. It’s easy to get lost in troubleshooting.
- Working on a different machine or taking a break lets you to come back with a fresh perspective.
Schedule your breaks
- The 24 hours is not just for hacking machines.
- Schedule time for breaks, eating, and sleeping.
- Stick to your schedule. Fatigue and hunger will slow you down.
- Take a step back or a short break after your 2-3 hour allotted machine time.
Don’t Panic
- There is more than enough time to finish the exam.
- If you need to work for 24 hours, you need more preparation.
Reporting
- Document your exercises and lab report with the exam report requirements.
- This will be good practice for writing your exam report.
- This will also help give you bonus points during the exam.
- Prepare a report template prior to your exam.
- Updated lab & exam report template: PEN-200 Reporting Requirements.
- The template gives you a direction on what to document.
OSCP Exam Tips
Read the Exam Control Panel
- Read the instructions for each machine before you start.
- It will give you an idea on the structure of the AD set.
- It will be evident if there is a buffer overflow machine assigned to you.
- Plan based on the objectives outlined in your Control Panel.
- Identify whether you will start with AD set or stand-alone machines.
- Format your report template in line with the requirements of each machine.
Enumeration Tips
Initial Enumeration
- Perform light scans on your targets.
- E.g. scan for 10 common ports on your exam machines.
- Manually interact with services found while waiting for thorough and longer scans.
Enumerate carefully
- Avoid heavy scans on multiple targets.
- Revert machines after running unsafe scans.
- Re-run scans to ensure all information are correct. Scans can be inaccurate.
- Use various tools to verify scan outputs.
Enumeration is a cyclical approach
- After gaining new access, enumerate again in the context of your new privileges.
- If you gain login access to a webpage, enumerate the webapp as that user
- If you gain domain user access to a machine, enumerate the domain as that user.
- This concept often overlooked.
- Learners tend to stop enumerating after getting a shell/root access.
Exploitation Tips
Make sure to read exploits prior to using them.
- Do you need to set up files or permissions prior to running the exploit?
- Do you need to modify the exploit to match your target?
Check multiple exploits for the same vulnerability.
- Exploits may use different methods to exploit vulnerabilities.
- Some exploits might be compatible/incompatible with your target.
Active Directory Tips
AD Enumeration
- AD initial enumeration and exploitation is similar to stand-alone machines.
- Identify machine’s role (DC/client) and the services present.
- Identify the initial target into the domain (the low-hanging fruit).
AD Exploitation
- Have a cheatsheet of AD commands.
- Be thorough for enumeration, exploitation, and post exploitation.
- Do not ignore standard enumeration, check applications and non-AD related services.
- Try using information you obtained on multiple domain machines
Document & Backup!
- Document all commands, outputs, scripts, and code you use.
- Use terminal loggers to automatically log all commands and outputs in your shell.
- Take snapshots and backups of your work.
- Ongoing documentation saves time from rerunning any commands if you need the outputs again.
OSCP Exam Scheduling
Schedule your Exam
- Schedule your exam several weeks prior.
- We recommend at least 3 weeks before the desired date.
- You can reschedule your exam up to 3 times.
- You can reschedule your exam up to 48 hours prior to exam start time.
- Be mindful of the time and timezone (e.g., GMT).
- If you do not arrive within 1 hour of your exam start time, your exam will be cancelled.
Exam Confirmation Email
“Penetration Testing with Kali Linux - Proctored Certification Exam Confirmation - OS-XXXX” email contains:
- How to start the exam and login to the proctoring tool.
- Technical requirements to take the proctored exam.
- Exam proctoring rules.
- Instructions on how to submit your exam report.
Exam Logistics & Proctoring
Exam Logistics
- Identify where you intend to take the exam.
- Check government cybersecurity laws. Some countries have strict firewall restrictions.
- Prepare backup Internet connection in case of emergencies.
- Check for scheduled power outages in your area.
- Prepare food and snacks for the 24 hour exam.
- Water is critical, remain hydrated.
- If other people will be in the room during the exam, inform them regarding the exam protocol.
Proctoring Requirements
Technical Requirements
- Proctoring technical requirements are outlined here.
- Schedule a test session if you are using a Linux variant.
ID requirements
- Valid government-issued ID in english.
- Contains your full name, photo, birthdate, country, issue and expiry date.
- Prepare a scanned copy in case your ID is not clear in the camera.
Mentally Prepare Yourself
- Be confident in the preparation you completed.
- Remember, the exam is just another day in the labs.
- Be calm and avoid worrying about the exam.
- Try eating out or going to the gym (activities that relax your mind).
- Be healthy.
- Get plenty of sleep and rest, stay hydrated.
During the Exam
Proctoring Process
Proctoring process can start 15 minutes before your exam time.
Log in to the proctoring tool with your credentials.
Overcoming Stress & Anxiety
- If you are panicking, take a moment to stop and collect yourself.
- Do activities that calm you like meditating or taking a walk.
- Stick to your time schedule.
- As long as there is time, keep working.
- Many learners finish exams in buzzer beaters.
- It’s ok if you don’t do well.
- Many OffSec employees had multiple attempts.
- You will also learn and gain the exam experience.
Before Ending the Exam
- Double check the exam requirements.
- Review and finalize all of your notes.
- Make sure you have captured all the necessary screenshots and proofs.
- If you have the time, re-exploit machines after a revert.
- Ensures your steps results are correct.
- Double check proofs and screenshots are correct.
Contact Protocol
- For connectivity issues & issues with machines, contact us immediately.
- OffSec Student Mentors (SMs) will not assist with exam objectives.
- However, reach out if you feel overwhelmed or need a sounding board.
Post Exam
Writing your Report
- Get sleep & refresh your mind.
- You have 24 hours for the report, there is time to rest.
- Take the time to write a detailed report.
- The report is important, it is the product you are delivering to the client.
- It should be organized, professional and will be clearly understood.
- Proofread your report.
- Double check if the necessary screenshots and proof files are present and correct.
- We do not accept changes or updates to submitted reports.
Upload Login Page
Upload Report Page
Double Check the MD5 Hash
- After uploading your report, upload.offsec.com will provide the MD5 hash of your report.
- Compare MD5 hash of the uploaded file with your local copy.
- If the values do not match, your file did not upload successfully.
Additional Resources
OSCP Exam Resources
- What to Expect From the New OSCP Exam
- OSCP Exam Change
- PEN-200 Reporting Requirements
- OSCP Exam Guide
- Important information about exam scheduling in the Learning Library
- Proctoring Tool Learner Manual
Support Channels
What Do You Need? | Learners |
Exam scheduling | orders@offensive-security.com |
Proctoring | proctoring@offensive-security.com |
VPN connectivity issues | https://chat.offensive-security.com/ or email help@offensive-security.com |
Exam machine testing | |
Non-technical exam related inquiry | challenges@offensive-security.com |