Questions? Comments? Need a CTF? Contact Us


Please let us know your name.
Please let us know your email address.
Please let us know your message.
Invalid Recaptcha

OSCP Review

Curtis R. (@C0axx)

Obtaining the OSCP certification is a challenge like no other. The journey was full of Intensive research, building new skills and trying harder! The PWK is a very technical and hands-on course that will get students acquainted with the world of offensive security. After my journey with the exam and course from Offensive Security, I decided to go ahead and write an OSCP Review.


My Security Experience

I have been in the IT industry for about 6 years now. A lot of my experience didn’t come from my everyday job but through self-education and a desire to learn. I have spent numerous hours at home, in front of my laptop, learning new tools and offensive techniques. I have spent hours testing out these tools and techniques through various mediums including HackTheBox, Pentestit, Vulnhub and local CTFs.

The Course

I decided to take the PWK course in October of 2017 and the OSCP exam in January 2018.  This is a course and exam I have wanted to tackle, as I have always had a deep curiosity for offensive security. I signed up for 90 days of lab time, and a few weeks later, I received the introduction email with all the information I needed to begin my journey. The PWK course doesn’t teach you everything, but the materials are enough to get you started. A lot of the meat and bones are provided but the course will push you to Google the night away.

Tips for the courseware:

  • Create a study path and stick to it. I have found the best way to do this is to follow the courseware and then start practicing those techniques in the labs.
  • Join a few of the online platforms, like the netsecfocus slack group which has its own OSCP channel for others on the journey.
  • Find a good application for taking notes. I recommend KeepNote or CherryTree.
  • Find an efficient way of backing up your work. I recommend Google Drive.

The Lab

The lab was a great environment to learn in. You have the potential to access three different subnets after successfully finding the jump box to those other subnets. After successfully rooting boxes in the public subnet, you will start to gather intel and other interesting documents that will lead you to possible dependencies in other networks within the company. After you find those dependencies, you will be able to pivot into other networks and piece together even more intel. Make sure to document thoroughly the exploits used and any modifications done to successfully exploit those systems. As well as how you were able to gain privilege escalation and loot the files.

Tips for the Lab:

  • The Offensive Security forums contain the Offensive Security's Complete Guide to Alpha, a walkthrough to help guide you into the correct methodology and enumeration of future boxes.
  • Try to compromise and root as many boxes in the lab, but make sure you understand the exploit and how it works.

The Exam

The exam is a 24-hour test of your knowledge and stamina. You must document all your attacks including all steps, commands issued, and console output in the form of a penetration test report. You then submit your exam documentation as outlined within 24 hours after your exam ends. In addition to meeting the certification exam objectives, you must submit an exam penetration test report to be awarded your OSCP designation.

Attempt #1

I booked my first exam for a Friday morning at 6:00 AM and did not have any plan, the email came right at 6:00 AM. I connect to the network, looked at the exam guide that is provided and start working. Within the first two hours, I was able to finish the buffer overflow and one other machine putting me at 35 points. I took an hour break around 12:00 PM with no further luck finding my next way in.

At around 3:00 PM I had successfully got a limited shell on my third box bringing me up to 45 points. I spent the next 6 hours enumerating vigorously and going down rabbit hole after rabbit hole. I took another one-hour break and came back with a clear head. This time taking a step back and thinking maybe I was trying too hard. I started over, trying to keep it simple and checking the basics. There was the answer to my headache! At around midnight, I was able to get a limited shell on my 4th box putting me at 55 points. I took the next 5 hours enumerating repeatedly and caught myself overcomplicating things again. At 5:30 AM, I was able to get privilege escalation on my 3rd box putting me at 65 points.

My VPN died at about 5:45 AM. I took a step back and thought well damn, that was intense! My first attempt was full of emotions and feelings. After submitting the reports and waiting a few days I received the following:

Dear Curtis,
We regret to inform you that, based upon review of your course and exam documentation, you did not meet the requirements to pass the Penetration Testing with Kali Linux exam.

This time, I took a few weeks and did a little more studying. I really dove into what issues I had and how to mitigate those issues before my second attempt. I ran back through my notes and came up with a new method to follow.

Attempt #2

I booked my second exam for a Tuesday morning at 6:00 AM and had a solid plan.  I connected to the network, looked over the exam guide that is provided, and started building an attack plan. I started running my scans in the background while I worked on the buffer overflow machine. Within the first two hours, I was able to finish the buffer overflow and one other machine again! I took an hour break and went back at it.

By 12:00 PM, I had rooted a third box. I spent the next few hours trying to get a hold on my 4th box, without any luck. I took another break and came back to try and conquer these last boxes. A few more hours and I was able to get a limited shell on my 4th box bringing me up to 67.5 points! For the next several hours, I struggled to get a limited shell on my 5th box until I remembered to keep it simple!

Boom! limited shell on my 5th box! I knew by this point I should be around 77.5 points! Enough to pass by the points awarded based on the exam guide. I took a few more hours and tried to escalate my privileges on the last two boxes but was unsuccessful. By this time, I was exhausted and decided I was satisfied with the points I had accumulated. I spent the next few hours fixing up my report and submitting. A few days later I received the following:

Dear Curtis,
We are happy to inform you that you have successfully completed the Penetration Testing with Kali Linux certification exam and have obtained your Offensive Security Certified Professional (OSCP) certification.

Wrap Up

This is by far the most challenging and rewarding course and certification I have ever taken. I respect anyone else who has the guts to take this on and succeed. It truly shows you know your stuff in this field. I sincerely want to thank OffSec for this amazing experience and opportunity! On my way to doing the OSWP & OSCE next!

Copyright © StormCTF, LLC | Design by Stitch