Hello amazing hackers! I am really happy to see you here because i was afraid to write this article. I do not want to boast, and it feels like boasting when i say this but i passed my OSCP exam the first time around with all but 1 flag found and i had no prior hacking practice. Here's how i did it!
I want to start off by prefacing this with saying no certificate has my preference, i think they both have a valid field of applicability.
I always wanted to get into cybersecurity and one day when browsing the internet i came across an indie bundle on cybersecurity books. For those of you who don't know, indie bundles are where you pay what you want for the bundle and receive a certain amount based on how much you pay. There are more complexities but they are not for this article. I bought the bundle and got about 25 cybersecurity books on things like web hacking such as the web application hackers handbook which i really enjoyed reading but i did not understand any of what they were saying. The bundle also contained the CEH v9 e-book which was a blessing in disguise for me.
I was working at a bank at the time and we had a pentester that we hired regularly. I asked him what i had to do to get into hacking and if i should go for CEH as it seemed nice and entry level but he told me that for what i wanted to, OSCP would be a better solution. You have to prove yourself in a gruelling 24 hour exam where you have to hack 5 machines he told me. That exam thing stuck with me for the rest of the course. It seemed like a massive wall i had to climb with no ladder in sight but i am not a rat that gives up easily.
I am someone who does things well when he does them or i stop doing them if i can't do them well enough. If i do something i go all out so i went to my boss and i asked him if it would be possible to follow this training and try for the certification. My boss did not like my idea however. He loved it! He is all for self development and he knows how much i like to learn new things and new disciplines even so we booked the 90-day option and then it began.
I decided to not do any preparations for it as i had quite a few years in general IT experience at this point and i am not someone who can look at learning matter more than 1 time. If i see something new and i learn about it online, i will be less motivated to study properly in the course. This might have been a good idea or it might not, you know yourself the best. Do you want to prepare or let it come to you? That's up to you but you are also the only person to thank if you pass or fail. That is a sentiment i carry heavily, us being responsible for learning is a whole new world. We don't learn well on our own unless we have a very specific goal and of course OSCP is a specific goal, it's up to you to determine the value of that goal in your life and how you want to handle it. I can only tell you my story.
I went into the course totally blind, i looked at the syllabus before and it seemed okay but you never know until you actually get started. It started out quite calm but i noticed they had a "try harder" mentality on many different aspects. I looked up a lot of information myself which is good because we need to learn how to google but on the other hand i was they would have included all the information we had to know about in the course.
I learned a whole lot in those first few days, i went through the video's first and got about 10 video's in before i wanted to really try it out and am not a very patient guy. I want to get into the action right away but of course i failed misearably at my first attempt. I did an nmap scan of the entire network and put down my results into a oneNote notebook.
I went about it very dilligently but i could not find anything with the few issue types i learned about that point so i went back into the video's and i took very notes which i never used again.
I learned a bit more this time around and i went back over the notes i took about the network. I found several interesting things that they talk about in the course like smb and anonymous ftp server access. I was even able to abuse some of them to gain a reverse shell like the anonymous ftp which i abused to upload a reverse shell, I then opened it via the web browser because they had a website running as well. This boosted my ego like crazy and i felt like a genuine hacker who just managed to hack his way into EvilCorp to destroy their evil ways of business!
As you can imagine, i hit a wall very soon. Open FTP servers only get you so far after all. I had to get back to the course and learn more but i am the kind of person that gets bored easily. i spent 8 hours a day working and spent 4 hours after that learning OSCP. In the weekends i spent 8 hours in total learning and i had 10 days from work that i could spend learning as well. All of this is a lot of time it may seem but i more than needed it. After a while of learning i wanted to hack more but i knew i was not there yet. I just needed that little push.
At this point i want to bring up the forums. They contain tips posted by the community on the lab machines but they never had a full explanation except for 1 machine which was provided by OffSec. Many people tell you to avoid these forums but i will not do that. I used them extensively and it is how i learn but i do ask you to take a critical look at yourself from the perspective of an outsides and honestly define how you learn. And i do mean honestly because it is really easy to deceive ourselves.