Both of us with OSCP!

Matthew

Hello! While our other posts are of what we have done in preparation of our OSCP exam, this post will be to let our readers know that we successfully attained our OSCP in August!

It was one hell of a ride for both of us, and we thoroughly enjoyed the whole OSCP, from the process all the way till its end.

Now that we’ve joined the rank of OSCP graduates, i would just like to share some of the tips for the exam that might just give you the slight advantage in order to pass OSCP; perhaps Gerald might do up another post for his tips.

Tip #1 -> Take breaks

Taking breaks will be tip #1 from me, because this is something most people might neglect, but it turned out to be the most vital tip. For myself, i planned my entire 24 hours this way, 1.5 hrs of OSCP, 0.5 hours break. With the exception of an hour’s break for lunch and dinner. And that’s it. Taking breaks really allows you to calm yourself down and recall and consolidate all the stuff you have during enumeration and piece the puzzles pieces together. Once you get tired, you will really find it exponentially harder to break the box, so taking a break once in a while will help you push through. If you need a few hours nap, just take one!

Tip #2 -> Don’t think too much!

This! Tell yourself this. OSCP is a beginner level certification. Because it is. Which means that, you sometimes really don’t need to think too much. See a login page? Just try default credentials, or SQL injection like ‘ OR 1=1! If you find yourself needing to brute force your way to login, chances are, you are going down a rabbit hole. Need to write an entire exploit script from scratch? Nope. That’s beyond OSCP though, like really. Even the labs don’t require you to create your own exploit script. Unless you count buffer overflow as one. See some software? Searchsploit it, or google for any exploits in exploit-db (Though they are essentially the same), you will get something! Even if you get nothing but just the github source code, then just try to read it! Likely it will be in php, so take a week to familiarise yourself with the language and common signs to look out for in terms of web vulnerabilities in php code, and you will do fine!! Think simple!

Tip #3 -> Brainpan.

This is no doubt one of my most important tip. Every OSCP graduate will tell you this. And. You. Better. Be. Familiar. With. It. Really. If you can break this particular box once by just going through motion, you will do fine, trust me. At least for 25 points. You just need to understand the steps though, you don’t have to memorise anything else. Just the steps and why you do those steps.

Tip #4 -> Skip it if you need to

Don’t spend so much time on a single machine, sometimes it’s not worth it. Like any other exams, if you find yourself stuck in a question, just move on. 70 points to pass, which is at least 3.5 out of the 5 boxes, you can afford to lose 1 whole box if you really can’t break it. Nobody’s gonna know you got 70 points, or 100 points. (This is a lousy attitude. I know, but i will say it to calm future candidates down) Back then i told myself, 2 hours max for each stage per box, so like user shell 2 hours, and another 2 hours for root shell. Once i go beyond that point, move on.

Tip #5 -> Screenshot everything!

By this i mean just take screenshot if you think you reach a certain checkpoint. For example, you reach a login page, screenshot. Bypass authentication to find yourself in an admin page, screenshot. LFI, screenshot, SQLi, screenshot, shell (obviously), screenshot. Or, i have heard others that took screen video of the entire exam, then slowly take screenshots off the video while doing their report later. That’s pretty hardcore troublesome no doubt it’s safer, but I’m lazy, so i screenshot and move on, and chuck my screenshots to my report template.

Tip #6 -> Have a list of common commands

This is important too, but I believe most candidates do that. This will help you save a bit of your time every time you copy and paste. You might think you only save a couple of seconds each time, but man, every second counts. Unless you are super confident you can pass the exam, or else, just keep a list of commands you frequently use on a notepad or text editor. If you need my list, just let me know!

And i guess that should be enough tips for now, besides the need to practice hackthebox, vulnhub and the likes of tryhackme. If case you are wondering, yes, i took the “new” exam which many people have said Offsec updated the exam boxes, and if you would like to ask if they are indeed more difficult… Well, i wouldn’t know since i haven’t done any of the old boxes, but from my experience I just feel it’s more tedious and less obvious as compared to the labs. (I had the old labs)

Either way, just enjoy yourself, and don’t give up! You will do fine. 🙂

Is it the end of our WordPress site?

Nope. With OSCP done, i will still try my best to update this site with other posts, such as our projects in the cybersecurity field, or if anything interesting comes up, and future certifications as well! Not sure if Gerald will update anything here though. But i will!

Stuff for the future!

  • CTFs?
  • Bug bounty writeups?
  • OSCE/OSWE/AWAE/ETC/ETC?
  • Side Projects?

Published by Matthew

Currently a final (fourth) year student in NUS (National University of Singapore) and an intern in GOVTECH Singapore. (Will be ending in early Dec sobs. T_T) , major in Information Security and thinking about whether or not to minor in Forensic Science. (YES. It's a vast difference) [EDIT: I decided not to minor in Forensic Science for no particular reason. Really.]