Posts Tagged

OSCP

OSCP preparation guide and exam review

Hello guys, this is Jameel nabbo, and here’s my review about Offensive Security certified professional OSCP certification.

Introduction:

I don’t write dummy things and I’ll not waste your time in reading unnecessary stuff.

First, I reserved my seat for 1-month lab time, along with this I work a full-time job and have a wife, also I give some time to my family and I do freelance projects such as mobile/web development.

You can imagine how busy I am 🙂

When I started to set my goals to take it this what I did:

  • I forgot all of my social life.
  • I canceled all of my vacations.
  • I didn’t sleep more than 6 hours even on the weekend.
  • Redbull was my friend, and all the things that contain sugar.

About my background:

I’m coming from full stack development background and have some background in network security, web app pen testing, and hold some security certifications other than OFFSEC’s one.

The company that I joined recently always puts pressures on me in a lot of challenges and honestly, I like that because I win every time under pressure :D, and they have requested OSCP certification recently and they sponsored me for the certification fees.

Preparation Before Lab:

Before buying the lab, I took all Hackthebox machines including the hard ones (Took me lots of time) also took all machines in VulnHub which doesn’t have write-ups (Notice that all machines that related to ARM stuff I skipped them).

Me and my lovely student Selim (14 years old) we created a small team and we was going over Hackthebox machines and he was making lots of fun, i think his existence pushed me to be better. and now we are in position 1 in the middle-east and 50 over the world on Hackthebox 🙂

MY HTB Profile: https://www.hackthebox.eu/profile/30799

Lab preparation:

I got my materials from Offensive Security and took 3 days to complete the Videos, and 2 days to read all PDF contents. (I didn’t do the exercises) also, I wrote a lab report but I didn’t submit it.

During the lab:

I took 35 machines of the public network along with this, took the hardest machines (Ghost, Pain, humble Sufferance J this machine took me 5 days of lab time to break it down, I think I ‘ll never forget it), however I got the text files that allowed me to unblock other networks in the lab, but didn’t have time to go over them.

Making the exam (the impossible mission):

Time taken: 11 hours

Points earned: all machines (100%) points.

Multiple attempts: yes, I took the exam multiple times.

Did you use Metasploit: NO

I call the exam (impossible mission) not only because of difficulty but because I had really pressure in that time other than the exam:

My brother went to the hospital because of an accident after starting the exam.
My lab stopped for 3 hours and a half because of a technical problem in OFFSEC network.
I lost all of my scans and notes twice during the exam by unexpected restart happened to my VM machine.
With that begin said you can imagine what kind of pressure that I had, especially the downtime, however, Offensive Security was generous enough and they gave me 3 hours more after fixing the problem, however, I didn’t use them.

F&Q:

Is the exam hard?

It’s not easy, but for sure it’s hard if you don’t have experience.

How do I know I’m ready for the exam?

It’s pretty simple, create your own exam simulation in (Sat or Sun) and put time limitation for yourself (24 hours), and choose 2 medium, 2 hard machines from VulnHub or hackthebox, and see how you can progress during this simulation time, I’m really serious. And this technique helped me a lot. (if you fail do it again).

How about Buffer Overflow machine?

Take it easy, do the PDF exercise and you’ll be good to go.

What lab time should I take?

I think if you have more than 5 years’ experience go with the one month. Else take the 90 days or 60 days if you can give at least 3 hours daily from your time, please note that this is an estimation and you should have more idea about how much time you can invest in this certification.

Is it worth it to invest time in this certification?

Well, it’s one of the most fun things that I’ve done in my life and for sure Offensive Security deserve your money when it comes to certifications and penetration testing, it’s at 100% the most respectful certification in the cybersecurity industry, at the end it’s not a book you read it and then answer multiple questions and forget them after 1 week of making the exam.

What if I went to the exam multiple times and failed?

Don’t ever give up, this is the real meaning of Try Harder.

Any recommendations for preparations?

Don’t ever take hints instead make lots of researches and try to understand how things works, and when you feel stack take a step back and enumerate again from ground zero.

Also, when you make the exam the most important thing is to stay awake therefore you need to sleep at least 10 hours before your exam’s start time (Again this is very important).

Another thing I want to point on is Windows privilege escalation (See references section), and don’t cheat yourself by using Metasploit during the lab (I assure you it won’t help you during the exam).

Another thing, now OFFSEC exams are protected (And I really appreciate this huge step from OFFSEC since they will take care of cheating).

Any recommendations for time management during the exam?

Yes, don’t spend more than 4 hours of each machine, and remember that, if something doesn’t work then move on, and most importantly don’t make things complex 🙂

Finally: I call this certification (Never give up certification, and you should really Try Harder because simply there’s no easy way, and I learned this the hard way).

References:

For Linux privilege escalation you really don’t need more than G0tM1lk article (Don’t use the automated Linux enumerations scripts, I’ve never used them in the exam or Lab).

https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation

I also wrote a simple book and combine all the techniques that I always use for Linux privilege escalation.

Here: http://jameelnabbo.com/linux-advanced-privilege-escalation

For windows privilege escalation you need to fully understand and read the following two links lots of times and you’ll be good to go, by the way when you go with lab you’ll refer to the bellow links multiple times J

http://www.fuzzysecurity.com/tutorials/16.html

https://sushant747.gitbooks.io/total-oscp-guide/privilege_escalation_windows.html

Read this Webbook:

https://www.gitbook.com/book/sushant747/total-oscp-guide

If you guys have any questions regarding the OSCP feel free to contact me on Twitter

@jameel_nabbo

Good luck,