OSCP Preparation: My Experience and Tips for Success

Hello everyone! 👋

Sometimes, people message me asking for advice about the OSCP exam—either because they’re preparing for it or planning to get the certification in the future. I’ve decided to write this post to answer the most common questions and share my experience.

Note: This is just my personal experience and opinion. Also, I can’t share too much specific information about the exam itself, which might actually be a good thing đŸ€” since the machines on the exam change often. The process of preparing and taking the test (which is no secret) is the most interesting part of getting OSCP certified.

How much time do you need to prepare for the OSCP exam?

It depends on your background.

  • If you’re an experienced pentester who practices regularly on platforms, takes part in CTFs, and works with infrastructure and Active Directory testing, you’ll likely need less time.
  • But if you’re a beginner or work mainly with web or mobile pentesting and don’t have much experience with privilege escalation on Windows, Linux, or Active Directory attacks, you’ll need more time to prepare.

💡 Pro Tip: If you already have a CPTS certification, you’re at an advantage since you won’t need to spend much time on the theoretical materials in the Pen-200 course.

Here’s my suggestion:

  • For experienced people: The Course + Cert Bundle (3 months of lab access and one exam attempt) might be enough.
  • For beginners: Go for the Learn One subscription, which gives you 1 year to study, lab access, and two exam attempts.

💰 Money-saving tip: OffSec often offers 20% discounts on subscriptions in October or November, which makes the Learn One subscription a great deal! The extra exam attempt alone is worth $249, and the subscription also includes Proving Grounds Practice.

How much harder is the new OSCP+ exam compared to the old one?

It’s hard to say for sure because it depends on the Active Directory set and standalone machines you get during the exam.

Even though you’ll be provided with a username and password for Active Directory, exploiting it can still be tricky. Also, the 10 bonus points from the old exam are no longer available.

Make sure to prepare well by studying the updated materials:

For me:

  • The Active Directory set was of medium difficulty, and the course material was enough to solve it.
  • The Standalone machines, however, were quite tough. I recommend practicing as many lab machines as possible to feel confident.

What materials and resources are useful for preparation?

Here are my top recommendations:

đŸ› ïž Do all the challenge labs in the course. Even if some are tough, you can get small hints on Discord. Solving these labs and writing your own notes will be a valuable experience.

🌐 Use Reddit. It’s a great place to find updates from people who recently passed the exam and discover useful resources for self-preparation.

đŸ’» Practice additional machines similar to the exam. These lists are super helpful:

🕒 I had some extra time before my exam, so I solved:

  • All Hack The Box and Proving Grounds Active Directory machines.
  • Almost all Proving Grounds Windows machines.
  • About half of the Proving Grounds Linux machines.
This helped me build a solid toolkit and learn how to identify attack vectors for privilege escalation.

đŸŽ„ Watch privilege escalation tutorials. The ones from Tib3rius are very helpful.

How should you manage your time during the exam?

If you’re busy with work or studies before the exam, it’s better to reschedule to a time when you’re rested and ready.

Here’s my exam strategy:

  • Start with the Active Directory set and focus on it completely.
  • If you solve the AD set, you’ll have more than half of the required points 🎯 and feel more confident.
  • Don’t move on to standalone machines unless you’ve finished AD or have completely run out of ideas.

Avoid trying to do everything at once. It will only make you tired đŸ˜”, lose focus, and increase the chances of missing something important.

The exam is tough not because the machines are impossible but because you only have 24 hours. Stay focused, solve the machines, and write a clear report to secure your certification.


That’s all for now!

Good luck with your OSCP journey, and remember: Try Harder! đŸ’Ș😊