OffSec Notes
  • Offensive Security Notes
    • Linux/Unix
      • Checklist - PrivEsc
        • Related Links
        • Kernel Exploits
        • MYSQL
          • HEX
        • SUID
        • Relative Path in SUID Program
        • Writable /etc/passwd file
        • Writable script in /etc/crontab
        • Writable services
        • Sudo <=1.8.14
        • Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit
        • Docker
          • Docker Escape
        • davfs2
        • gcore
        • fail2ban
        • git
        • tar with wildcard
        • Exiftool
      • Limited Shell Escape
      • Wordpress
      • Apache Tomcat
      • Werkzeug Console PIN bypass
        • get_flask_pin.py
      • Java Object Deserialization
      • Redis RCE
      • mongodb
      • Postgres
      • Erlang - 4369
      • rsync - 873
      • Sendmail ClamAV
      • VNC Password Decryptor
    • Windows
      • Checklist - PrivEsc
        • MSSQL
        • PsExec.exe
        • Build Exploits
        • Unquoted Service Paths
        • SeImpersonateToken
        • SeRestorePrivilege
        • SeBackupPrivilege
        • Abuse GPO
        • Job with editable file
        • AlwaysInstallElevated
        • Misconfigured LDAP
        • GMSA
        • MS17-010
      • Useful PS Scripts
        • GetUserSPNs.ps1
        • Master MDF Hash Extraction
        • Spray-Passwords.ps1
      • Password Extraction
      • Office Macro
        • Microsoft Office
        • Open Office
      • Post Exploitation
    • Web
      • SQL Injection
        • mongodb 2.2.3
        • UNION BASED
          • MSSQL
          • Oracle
        • ERROR BASED
        • node.js
    • Nmap samples
    • Shells
      • node.js
      • msfvenom samples
      • Reverse Shells
      • Shellter
    • Enumeration
      • SMB
      • RPC
      • LDAP
    • Buffer Overflow
      • mona
      • fuzzer.py
      • exploit.py
      • bytearray.py
      • pattern_offset.rb
      • pattern_create.rb
    • Password Cracking
    • File Download
      • FTP
    • Port Forwarding
      • Dynamic Forwarding
    • Useful links
  • Blog
    • CRTO I & II
    • OSCP Preparation
    • New OSCP Exam vs Previous OSCP Exam
    • Movements in AD
    • PWK Lab vs PG Practice
  • PortSwigger Academy
    • Server-side topics
      • Authentication vulnerabilities
      • OS Command Injection
      • File Path Traversal
      • Business logic vulnerabilities
      • Information disclosure vulnerabilities
      • Access control vulnerabilities and privilege escalation
      • File upload vulnerabilities
      • Server-side request forgery (SSRF)
      • XML external entity (XXE) injection
    • Client-side topics
      • Cross-site scripting
      • Cross-origin resource sharing (CORS)
      • Cross-site request forgery (CSRF)
      • Clickjacking (UI redressing)
      • DOM-based vulnerabilities
      • Testing for WebSockets security vulnerabilities
    • Advanced topics
      • Insecure deserialization
      • Server-side template injection
      • Web cache poisoning
      • HTTP Host header attacks
      • HTTP request smuggling
      • OAuth 2.0 authentication vulnerabilities
      • JWT attacks
  • Walkthroughs
    • PG Practice
      • Linux
        • WARM UP
          • Bratarina
          • ClamAV
          • Exfiltrated
          • Hawat
          • Interface
          • Muddy
          • Pebbles
          • Twiggy
          • Wombo
        • GET TO WORK
          • Banzai
          • Cassios
          • Dibble
          • Fail
          • G00g
          • Hetemit
          • Hunit
          • Maria
          • Nappa
          • Nibbels
          • Nukem
          • Payday
          • Pelican
          • Readys
          • Roquefort
          • Snookums
          • Sorcerer
          • Splodge
          • Sybaris
          • Walla
          • Webcal
          • XposedAPI
          • ZenPhoto
          • Zino
          • QuackerJack
        • TRY HARDER
          • Clyde
          • Peppo
          • Sirol
      • Windows
        • WARM UP
          • Algernon
          • Compromised
          • Helpdesk
          • Internal
          • Kevin
          • Metallus
        • GET TO WORK
          • AuthBy
          • Billyboss
          • Craft
          • Fish
          • Hutch
          • Jacko
          • Nickel
          • Shenzi
          • Slort
        • TRY HARDER
          • Heist
          • Meathead
          • Vault
      • Template
  • About the author
Powered by GitBook
On this page
  1. Blog

OSCP Preparation

I started Cyber Security career with a course about 2 years ago. It was 600 hours long. It contained network, network security, system (AD and Linux), system security, ethical hacking. In August of 2020, I started Cyber Security Center Analyst in NETAŞ. I was responsible for SIEM’s. We were analyzing cases related every security aspect. I decided to pivot my career to more offensive. In the job, stress level and density were too high. After the work, you had no energy to learn or do something. So, I quit the job in June 2021. Then, I enrolled OSCP certification in July 2021. Before the enrollment, I completed 2 paths in Tryhackme which were Complete Beginner and Offensive Pentesting Learning. Since I had a good background, it did not take time too much. PWK enrollment process was easy. I bought 90 days package. I studied only PWK labs in those times. After the ending of Lab access, I took an attempt for the exam.

I got 60 points (BOF, 25, 10). I was so close to pass. But I had not enough luck I guess 😊 and there were lots of stress. I found the initial access for a machine in last 5 minutes. That was all I need. In exam, I faced lots of network issue, hanging virtualization software etc. I was devastated after the exam. But in a very short time I gathered myself.

After the failed attempt, I found Proving Grounds Practice for more preparation. I solved lots of machines in it. Offensive Security announced new exam structure at early days in December. By the time I became aware of the it, all 1.5-month reservations were filled in 2 days. I was planning take to exam in first week of December. As a result, I took the new exam. But there were lots of hesitations. Cause of no one experienced new structure. There was no way out to take the new exam. Until to the exam date, I solved about 70 machines in PG Practice and solved all labs in PortSwigger Web Security Academy. Yeah, I doubled my knowledge in those times.

The exam was so hard. Because of I could get initial shell for AD in about 10 hours. Taking over domain took 1.5 hours 😊 I did not prepare report for extra points. I think, it was not so important in previous exam structure. And it wants lots of time to prepare. I got 2x20 machines in 4 hours with partially. I could not get the last machine. It got me a little upset. But I got 80 points. I collected enough points to pass. I did not sleep in 24h exam period. I could not sleep more than 4 hours before exam started. I often took breaks. In first 12 hours, I could not get initial access for AD. It devastated me. I tried it about 8 hours in first half. After the break, I started again for all or nothing 😊. I couldn't relive failure. When I found the way, I felt success. Then I took over domain easily (Not so easy btw). I tried again get last machine in last 8 hours. But I could not.

The reporting phase was tricky. I decided to report AD machines separately. But I wrote any dependencies clearly. In a day, after the sending report, I got the email. I PASSED! It was about 12 hours ago.

Here are my takeaways from the process:

I could not pass the exam without Proving Grounds Practice experiences.

Don't spend too much time on something you don't get results.

Tools may not always yield results, must know how to manage processes manually.

Don't lose hope.

Trust yourself.

PreviousCRTO I & IINextNew OSCP Exam vs Previous OSCP Exam

Last updated 3 years ago