This article provides insights into the OffSec OSCP certification exam with AD preparation. This covers the following:
- OSCP Exam Changes
- OSCP Exam Preparation
- OSCP Exam Tips
- OSCP Exam Scheduling
- Exam Logistics & Proctoring
- During the Exam
- Post Exam
- Additional Resources
OSCP Exam Structure
POINTS | NUMBER OF MACHINES | NOTES |
60 points |
3 independent targets |
- 2-step targets (low and high privileges) - 20 points per machine
|
40 points |
2 clients 1 domain controller |
|
Approaching the Exam
Exam Structure
- 3 stand-alone machines (60 points in total)
- 20 points per machine
- 10 points for initial access
- 10 points for privilege escalation
- 20 points per machine
- 1 Active Directory (AD) set containing 3 machines (40 points in total)
- For the Active Directory exam set, learners will be provided with a username and password, simulating a breach scenario.
- 10 points for machine #1
- 10 points for machine #2
- 20 points for machine #3
- Possible scenarios to pass the exam (70/100 to pass)
- 40 points AD + 3 local.txt flags (70 points)
- 40 points AD + 2 local.txt flags + 1 proof.txt flag (70 points)
- 20 points AD + 3 local.txt flags + 2 proof.txt flag (70 points)
- 10 points AD + 3 fully completed stand-alone machines (70 points)
OSCP Exam Preparation
Study Approach
Go over the course materials for each module
- Read the modules and watch the videos
- Hands-on Practice with the course lessons with your module labs
- Take notes!
Complete exercises for each module
- Complete Module Labs
- Complete the Capstone labs
Start exploiting labs!
- Exploit lab challenges
- Simulate a practice exam
Course Materials & Labs
-
The course materials and module labs are not a waste of time!
- Builds a solid understanding of the fundamental concepts and techniques.
-
The Challenges Lab
- Allows you to directly observe attacks on your machine.
- Gives you a user/admin perspective to better understand the target.
- The Windows Client and Server are a mini-AD environment.
- Accurately simulate the exam conditions and ideal practice for the exam.
-
Topic labs are great for practicing.
- Complete the Module and Capstone Labs.
Start Exploiting the Challenge Labs!
-
Build your methodology using the walkthroughs.
- Complete Module 24: Assembling the Pieces to understand the techniques, methodology, and thought process used to exploit a target.
- Refine and practice your methodology in the Challenge Labs.
Find and Exploit AD Challenge Machines
-
Post-exploitation is as important as initial enumeration.
- Unlike stand-alone machines, AD needs post-exploitation.
- Practice by finding dependencies between AD challenge machines.
Practice, Practice, Practice!
Practice as many machines as you can on all challenge labs.
- Try to exploit a machine using multiple approaches and/or techniques.
- Revisit challenges and topic labs that were challenging or presented difficulties.
- Avoid relying on hints and walk-throughs.
Lab Machines Key to Success
Higher challenge labs you complete higher you have chance to pass the exam
Simulate a Practice Exam Environment
-
Challenge 4 (OSCP A), 5 (OSCP B), and 6 (OSCP C) contain an AD set environment.
- If you have already finished all AD sets, redo it without looking at the notes.
- Practice your report-writing skills after exploiting machines.
-
Repeat the exam environment to build confidence.
- Familiarity with time constraints will help you stay calm and centered.
- Remember, the exam is just another day in the labs.
Time Management
Avoid rabbit holes
- Set a timer per machine:
- I.e., 2-3 hours per stand-alone machine and 4 hours for the AD set.
- The 4 hours can be broken down for each AD machine.
- After getting a shell, allot another two hours for privilege escalation.
- If time runs out, move on. It's easy to get lost in troubleshooting.
- Working on a different machine or taking a break lets you come back with a fresh perspective.
Schedule your breaks
- The 24 hours is not just for hacking machines.
- Schedule time for breaks, eating, and sleeping.
- Stick to your schedule. Fatigue and hunger will slow you down.
- Take a step back or a short break after your 2-3 hour allotted machine time.
Don't Panic
- There is more than enough time to finish the exam.
- If you need to work for 24 hours, you need more preparation.
Reporting
-
Keep a record of your journey through the PEN-200 challenges.
- Recommended practice for writing your exam report.
-
Prepare a report template prior to your exam.
- Updated exam report template: PEN-200 Reporting Requirements.
- The template gives you a direction on what to document.
OSCP Exam Tips
Read the Exam Control Panel
-
Read the instructions for each machine before you start.
- It will give you an idea of the structure of the AD set.
-
Plan based on the objectives outlined in your Control Panel.
- Identify whether you will start with an AD set or stand-alone machines.
- Format your report template in line with the requirements of each machine.
Enumeration Tips
Initial Enumeration
- Perform light scans on your targets.
- E.g., scan for ten common ports on your exam machines.
- Manually interact with services found while waiting for thorough and longer scans.
Enumerate carefully
- Avoid heavy scans on multiple targets.
- Revert machines after running unsafe scans.
- Re-run scans to ensure all information are correct. Scans can be inaccurate.
- Use various tools to verify scan outputs.
Enumeration is a cyclical approach
- After gaining new access, enumerate again in the context of your new privileges.
- If you gain login access to a webpage, enumerate the webapp as that user
- If you gain domain user access to a machine, enumerate the domain as that user.
- This concept is often overlooked.
- Learners tend to stop enumerating after getting a shell/root access.
Exploitation Tips
Make sure to read exploits prior to using them.
- Do you need to set up files or permissions prior to running the exploit?
- Do you need to modify the exploit to match your target?
Check multiple exploits for the same vulnerability.
- Exploits may use different methods to exploit vulnerabilities.
- Some exploits might be compatible/incompatible with your target.
Active Directory Tips
AD Enumeration
- Identify the machine's role (DC/client) and the services present.
- Identify the initial target in the domain (the low-hanging fruit).
AD Exploitation
- Have a cheatsheet of AD commands.
- Be thorough for enumeration, exploitation, and post-exploitation.
- Do not ignore standard enumeration; check applications and non-AD-related services.
- Try using the information you obtained on multiple domain machines.
Document & Backup!
- Document all commands, outputs, scripts, and code you use.
- Use terminal loggers to automatically log all commands and outputs in your shell.
- Take snapshots and backups of your work.
- Ongoing documentation saves time from rerunning any commands if you need the outputs again.
OSCP Exam Scheduling
Schedule your Exam
- Schedule your exam several weeks prior.
- We recommend at least three weeks before the desired date.
- You can reschedule your exam up to 3 times.
- You can reschedule your exam up to 48 hours before exam start time.
- Be mindful of the time and timezone (e.g., GMT).
- If you do not arrive within 1 hour of your exam start time, your exam will be canceled.
- You may check Managing OffSec Certification Exams for more information about scheduling an exam.
Exam Confirmation Email
“Penetration Testing with Kali Linux - Proctored Certification Exam Confirmation - OS-XXXX” email contains:
- How to start the exam and login to the proctoring tool.
- Technical requirements to take the proctored exam.
- Exam proctoring rules.
- Instructions on how to submit your exam report.
Exam Logistics & Proctoring
Exam Logistics
- Identify where you intend to take the exam.
- Check government cybersecurity laws. Some countries have strict firewall restrictions.
- Prepare a backup Internet connection in case of emergencies.
- Check for scheduled power outages in your area.
- Prepare food and snacks for the 24-hour exam.
- Water is critical; remain hydrated.
- If other people will be in the room during the exam, inform them regarding the exam protocol.
Proctoring Requirements
Technical Requirements
- Proctoring technical requirements are outlined here.
- Schedule a test session if you are using a Linux variant.
ID requirements
- Valid government-issued ID in English.
- Contains your full name, photo, birthdate, country, issue, and expiry date.
- Prepare a scanned copy in case your ID is not clear in the camera.
Mentally Prepare Yourself
-
Be confident in the preparation you completed.
- Remember, the exam is just another day in the labs.
-
Be calm and avoid worrying about the exam.
- Try eating out or going to the gym (activities that relax your mind).
-
Be healthy.
- Get plenty of sleep and rest, and stay hydrated.
During the Exam
Proctoring Process
The proctoring process can start 15 minutes before your exam time.
Log in to the proctoring tool with your credentials.
Overcoming Stress & Anxiety
- If you are panicking, take a moment to stop and collect yourself.
- Do activities that calm you, like meditating or taking a walk.
- Stick to your time schedule.
- As long as there is time, keep working.
- Many learners finish exams in buzzer beaters.
- It's ok if you don't do well.
- Many OffSec employees had multiple attempts.
- You will also learn and gain the exam experience.
Before Ending the Exam
- Double-check the exam requirements.
- Review and finalize all of your notes.
- Make sure you have captured all the necessary screenshots and proofs.
- If you have the time, re-exploit machines after a revert.
- Ensures your step results are correct.
- Double check proofs and screenshots are correct.
Contact Protocol
- For exam machine or connectivity-related issues please inform the proctoring team immediately via the exam live chat.
- For issues related to the proctoring application, please reach out to https://chat.offsec.com
-
OffSec Student Mentors (SMs) will not assist with exam objectives.
- However, reach out if you feel overwhelmed or need a sounding board.
Post Exam
Writing your Report
- Get sleep & refresh your mind.
- You have 24 hours for the report; there is time to rest.
- Take the time to write a detailed report.
- The report is important; it is the product you deliver to the client.
- It should be organized, professional, and will be clearly understood.
- Proofread your report.
- Double-check if the necessary screenshots and proof files are present and correct.
- We do not accept changes or updates to submitted reports.
Upload Login Page
Upload Report Page
Double Check the MD5 Hash
- After uploading your report, upload.offsec.com will provide the MD5 hash of your report.
- Compare MD5 hash of the uploaded file with your local copy.
- If the values do not match, your file did not upload successfully.
Additional Resources
OSCP Exam Resources
- What to Expect From the New OSCP Exam
- OSCP Exam Change
- PEN-200 Reporting Requirements
- OSCP Exam Guide
- Managing OffSec Certification Exams
- Proctoring Tool Learner Manual
Support Channels
What Do You Need? | Learners |
Exam scheduling | orders@offsec.com |
Proctoring | proctoring@offsec.com |
VPN connectivity issues | Inform the proctor via the exam live chat |
Exam machine testing | |
Non-technical exam-related inquiry | challenges@offsec.com |