OSCP Less than 20 days of the Lab Left (Working Full-time)- Tips inside

3 min readApr 3, 2022


Before I started my lab back in January, I couldn’t solve a single box by myself. Now I’ve completed 25 lab machines +9 Proving Ground boxes. This number may not be much compared to some other experienced hackers out there. But I learned so much more during the past 2 months working on the lab machines than the pre-lab studying time (1 year).

In the PWK course, there’s a guideline as to which machines we should start working on. As I started tackling these machines, I found myself being able to solve some of them relatively quickly, which gave me self-confidence; it gave me hope that all the studying and practice I did with Hack-the-box/tryhackme had paid off.

I was wrong. Well, not completely, but in some degrees. These first machines didn’t require me to enumerate services that much. I only had to use a few re-con tools and privilege escalation methods were very simple. Proving Grounds’ play boxes were similar to those first machines in the official lab.

Since all I did before the lab was to watch other people’s walkthroughs and recreated them with my Kali, I never really struggled to root boxes. Well, the PWK lab definitely made me struggle.

  • For some machines, I spent a few hours on one privilege escalation method just to find out it was not the right path.
  • I couldn’t find a way to correctly upload and execute the payload on the target website for two days.
  • For the active directory portion, I couldn’t make the mimikatz work on the target machine which was frustrating because I knew it was one of the necessary steps.

Of course, there’s a student forum where you could see some tips and past questions that students asked that you could refer to. I did use some of the resources, but I made myself read the course content and research online because I won’t be able to rely on the student forum on the exam.

During this process, I’ve learned so many new techniques that I had no idea they existed and methodologies I had used before but had forgotten about.

I also missed tiny steps or details and went into many rabbit holes, just to find out I already had credentials to access the targeted machines via methods such as RDP/SSH.

It’s definitely been a quite lonely and rough road. There were a lot of days and nights that I just couldn’t get anything. Here are some tips I can give to my fellow OSCP students that may be helpful.

  • Take small breaks. If you were like me, I get lazy when I take long breaks.
  • Don’t spend all day on one thing. Don’t enumerate one service forever. If you’re stuck on one thing forever, you’re not learning much. Try to make your studying schedule every day so that you’re learning something new every day.
  • Take notes on everything! Write a book! Write your cheat sheet that you can refer to. Here is mine. It’s impossible to memorize every step you take for every exploit you encounter.
  • Sleeping takes the vital part of prepping for the OSCP test. After working for 8 hours during the day, using the lunch time for reviewing and studying until 2am easily exhausted me, especially on Fridays. Your brain won’t fully function when you’re sleep deprived; take a nap and recharge.

Even though I only have a few weeks left with the PWK lab and I won’t be able to complete all the machines (my goal is to compromise 40 machines total), I will make sure to learn everything I could to prepare for the certification!

(Here are some pictures of Giyu hanging out with me and easing my pain as I was pounding my head against the desk)