This article provides insights into the OffSec OSCP certification exam with AD preparation. This covers the following:
- OSCP Exam Changes
- OSCP Exam Preparation
- OSCP Exam Tips
- OSCP Exam Scheduling
- Exam Logistics & Proctoring
- During the Exam
- Post Exam
- Additional Resources
Please visit our OSCP Exam Guide for the bonus points requirements.
Attempt Active Directory
- AD gives you 40 points. You can be flexible on how to get the 30 points:
- AD + 1 stand-alone + Bonus points
- AD + 2 stand-alone machines
- AD + 1 stand-alone machine + partial points
- You must get all 3 AD machines. No partial points are awarded for this challenge.
Stand-Alone Machines along w/ Bonus Points
- Skip AD and focus on the 3 stand-alone machines w/ bonus points
- No room for error, as this gives a maximum of 70 points.
Go over the course materials for each module
- Read topic modules and watch the videos
- Hands-on Practice with the course lessons with your client and lab machines
- Take notes!
Complete exercises for each module
- Complete Topic Exercises
- Complete the Capstone exercises
Start exploiting labs!
- Exploit lab challenges
- Simulate a practice exam
- The course materials and topic exercises are not a waste of Lab time!
- Builds a solid understanding of the fundamental concepts and techniques.
- The Challenges Lab
- Allows you to directly observe attacks on your machine.
- Gives you a user/admin perspective to better understand the target.
- The Windows Client and Server are a mini-AD environment.
- Accurately simulates the exam conditions and ideal practice for the exam.
- Topic exercises are great for practicing and for bonus points on the exam.
- Complete the Topic Exercises.
- Try the Extra Miles.
- Build your methodology using the walkthroughs.
- Complete Module 24: Assembling the Pieces to understand the techniques, methodology, and thought process used to exploit a target.
- Refine and practice your methodology in the Challenge Labs.
- Post-exploitation is as important as initial enumeration.
- Unlike stand-alone machines, AD needs post-exploitation.
- Practice by finding dependencies between AD lab machines.
Practice as many machines as you can on all 6 challenge labs.
- Try to exploit a machine using multiple approaches and/or techniques.
- Revisit challenges and exercises that were challenging or presented difficulties.
- Avoid relying on hints and walk-throughs.
Higher exam pass rate with >50 lab machines completed
- Challenge 4 (OSCP A), 5 (OSCP B), and 6 (OSCP C) emulate the OSCP exam environment.
- If you have already finished all AD sets, redo it without looking at the notes.
- Practice your report-writing skills after exploiting machines.
- Repeat the exam environment to build confidence.
- Familiarity with time constraints will help you stay calm and centered.
- Remember, the exam is just another day in the labs.
Avoid rabbit holes
- Set a timer per machine:
- I.e., 2-3 hours per stand-alone machine and 4 hours for the AD set.
- The 4 hours can be broken down for each AD machine.
- After getting a shell, allot another two hours for privilege escalation.
- If time runs out, move on. It's easy to get lost in troubleshooting.
- Working on a different machine or taking a break lets you come back with a fresh perspective.
Schedule your breaks
- The 24 hours is not just for hacking machines.
- Schedule time for breaks, eating, and sleeping.
- Stick to your schedule. Fatigue and hunger will slow you down.
- Take a step back or a short break after your 2-3 hour allotted machine time.
- There is more than enough time to finish the exam.
- If you need to work for 24 hours, you need more preparation.
- Keep a record of your journey through the PEN-200 challenges.
- Recommended practice for writing your exam report.
- Prepare a report template prior to your exam.
- Updated exam report template: PEN-200 Reporting Requirements.
- The template gives you a direction on what to document.
- Read the instructions for each machine before you start.
- It will give you an idea of the structure of the AD set.
- Plan based on the objectives outlined in your Control Panel.
- Identify whether you will start with an AD set or stand-alone machines.
- Format your report template in line with the requirements of each machine.
- Perform light scans on your targets.
- E.g., scan for ten common ports on your exam machines.
- Manually interact with services found while waiting for thorough and longer scans.
- Avoid heavy scans on multiple targets.
- Revert machines after running unsafe scans.
- Re-run scans to ensure all information are correct. Scans can be inaccurate.
- Use various tools to verify scan outputs.
Enumeration is a cyclical approach
- After gaining new access, enumerate again in the context of your new privileges.
- If you gain login access to a webpage, enumerate the webapp as that user
- If you gain domain user access to a machine, enumerate the domain as that user.
- This concept is often overlooked.
- Learners tend to stop enumerating after getting a shell/root access.
Make sure to read exploits prior to using them.
- Do you need to set up files or permissions prior to running the exploit?
- Do you need to modify the exploit to match your target?
Check multiple exploits for the same vulnerability.
- Exploits may use different methods to exploit vulnerabilities.
- Some exploits might be compatible/incompatible with your target.
- AD initial enumeration and exploitation is similar to stand-alone machines.
- Identify the machine's role (DC/client) and the services present.
- Identify the initial target into the domain (the low-hanging fruit).
- Have a cheatsheet of AD commands.
- Be thorough for enumeration, exploitation, and post-exploitation.
- Do not ignore standard enumeration; check applications and non-AD-related services.
- Try using the information you obtained on multiple domain machines.
- Document all commands, outputs, scripts, and code you use.
- Use terminal loggers to automatically log all commands and outputs in your shell.
- Take snapshots and backups of your work.
- Ongoing documentation saves time from rerunning any commands if you need the outputs again.
- Schedule your exam several weeks prior.
- We recommend at least three weeks before the desired date.
- You can reschedule your exam up to 3 times.
- You can reschedule your exam up to 48 hours before exam start time.
- Be mindful of the time and timezone (e.g., GMT).
- If you do not arrive within 1 hour of your exam start time, your exam will be canceled.
“Penetration Testing with Kali Linux - Proctored Certification Exam Confirmation - OS-XXXX” email contains:
- How to start the exam and login to the proctoring tool.
- Technical requirements to take the proctored exam.
- Exam proctoring rules.
- Instructions on how to submit your exam report.
- Identify where you intend to take the exam.
- Check government cybersecurity laws. Some countries have strict firewall restrictions.
- Prepare a backup Internet connection in case of emergencies.
- Check for scheduled power outages in your area.
- Prepare food and snacks for the 24-hour exam.
- Water is critical; remain hydrated.
- If other people will be in the room during the exam, inform them regarding the exam protocol.
- Proctoring technical requirements are outlined here.
- Schedule a test session if you are using a Linux variant.
- Valid government-issued ID in English.
- Contains your full name, photo, birthdate, country, issue, and expiry date.
- Prepare a scanned copy in case your ID is not clear in the camera.
- Be confident in the preparation you completed.
- Remember, the exam is just another day in the labs.
- Be calm and avoid worrying about the exam.
- Try eating out or going to the gym (activities that relax your mind).
- Be healthy.
- Get plenty of sleep and rest, stay hydrated.
Proctoring process can start 15 minutes before your exam time.
Log in to the proctoring tool with your credentials.
- If you are panicking, take a moment to stop and collect yourself.
- Do activities that calm you, like meditating or taking a walk.
- Stick to your time schedule.
- As long as there is time, keep working.
- Many learners finish exams in buzzer beaters.
- It's ok if you don't do well.
- Many OffSec employees had multiple attempts.
- You will also learn and gain the exam experience.
- Double-check the exam requirements.
- Review and finalize all of your notes.
- Make sure you have captured all the necessary screenshots and proofs.
- If you have the time, re-exploit machines after a revert.
- Ensures your steps results are correct.
- Double check proofs and screenshots are correct.
- For exam machine or connectivity related issues please inform the proctoring team immediately via the exam live chat.
- OffSec Student Mentors (SMs) will not assist with exam objectives.
- However, reach out if you feel overwhelmed or need a sounding board.
- Get sleep & refresh your mind.
- You have 24 hours for the report; there is time to rest.
- Take the time to write a detailed report.
- The report is important; it is the product you deliver to the client.
- It should be organized, professional, and will be clearly understood.
- Proofread your report.
- Double-check if the necessary screenshots and proof files are present and correct.
- We do not accept changes or updates to submitted reports.
- After uploading your report, upload.offsec.com will provide the MD5 hash of your report.
- Compare MD5 hash of the uploaded file with your local copy.
- If the values do not match, your file did not upload successfully.
- What to Expect From the New OSCP Exam
- OSCP Exam Change
- PEN-200 Reporting Requirements
- OSCP Exam Guide
- Important information about exam scheduling in the Learning Library
- Proctoring Tool Learner Manual
|What Do You Need?||Learners|
|VPN connectivity issues||Inform the proctor via the exam live chat|
|Exam machine testing|
|Non-technical exam-related firstname.lastname@example.org|