hi
Iām Sandesh, and I recently passed my OSCP exam. Iām thrilled about clearing this exam and would love to share my experiences with OSCP preparation and the exam itself.
About a year ago, I joined HackerU for a Cybersecurity Course. Coming from a tech background, I found it enjoyable, although it was challenging to absorb so much information in a short time.
After completing the course, I got ādistractedā by bug bounty posts on LinkedIn shared by the cybersecurity community š . I started researching how to earn ā$$$ bountiesā and learned a lot during that time. However, I realized later that I could have done this in my free time instead of dedicating all my time to learning āhow to get bounties.ā
One of my friends from the course cleared the OSCP exam in October 2020, which motivated me to go for it. I sought guidance from my mentors ā¤ļø, Swaroop, Yogi, and Azaz, on how to proceed with preparations. They provided valuable guidance and support. Swaroop, the head of HackerU in India, arranged online meetings with cybersecurity industry experts who shared their experiences and answered our queries about the OSCP exam. Yogi, my go-to person at HackerU, helped me clear my doubts and shared useful study resources. Swaroop and Azaz, being experienced professionals, provided guidance during the courseās challenges.
My time at HackerU was both productive and enjoyable. Swaroop gifted me a book he wrote, āLearning Penetration Testingā (available at https://www.amazon.in/Learning-Penetration-Testing-Swaroop-Yermalkar/dp/1785883259/), as a token of appreciation when I discovered a vulnerability in one of the VMs shared by a previous instructor :P.
I also had a lot of fun with my amazing batchmates!
FIRST ATTEMPT: I started my preparations by reading many blogs about OSCP prep and exam cracking. So, I took access to the labs and several weeks later, On December 28, 2020, I attempted the exam and solved 4 machines, achieving 65 marks but fell short of passing. Luckily, I wasnāt disappointed by the failure. The next day, I paid for the reattempt and scheduled my next exam for January end week. I was happy about the experience of my first attempt, as it helped me identify areas where I needed more preparation (š Windows Privilege Escalation).
SECOND ATTEMPT: On January 27, with a relaxed mindset, I started my exam and successfully solved all 5 machines. However, I couldnāt obtain a root shell on two 20-point machines. This time, I attempted for 80 marks.
I began with the BOF machine and put the other machines on auto-enumeration using the nmap_automator tool. Completing the BOF took me around 4ā5 hours šµ because I faced issues finding bad characters initially. I reverted the machine and got the bad characters correct this time. Afterward, I tackled a 10-point machine, which I completed in 1 hour.
Next, I attempted two 20-point machines and obtained user access on both but not root access. Just 2 hours before my exam ended, I started working on the 25-point machine and successfully gained both user and root access. I was thrilled that I attempted for 80 marks this time. After finishing the exam, I took some rest and prepared the report, submitting it the next day. While I expected to wait for a week to receive the results, I received them within 48 hours of submitting the report. I passed this time.
It is recommended to document and develop your own cheatsheet, which will help speed up things while solving boxes.
TY ā¤