#OSCP exam advice thread.
Someone recently asked me if I have any advice for the OSCP exam, and I decided to share it with everyone in case someone else finds it useful.
Here's the advice I gave:
Someone recently asked me if I have any advice for the OSCP exam, and I decided to share it with everyone in case someone else finds it useful.
Here's the advice I gave:
1. Stay calm. Chances are at some point during the exam youโre going to think youโre going to fail. It happens to everyone including myself. When that happens, take a break and repeat to yourself that youโre prepared and that OS designed the exam in a way that it can be completed
2. When stuck on something always google the technology + HTB/vulnhub/oscp. You wonโt find the exact solution but youโre likely to find something similar that might nudge you in the right direction.
3. Make use of your Metasploit attempt if you get stuck. In the exam I came across a technology that I wasnโt super familiar with and I could have done it w/o Metasploit in a couple of hours but it only took 5 min with Metasploit.
4. Use AutoRecon
5. Donโt rush yourself. Trust me, youโll run out of ideas b/f you run out of time on the exam.
6. It goes w/o saying you should do a full port scan. Enumerate weird services first (look for associated exploits)
5. Donโt rush yourself. Trust me, youโll run out of ideas b/f you run out of time on the exam.
6. It goes w/o saying you should do a full port scan. Enumerate weird services first (look for associated exploits)
7. Take screenshots / make notes of everything you tried (including commands) while youโre doing it. It helps you keep track of what you tried in case you get stuck and it makes sure you donโt lose your work if your vm crashes during the exam.
8. Take breaks
9. Keep it simple
8. Take breaks
9. Keep it simple
10. Donโt make assumptions. Try everything you can think of
11. Take @TibSec's privesc courses
12. Have a report template ready. Although you have 24 hours to write the report, youโll be exhausted from the 24 hours you spent on the exam
11. Take @TibSec's privesc courses
12. Have a report template ready. Although you have 24 hours to write the report, youโll be exhausted from the 24 hours you spent on the exam
13. This last advice is easier given than taken. On the off chance you fail the exam, remember that having the cert does not define you. The time you spent studying for the cert and improving your skills is what really matters.
Take a break, figure out what you need to improve on and try again.
Loading suggestions...