OSCP Preparation: My Experience and Tips for Success
Hello everyone! đ
Sometimes, people message me asking for advice about the OSCP examâeither because theyâre preparing for it or planning to get the certification in the future. Iâve decided to write this post to answer the most common questions and share my experience.
Note: This is just my personal experience and opinion. Also, I canât share too much specific information about the exam itself, which might actually be a good thing đ€ since the machines on the exam change often. The process of preparing and taking the test (which is no secret) is the most interesting part of getting OSCP certified.
How much time do you need to prepare for the OSCP exam?
It depends on your background.
- If youâre an experienced pentester who practices regularly on platforms, takes part in CTFs, and works with infrastructure and Active Directory testing, youâll likely need less time.
- But if youâre a beginner or work mainly with web or mobile pentesting and donât have much experience with privilege escalation on Windows, Linux, or Active Directory attacks, youâll need more time to prepare.
đĄ Pro Tip: If you already have a CPTS certification, youâre at an advantage since you wonât need to spend much time on the theoretical materials in the Pen-200 course.
Hereâs my suggestion:
- For experienced people: The Course + Cert Bundle (3 months of lab access and one exam attempt) might be enough.
- For beginners: Go for the Learn One subscription, which gives you 1 year to study, lab access, and two exam attempts.
đ° Money-saving tip: OffSec often offers 20% discounts on subscriptions in October or November, which makes the Learn One subscription a great deal! The extra exam attempt alone is worth $249, and the subscription also includes Proving Grounds Practice.
How much harder is the new OSCP+ exam compared to the old one?
Itâs hard to say for sure because it depends on the Active Directory set and standalone machines you get during the exam.
Even though youâll be provided with a username and password for Active Directory, exploiting it can still be tricky. Also, the 10 bonus points from the old exam are no longer available.
Make sure to prepare well by studying the updated materials:
For me:
- The Active Directory set was of medium difficulty, and the course material was enough to solve it.
- The Standalone machines, however, were quite tough. I recommend practicing as many lab machines as possible to feel confident.
What materials and resources are useful for preparation?
Here are my top recommendations:
đ ïž Do all the challenge labs in the course. Even if some are tough, you can get small hints on Discord. Solving these labs and writing your own notes will be a valuable experience.
đ Use Reddit. Itâs a great place to find updates from people who recently passed the exam and discover useful resources for self-preparation.
đ» Practice additional machines similar to the exam. These lists are super helpful:
đ I had some extra time before my exam, so I solved:
- All Hack The Box and Proving Grounds Active Directory machines.
- Almost all Proving Grounds Windows machines.
- About half of the Proving Grounds Linux machines.
đ„ Watch privilege escalation tutorials. The ones from Tib3rius are very helpful.
How should you manage your time during the exam?
If youâre busy with work or studies before the exam, itâs better to reschedule to a time when youâre rested and ready.
Hereâs my exam strategy:
- Start with the Active Directory set and focus on it completely.
- If you solve the AD set, youâll have more than half of the required points đŻ and feel more confident.
- Donât move on to standalone machines unless youâve finished AD or have completely run out of ideas.
Avoid trying to do everything at once. It will only make you tired đ”, lose focus, and increase the chances of missing something important.
The exam is tough not because the machines are impossible but because you only have 24 hours. Stay focused, solve the machines, and write a clear report to secure your certification.
Thatâs all for now!
Good luck with your OSCP journey, and remember: Try Harder! đȘđ