I passed the OSCP on the 1st attempt with no experience…
Let me preface, I did have security experience before starting. I worked in a SOC for 2 years and for some reason, that led me to think the OSCP would be a breeze…ha
So back to what I was saying, I had no red team experience at all. I was comfortable with networking, python, security best practices, but those were really the only skills that I had which were relevant — all my Splunk fu and threat hunting skills were worthless.
I spent a lot of time reading other’s blogs, vlogs, write-ups, facebook posts and I benefited to much from all of them, so this is my contribution, enjoy!
I didn’t do as much prep as I should have, things would have been a lot easier. I purchased a VIP subscription to the ever-so popular hacking platform Hack the Box — it’s $11 a month. The best $11 a month you will spend. I remember starting and attacking the easiest box on there, Jerry — what should have taken me a few minutes, I spent hours on and finally conceded — read the walk-through and got root. There are all sorts of prep blogs out there so I won’t go into any of that. Needless to say, I was ill-prepared.
Wife and 7 month baby was on board. I purchased the 90 days of PWK in February of this year, 2019. The day I got access, it was on!
As I mentioned, I work in a SOC — 12 hour days, there is a good amount of down time and I have a lot of time off during the week. Perfect conditions. Receiving my study material on a Sunday — I downloaded all content and began immediately. The videos and book are basically one in the same, so I would read to a certain point and then watch all the videos to cover what I read. I spent about a week on all the content. I did not do the exercises, big mistake, huge.
At this point, putting in 35–40 hours a week for study time. I thought the buffer overflow section of the material was fantastic and well explained. I spent a ton of time on reading and learning about buffer overflows, going way beyond the need for the course, and in hindsight, think I spent too much time on it. I read Hacking: The Art of Exploitation 3 times.
I continued with the 35–40 hour a week study time pace. I got used to it, oddly enough. I would spend every weekend, all weekend in front of my computer — it was still cold outside, what else was there to do? My time in the labs were great, I started popping boxes and celebrated each victory. I learned tons from each box. Which is a very important nugget for you, each machine teaches it’s own lesson.
I struggled with privilege escalation, terribly. It was hard enough to get low privilege access, but then to escalate was often even harder than the initial foothold.
For privilege escalation I followed the two highly recommended Linux & Windows blogs.
But if this is all foreign (as it was to me), you don’t know what you are looking for, what is a misconfiguration, what is not? What setuid binaries should and should not belong (what even is a setuid binary?!?!)? This is something that I struggled with and unfortunately, there is no one blog or tutorial for the answer. The answers to those questions comes with experience, practice, repetition and googling.
However, I knew that based on the points needed to pass, I would have to learn privilege escalation for both operating systems, and I did. I practiced, practiced, practiced.
During my first 90 days in the labs, I hacked over 30 boxes. It wasn’t until the end of my 90 days I realized the Offsec forums existed. Which I’ve saw/read other people posting how the forums are essentially cheating. I strongly disagree, I learned so much from the forums, especially when I was stuck. There were new tools and techniques I had learned browsing through. If I’ve spent several hours stuck on one machine and can’t get any further, why not get a nudge in the right direction so you can move on to the next thing? Instead of wasting time and burning yourself out further.
During my first 90 days, I spent as much time as I had available in front of my computer. Whether it was watching ippsec videos while laying in bed, playing in the labs or hack the box vms. Needless to say I was burnt out and burnt out hard. Honestly, I couldn’t wait for the labs to be over so I could break.
After my lab time ended, spent time with family and friends, as far away from my computer as possible. I didn’t attempt the exam at this point, because I just didn’t feel comfortable. Weeks later, I sat down in front of my computer and started messing around on Hack the Box and holy $#!+, I forgot a lot. So yeah, there was that.
I started getting into the swing of things again, I ended up spending a ton of time on Hack the Box. I popped countless boxes, a lot of them I needed assistance in doing so. I would get stuck, so I would pull up a walk-through to get me to the next step. Or when I got root, I would read as many walk-through’s as I could for different perspectives and techniques. Then I would watch ippsec do it. I think this portion got me to the next level.
I then ordered another 90 days of lab time (my company graciously paid). I decided I’m going to do the lab report and exercises this time, after all 5 points can make or break the exam. So I started re-rooting some of the other boxes and attempted the hardest in the labs, I got Pain very easy. The other two Humble and Sufferance sucked, I did not invest enough time to get into either one of them. So all in all I spent about 40 hours on the lab report and exercises. I re-read all the content and re-watched all the videos. I highly suggest doing this, I learned a lot. When I first read it, most was foreign to me. The second time, it all made sense.
I didn’t spend much time in the other networks, I didn’t really care for it. But told myself if I fail the first time, I will work on a lot of those machines. After I was finished, I felt really comfortable and ready, so exam was scheduled….
Test Day**
The exam started at 9am, went for a long run to settle down (didn’t work). I was using a macbook and heard several people have had issues using the proctoring software and then having their exams canceled in conjunction with their macbook, great.
I was able to connect with the proctor 15 minutes prior, got everything setup just fine, webcam worked. It was certainly a little uncomfortable at first, but got used to it as the hours wore on.
I won’t go into my exam any further. You will just have to attempt it and find out for yourself.
I was up for about 40 hours. I pretty much stayed up for the whole 24, which I would not recommend doing, but I was so close that I couldn’t sleep. I laid in bed and my mind was racing. I got enough points at 2:30am, woke my wife up with excitement. But I wanted to secure the cert, so I continued and got more points with one hour to spare. I went back and took a few extra screen shots just to be sure and that was it, time was up.
I was so excited that I achieved enough points I couldn’t sleep, I tried to lay down, but excitement/adrenaline/caffeine prevented that. So I started on the report which took me about 7 hours ~ probably because I was so tired. I was really satisfied with my report, from formatting to the summaries. It was about 25 pages. Pretty much everything I have read from others, the standard is 50 pages. How people can get 50 pages without including too many screen shots and code, who knows.
Lastly, came the submission part. Which was unnecessarily stressful, make sure you read the instructions over and over again.
“Motivation is crap. Motivation comes and goes. When you’re driven, whatever is in front of you will get destroyed.” — David Goggins
Two days later I got the email confirming I passed!
Immediately updated Facebook, Twitter and LinkedIn.
Had a phone interview a week later. An in person interview a week or so after that and just like that. I landed my first penetration testing position with a fantastic company.
I did this with a 7 month old and a full time job. All you need is a positive attitude, perseverance and to try a bit harder.
Follow me on twitter @justinvanbibber
Shoutouts
My wonderful wife for all the extra baby duty during these 6 months.
My fantastic manager and friend for letting me crack open my No Starch library at work.
Facebook OSCP Study Group — A lot of great content in there, use the search function and start bookmarking.
Discord — Join the “InfoSec Prep” channel, a ton of fantastic people in this group who really are helpful, but offer just enough help. I’ve connected with several of them personally.
