WHOAMI

My name is Rahul Ravishankar and I am a aspiring cybersecurity professional. This past month, I successfully obtained my OffSec Certified Professional Plus certification from Offensive Security! This was a 5 month long preparation process that involved many sleepless nights, long hours, and a ton of sacrifice (I am not exaggerating). However, I couldn't be happier about the result. Before, I go into the details of the process & preparation, I will share a little bit more about myself, so everyone reading this article can clearly understand where I was in my cybersecurity career before attempting to take on one of the most industry recognized certifications.

My credentials going into the exam were the following:

• B.S. in Computer Science / M.S. in Cybersecurity & Information Assurance
• CompTIA Network+ / Security+ / CySA+ / Pentest+
• PNPT / PJPT from TCM Academy

Even though I have a couple of certifications, I feel like the 2 most beneficials certifications that really helped me start this journey to become OSCP+ certified was the PNPT / PJPT certifications from TCM Academy. These certifications gave a great baseline and understanding of what it meant to take on a practical penetration exam when compared to the more modern style of exams which consist of multiple choice questions and a few performance-based questions. The TCM Academy courses that helped prepare for the PNPT exam, also tremendously helped on the Active Directory (AD) and linux/window privilege escalation areas of the OSCP+ exam.

Exam Preparation

I would also like to add that my experience with capture-the-flag (CTF) boxes before I started prepping was very minimal and the only real exposure I had were the boxes that were a part of the Practical Ethical Hacking course by TCM Academy. There are also 2 very good lists of OSCP like machines that I would recommend checking out, one which was created by Tj Null and the other list which was created by Lain Kusanagi. Although I checked both lists out, I primarily used Lain's list for referencing what boxes to work on and what platform to use.

Month 1:

• I started my preparation with buying a 1 month long subscription to HackTheBox. I will not lie, I was not able to finish a box without using a walkthrough during this month. This was definitely due to the fact that I was still learning to get myself into that CTF mindset, but even though I wasn't able to finish a box without help I was still making the most of it. Before I started attempting to do CTF boxes I went in with the mindset that I would struggle for an hour and if I had made no progress or was stuck, I would resort to using the walkthrough for initial access and then do this same process to fully root the box. This helped me be efficient with my time and keep learning without getting burnt out. In addition to following walkthroughs, I would also watch IppSec's videos just to learn different approaches on how a box could be rooted. This entire time I was also taking detailed notes along the way. I would say I completed about 20 Linux boxes and 10 Windows boxes in this 1 month time frame.

Month 2 & 3

• After the month long subscription was over, I stepped away from HTB with a good idea of what it means to have a CTF mindset and a bunch of detailed notes on how I would attack each service/port I saw. For the next 2 months, I got a Proving Grounds (PG) Practice subscription and repeated the same process as I did with HTB and completed ALL the boxes on Lain's list. During this process, my need for using walkthroughs to complete a box completely went down, as I was able to finish a majority of the boxes without the need of referring to a walkthrough, however once the box was complete I still went through the walkthrough and watched supplemental videos on how other people rooted the box to learn different methodologies and methods that can be used. This process was tremendously helpful has I was able to build out a plethora of detailed notes, which came handy during the exam. A lot of my notes were also in the format of copy/paste which helped save time during the exam, so I wouldn't need to scramble to type out the correct command with the correct flags.

Month 4

• After finishing all the Proving Grounds Practice boxes, at the start of month 4 is when I purchased the PEN-200 course which comes with OffSec's course that helps prep individuals to take the OSCP+, 10 challenge labs, & one single exam attempt. I would also recommend buying this course only when you feel comfortable doing the PG boxes without any help and you plan on taking the exam soon because you only get 3 months of access to the course and all the labs. I would say I watched all the videos and read all the text before moving onto the challenge labs. This helped just solidify all the material I had previously learned doing boxes. For the challenge labs, I only completed 3/10 challenge labs which the people of Reddit recommended to focus on (OSCP A, OSCP B, OSCP C). After all this and making sure my notes were in order I took my first attempt scoring 50 points.

Month 5

• After not passing on the first attempt, I was determined more than ever to comeback stronger and knock this exam out. This 5th month I took the time to go over all the PG boxes, HTB AD boxes, and even went over all the Virtual Hacking Labs boxes on Lain's list. In addition, I also made sure to go over the three challenge labs again and this process made me feel more confident for my 2nd attempt as this time I knew the lay of the land and made sure to improve on the areas I felt weak on. At the end of month 5, I took my 2nd attempt and was able to say I conquered the OSCP+ exam acquiring 80 points.

Exam Experience

• FYI: Take the timeline below lightly as it does not portray the breaks I took nor the times I might have dozed off in front of my computer 😂

Attempt 1 Exam Experience (50 points)

Start: 3:00 PM

• 3:00 PM → 12:00 AM

Escalate privileges to Administrator in AD (+10 points)

• 12:00 AM → 3:00 AM

Gained initial access on Standalone 1 (+10)

• 3:00 AM → 6:00 AM

Gained initial access on Standalone 2 (+10)

• 6:00 AM → 10:00 AM

Gained root access on Standalone 2 (+10)

• 10:00 AM → 2:45 PM

Gained Administrator on the 2nd AD machine before running out of time (+10)

End: 2:45 PM

Attempt 2 Exam Experience (80 points)

Start: 1:00 PM

• 1:00 PM → 3:00 PM

Escalate privileges to Administrator in AD (+10 points)

• 3:00 PM → 6:00 PM

Gained Administrator on the 2nd AD machine (+10 points)

• 6:00 PM → 10:00 PM

Rooted the AD machine and made sure to take ALL the screenshots I needed for the report before moving on (+20 points)

• 10:00 PM → 2:00 AM

Gained initial access on Standalone 1 (+10)

• 2:00 AM → 5:00 AM

Gained initial access on Standalone 2 (+10)

• 5:00 AM → 10:00 AM

Gained initial access on Standalone 3 (+10)

Gained root access on Standalone 3 (+10)

• 10:00 AM → 12:45 AM

Walkthrough all the compromised boxes and made sure I had ALL the screenshots I need to write a thorough and detailed report.

End: 12:45 PM

Resources

• https://academy.tcm-sec.com/
• https://app.hackthebox.com/home
• https://portal.offsec.com/courses/pen-200-44065/overview
• https://book.hacktricks.wiki/en/index.html
• https://gtfobins.github.io/
• https://www.netexec.wiki/
• https://www.revshells.com/
• Lain's List
• TJ Null's List
• https://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
• https://notes.sfoffo.com/
• OSCP Checklist
• https://github.com/LeonardoE95/OSCP?tab=readme-ov-file

Advice

• ENUMERATE, ENUMERATE, ENUMERATE!
• Methodology > Mindset
• The exam is only as hard as you make it out to be!

No matter if your journey is long or short, don't give up! Finish what you started and when it gets hard, just remember to TRY HARDER! Good luck to everyone who wishes to take on the OSCP+ exam!