2023-06-23

oscp review and guide

OSCP Review And Guide (2021)

after a few years since i got the oscp in 2021 and a ton of other certs, i decided to start writing reviews and personal guides to how others can succeed.

what is the oscp

the oscp or offensive security certified professional cert by offsec is a penetration testing cert that assumes you come from an IT background. However, you don’t really need to know much before you get into the cert. all you need to do is learn the basics of linux some networking and they will teach you the rest.

teach is in cursive because they don’t teach you anything. they give you a pdf and a prerecorded video of some voice actor reading the pdf. sometimes, you might have a visual aid as they run the commands.

the lab

the lab is a very intricate environment with multiple tiers of networks. it’s very interesting that it is completely self paced and you can root 9-20 machines in 1 day or 5 in a month. there is nearly zero guidance and we’ll get into the -try harder- mentality in a bit.

try harder

as i said there is nearly no guidance in the lab and they recommend rooting 40-60 machines in order to be more ready to pass the exam. i personally LOVE the try harder mentality. as this was my first cert, it shaped the way i approach all of cyber security. there is no challenge that i see now and think “i can’t do this.” every challenge is approached with an “i can do this, just need to try hard enough” mentality. this is a very good mentality that i see a lot of people struggle with understanding or just outright disagree with. for me personally, this is my life.

the exam

24 hours 3 ad 3 solo machines, 24 hours more to write a report. this is public knowledge now so i don’t mind saying that. i am honestly not sure how it is on the 2023 version so don’t quote me :D. focus on the ad, because you can’t pass without it. finishing that means you can work on the others.

who should get the oscp

i personally think anyone and every with a little knowledge of linux and networking and wants to enter into cyber should take. that said anyone with a ton of experience should also take it. it’s a huge resume bump and you will find your self getting a ton more interviews. it is a hard exam when you are new to cyber security and much easier when you are not.

how to prep

do hack the box

i think this goes without mention that you need to do a ton of hackthebox. this is just a given at this point. if you can go through hackthebox machines, then you can easily pass the exam. hackthebox is significanly more difficult than everything on the market, even real life machines. hackthebox training is absolutley elite, and NO i do not get any money from they, nor am i sponsored by them. i just srongly believe in their products.

do offsec’s practice playground

offsec released a lab that anyone can sign up for, for about $19 USD a month that gives you access to offsec made machines, obviously, offsec machines are much more similar to offsec exam machines. so doing those just sets you on the correct path.

try to do as much of the lab as possible

you should aim for 100% completion, if you aim for the 40-60 you will fall short, but if you aim for 100 you will find yourself closer to 60 or even higher.

conclusion

get the cert, its expensive but a huge investment, prepare accordingly and don’t over think it.

best, gerbsec