Sailor Security

My OSCP Certification Exam

Table of Contents

  1. About OSCP
  2. OSCP Content 2024 & Skill Mastery
  3. Exam Preparation
    1. My background before OSCP
  4. Exam

About OSCP

OSCP (Offensive Security Certified Professional) certification also known as PEN-200 is offered by OffSec. It is mainly focused on Active Directory – network penetration testing with moderate web application assessments all conducted using Kali Linux.

OSCP Content 2024 & Skill Mastery

OSCP has 12 main sections (concatenated) covered both the theory and extensive hands-on labs (Flag Submission Style) on each topic followed by a real-life simulated mid-size companies with mature security postures to hack which covers topics below:

  • Passive and Active Information Gathering
  • Vulnerability scanning
  • Common Web Attacks
  • Client Side Attacks – Phishing
  • Locating and Fixing Exploits
  • Anti-Virus Evasion
  • Password Attack
  • Windows Privilege Escalation
  • Linux Privilege Escalation
  • Network Pivoting and Tunneling
  • Metasploit
  • Active Directory – Enumeration and Attacks

Exam Preparation

It took me 3.5 months to prepare for the OSCP exam, mainly, using the PEN-200 content, Rana Khalil and TJnull list on HacktheBox. Even though, originally I feared OSCP, I tackled with schedule and regular time allocation and discipline for 10 hour per week solely focused on the OSCP. My background helped more for OSCP exam preparation.

My background before OSCP

1. College: In-depth Windows Active Directory system administration knowledge gained through hands-on labs, helped me understand how systems in a company operates.

2. CCNA: allowed me to understand the fundamental of networking and inter-connected devices and services.

3. Azure-900: gave me the Active Directory and basic cloud function in windows Azure environment.

4. ComTIA Security+: understanding how security is implemented in a mid-size companies and cooperates.

5. PNPT: thought how to build a network and attack the home built network.

6. CTF: Participated in HacktheBox CTFs and easy boxes.

Exam

OSCP exam is a total of 48 hours and consist of two parts.

The first part (24 hours) is to conduct an assessment against an AD set worth 40 points using the techniques taught during OSCP. The goal is to detect vulnerabilities reside in the target machine and fully compromise the Domain-Controller. In addition, there are 3 stanalones that is mixed of windows and linux boxes each worth 20 point.
Attacker must obtain a cumulative 70 points to pass the OSCP exam. Also, if challenge labs and 80% of OSCP content+labs are cleared before the exam, a 10 bonus points are rewarded leaving the student to earn 60 points + 10 point bonus to pass the exam.

The second part (24 hours) is to write a professional report on each application to include methodology, vulnerabilities, mitigations, reproducible steps and findings in order to considered OSCP Certified.