Passed the OSCP without any Security Work Experience (First Attempt)!
I just took the OSCP exam this Monday(06/27/2022) and passed it. I got my result back on Wednesday evening while shopping (roughly about 24 hours after I submitted the report on Tuesday)! My report was about 48 pages in length and documented every step of the process as well as many screenshots to demonstrate what I was doing.
Exam day:
- My exam starting time was at 10:00 am so I woke up around 8:00 am, took a shower, and made sure I had everything I needed to start the test (checked the webcam, the task manager running, read through the exam requirements once again, prepared coffee, water and some snacks on the desk, and most importantly my “hacking music playlist” on youtube!)
- At 9:45, I connected to the proctoring software and started the identification process. Fortunately, it went very smoothly and I was able to start the exam exactly at 10:00 am.
- (11:00am) I got my first shell on one of the independent machines pretty quickly (in an hour) and got a root before I went to lunch, which made me happy that I was moving faster than I thought.
- (1:00pm) I decided to enumerate one of the other independent machines lightly before moving forward to the AD and got stuck. I switched to the AD, and got really stuck for about 3 hours but finally got an initial shell after enumerating EVERYTHING.
Long night with AD:
- (6:30 pm Initial Foothold) After I had dinner with my husband and walked outside for a minute to refresh, I continued with the AD set (I’m not going into details due to offsec regulations). For the second machine in the AD, I got very stuck again for a simple error. Took a break and realized my mistake, I soon was able to move laterally to the second machine.
- (8:00 pm Struggling to move forward — getting the DC) I was excited because I was close to getting to the DC. However, I got into MANY rabbit holes and couldn’t figure out how to get to it until I finally found a way at 11:30 pm. At that point, I was exhausted mentally and physically so I thought maybe it was a good time to take a nap since I already had 60 points, and getting an initial shell on one of the machines will get me a passing grade. However, I couldn’t sleep. My adrenaline was going insane and my cat slapped my face when I was trying to sleep. (I thank my cat for this)
- (Midnight — Initial shell on Bof — passing grade) I washed my face and made a black coffee to tackle a BoF machine. I had a bit of trouble during one stage of the BoF but I finally got an initial shell around 3:00 am!
- (3:30 am) I tried to priv esc the BoF machine for a long time, but nothing seemed to work and I was not feeling well. I enumerated the other machine a bit more, but I also found nothing juicy there. At 6:00 am, when I started seeing the sun, I decided to call it. Before chatting with the proctor about ending the test, I decided to quickly go over my notes, screenshots, and proofs. Ended the exam around 6:30 am and went to sleep.
Post-Exam:
- (Tuesday 3:00 pm)Since I wrote step-by-step instructions while taking the exam, I only had to put all the information in the word template the offsec provided and add sentences here and there to make a professional-looking report. It took me about 3 hours to complete the report and submit it after I got some sleep.
Exam Review:
- It was an unforgettable experience overall. It was mentally and physically challenging. One thing I’m glad I did was to prepare my schedule for taking breaks. I followed the schedule almost all the way. It calmed my nerves by talking to my husband, petting my cats, walking around the house, etc. These breaks gave me fresh perspectives I needed to break free from daunting moments during the exam.
- I was already somewhat familiar with the BoF, but I’m glad I worked on a bof machine a few weeks prior to the exam in the lab, which helped me tremendously.
- I’m a non-native English speaker and since the certification isn’t quite popular in Japan, I might try to write tips in Japanese sometime soon.
My background:
- I work in the non-security-related team at an IT company and self-studied some practical pentesting, developing ethical hacking python scripts on a few udemy courses.
- I got my Master’s in Cybersecurity in 2021 from WGU but I wanted to be more skilled before switching my career, which led me to OSCP.
- (2022/02 — PWK begins!) I watched and followed along with about 30 HTB boxes before I started the PWK labs.
- (2022/04 — Practicing outside the lab) I worked on about 20 proving ground boxes after the lab expired and watched IppSec’s walkthroughs every day for about a month.
- (2022/05/20) I decided to add one more month of lab time to finish all the lab machines (I had about 20 more machines left). I finished all the lab machines around the third week of the extended period, so I decided to use the last week to just review all the notes and take them easy.
- (2022/06/20) My lab time ended, so I took a week break until my exam day to just relax, organize my notes, and double-check exam requirements.
Hopefully, this will encourage someone who has no pen-testing work experience to try the OSCP. I was not planning to pass it the first time as I read many horror stories about the exam so I’m very relieved that I made it and I can take a break from studying! This is the first good break I’m taking after my Master’s! I’m buying a new game!!!