Everybody’s journey on the Offensive Security Certified Professional (OSCP) certification is different. A number of factors are at play, such as your previous experience and your learning style.
Prepare your environment
You will need a virtual machine with Kali Linux installed. You can use the VMware Workstation Player with the Kali VM for OSCP Lab.
Read the course material
Purchase the PEN-200 course and join Offensive Security’s Discord server and the forums.
Read the course material or watch the videos. Take notes.
Know what to expect on your exam day. Familiarize yourself with the exam restrictions by reading the OSCP Exam Guide and take a look at the Exam Proctoring FAQ.
Practice
Do the course exercises
Some topics require more time and effort, like buffer overflows and Active Directory. Also make sure to master some basic operations like file transfer.
❗ Buffer overflows are not part of the OSCP exam anymore.
Hack the OSCP Lab
Go for low hanging fruits first. There are dependencies between machines. For this reason, you should always do the post-exploitation steps on every machine. Try cracking shadow files, dumping credentials from memory with Mimikatz, and look for files that could be useful later. Keep note of all credentials found in a way that is easy to use later in a bruteforce attack on other machines.
Think of other ways that a machine could be hacked. There might be other paths that you could learn from.
Go further
Do not limit yourself to the OSCP lab. Practice on other platforms:
- Buffer Overflow Prep Room (TryHackMe)
- Hack the Box (HTB) Active Directory machines. See this post.
Read public walkthrough guides of machines from other platforms like HTB. You can learn from the methodology others use.
Take notes
Make a template for taking notes about each machine, and steps that you will be able to follow during the exam. Practice documenting machines like you would do during the exam and take screenshots of proof files that comply with the OSCP Exam Guide. Create a template for your report and try documenting one machine. See what information and screenshots you will need.
Time management
Time management is a big part of the OSCP exam. Use tools like a pomodoro tracker to keep you on track and manage breaks efficiently. Dedicate a timeslot in your calendar for studying and schedule your exam.
Reassess
Take a step back and find your weaknesses. Take a look at the course syllabus and see what topics you still need to work on. It might be privilege escalation on Linux, pivoting, etc.
The Try Harder mindset
The Try Harder motto can be frustrating at first. Some people say it in a very arrogant way when asked questions from newcomers.
Once you see the Try Harder as a way of pushing your limits, not getting discouraged, and reflecting on what you did or did not do when stuck on a machine, your methodology will improve and you will be glad that you tried harder. You will need this mindset during your exam. Listen to Call Offensive Security song!