Getting started or finishing the OSCP (PEN-200) course

1l.rocks1l.rocks
5 min read

Introduction

First of all, I’d like to share that I have submitted my exam and the report. From now on, it's just waiting for the results and praying that the results are good. The paranoia is getting there. NOTE: I did receive the certificate :)

The course time period

Let's first start off with the time period the work has been done in.
I got the course at a Christmas to New Year sale, which is the one that allows you to learn for it for about a year.

I’d have to say that the preparation maybe did not need the year, but also including the challenge labs it is totally needed. Doing all challenge labs and reading the entire course in while taking notes is not doable in 3 months (maybe for some, but it just isn’t).

After getting the course, I did take a year to read it, this is because there was not really pressure to obtain the certificate in a shorter time period.
When OffSec came with the news about the exam changing and not making it possible to obtain bonus points from the challenge labs anymore, the time started ticking.
I wanted to do the exam before they made changes, because otherwise: ‘something new, untested, and you have to be the one to try it’.

What the new exam will be like

OffSec announced that it will change the exam as mentioned before.
The changes they will make from >31 October:
- Remove labs bonus points
- Provide a ‘greybox’ scenario on pentesting the Active Directory
And that’s about it you have to worry about. So if you bought the course for 3 months and don’t have time for the challenge labs, doing the new exam is your best guess - but keep in mind, no one has done this exam this way yet (probably besides some course testers).
But OSCP+… it will expire in 3 years? No worries, your OSCP+ will expire, but your ‘OSCP’ won't!

Will any company cry about OSCP+? Probably not, OffSec made it so that some ‘government-ish’ companies have their pentesters get OSCP+, since it has a requirement of certificates that expire.

Is it worth getting OSCP+ after I have already done OSCP? Maybe if you go work at some government that requires it, otherwise: ‘no'.
Just go for something more challenging like OSEP, CPTS, or some other high-level cert.

Should I go for OSCP or CPTS?

In my experience, the CPTS certificate is not valued really high just yet. But the CPTS exam is way harder than OSCP, including a bunch of new tactics that OSCP just does not cover.

If you want an industry standard for a job or a raise, just go for OSCP - it’s not really a HARD certificate. It took me 7 hours to get to the minimal points of 70 (including challenge lab points) and took me about 9 hours to get to 80.

Should I do CPTS course and do my OSCP exam? No, some things overlap, but when doing an exam from a specific company, they want you to think like that company wants.
A great example for OffSec: ‘try harder’.

What does ‘try harder’ mean?
To my experience, OffSec likes to add things that are not learned in the course. For example, a small box you do after a course piece you just read: not covering pass the hash, but you have to do a pass the hash attack.

But how does CPTS cover this?
The ‘penetration tester path’ contains all the information you need for the exam of CPTS (at least that's what they say). The course from CPTS contains a search functionality in it, which means you can easily ‘ctrl + f’ during the CPTS exam and look back into the course. And not to forget they provide a cheatsheet for everything, what more do you want?

(this adds up to my preparation since I did CPTS for 40% and then I had to focus on getting my OSCP)

Some tips & tricks

Things you just need to get done before doing the exam:

  • Read the course and take good notes, notes that you can refer back to.

  • Make life easy, and put code blocks in your notes you can just copy.

  • Watch Ippsec videos from the TJ Null OSCP boxes preparation list

    • For this, you don’t even need to do the machines themselves, just watch the videos and learn the tactics. Ippsec has a great way of thinking, where you know what to check when doing a box.

  • It is not that hard. This is simple for someone to say, but if you are a starter sure it can be hard. But for someone who already works in the industry and has done more than a handful of infrastructure penetration tests, this is easily done.

  • Rabbitholes….. The challenge labs cover this, sometimes you are pentesting a web app for an hour… take a step back and recheck the versions, ports, etc.

  • Do the challenge labs. The challenge labs are great preperations, especially the OSCP ones!

  • Asking for tips while doing the challenge labs, don’t take it literally. This is because someone could say ‘it's in plain sight’ and then it's stored in appdata or something like that. A wrong tip could make you even more stuck, so don’t rely on it and just proceed trying it yourself. Worst case scenario, just ctrl + f the discord.

  • Take some hours to do everything. Ask your boss for some free time to just grind that OSCP course and get through it.

  • Install everything you need in your OSCP VM (and use it for all your labs) and just use ctrl + r as history search for commands during challenge labs.

0
Subscribe to my newsletter

Read articles from 1l.rocks directly inside your inbox. Subscribe to the newsletter, and don't miss out.

pen200offensive-securityoffsecoscppen-200#cybersecuritypenetration testingpentesting

Written by

1l.rocks
1l.rocks

Part of the scene as a penetration tester.