======================
== gkourgkoutas.net ==
======================
IGs personal blog

Journey to OSCP

oscp security hacking certification

There are tons of writeups on the internet from people who completed their OSCP certification, and I guess most of them are written better than this version. But anyway… Let’s jump in.

Lab

As soon as you get access to the lab, you will notice a lot of machines and different networks, which you can’t access at first. There is a so called learning path1, which suggests a few easy, medium and hard machines and their respective IP addresses.

Other than that, you have the forum to get some nudges on your way through those machines.

The lab is quiet big and there are different types of machines to go through. As a rule of thumb, it’s all about recon, recon, recon and of course more recon. Some machines can’t be accessed without rooting some other ones first. A good example is a machine which is part of a DC. To get the other machines in this domain, well, you have to hack the DC of course.

Compared to HTB, the lab is quiet unique and feels less like doing CTFs. There are also some really frustrating machines which have quiet the CTF flavor, but those are just a few and not the majority.

Workflow

After some time and a few machines you get the idea of how things work. This is the time where I developed my workflow. Or let’s say, did some rethinking of what can be improved. As a diehard emacs user, I though it would be the go get tool to do my notekeeping during my hacking - I was using emacs almost exclusively as my notekeeping tool for my job - but In the beginning, i just switched to plaintext files and kalis built in editor because it was “faster”.

Later on I still thought about setting up some emacs environment specifically for pentesting, but I dropped the idea because my time was limited anyway. Working 8-10 hours per day + grinding 4-6 hours for OSCP after work is not an easy task. Luckily I found a tool called Obsidian Markdown2 which I first started using as my personal wiki for my work. Later on I tried using it for my workflow when hacking as a notekeeping tool, and it works out perfectly.

If you keep track of everything you do, your report is almost finished by the time you finished your machine. (This helped me a lot during my exam. After I finished all of my machines, my report was written to almost 90 percent. I just had to do some final touches)

Grind to Insanity

Ones you setup your workflow, the grind is real. You will steadily improve your workflow as you go, but the main part, grinding through those machine is just plain insanity… Some machines are really easy, you just know what to do and rooting them is done in a short amount of time. Other machines take literally days. Sometimes an exploit works just after the fifth time you tried it. These are the moments which drive you insane, because you didn’t do anything different, it just worked after a few tries… Well things like these happen from time to time.

Sometimes the grind itself felt like a chore, sometimes it was nice to rush through 2-3 machines in one evening.

However one thing was certain after 3 weeks inside the lab; Everything just felt really heavy. Some nights where exhausting as hell. Sometimes I couldn’t sleep well at night because I didn’t achieve anything at that evening (this feeling got stronger as time progressed).

In the beginning, one or two machines per day where no big deal. After a few weeks, the pace goes down. As you progress in the lab, machines get harder. It’s not one machine per night, it’s one machine every 2 to 4 days.

You will never feel ready

Am I ready for the exam? I got this question a lot, but my answer was always “no”. As I talked to other students, most of them never felt ready for the exam. I always had the feeling, that I’m still lacking some knowledge and this feeling won’t go away, even on exam day.

Just embrace it! I knew that I didn’t feel ready at all, but that’s ok. Spending so much time on the lab and HTB, I knew that even if i would fail, at least I learned something. After all, gaining more knowledge is the most important thing at the end of the day.

Doomsday

And then labtime is over. You need to schedule your exam. This day came faster than expected. It literally feels like doomsday a few minutes before the exam starts. The grind on this one is the real deal! It’s not comparable to the few hours you spent every night to get to one or two machines done. The first few hours of the exam pass by really fast, then you will face a big wall in front of you. This is the time to take a good break and empty your head. You will face this wall a few times, and the essence to overcome it are breaks! Take your time, go outside, get some fresh air and a hot coffee. I found most indications and path to a foothold right after my long breaks. If you give yourself some time to relax and start over with an empty mind, you will find what you need in order to root that machine! It’s all there! But stress leads to blindness, which is the worst enemy in this kind of exam!


  1. https://help.offensive-security.com/hc/en-us/articles/360050473812-PWK-Labs-Learning-Path ↩︎

  2. https://obsidian.md/ ↩︎