This article provides insights of the Offensive Security OSCP certification exam with AD preparation. This covers the following:
- OSCP Exam Changes
- OSCP Exam Preparation
- OSCP Exam Tips
- OSCP Exam Scheduling
- Exam Logistics & Proctoring
- During the Exam
- Post Exam
- Additional Resources
- Complete the lab report AND the course exercises
- Lab report must contain 10 fully compromised machines in the labs.
- All vulnerabilities exploited in the lab report must be unique.
- After March 14, 2022, lab reports must also include the full exploitation of an Active Directory set in the labs.
Attempt Active Directory
- AD gives you 40 points. You can be flexible on how to get the 30 points:
- AD + 1 stand-alone + lab report
- AD + 2 stand-alone machines
- AD + 1 stand-alone machine + partial points
- You must get all 3 AD machines, no partial points are awarded for this challenge.
Stand-Alone Machines along w/ Lab Report
- Skip AD and focus on the 3 stand-alone machines w/ lab report.
- No room for error, as this gives a maximum of 70 points.
Go over course materials for each module
- Read PDF and watch videos
- Practice the course lessons with your client and lab machines
- Take notes!
Complete exercises for each module
- Complete Topic Exercises
- Document your PDF exercises*
- Try the “Extra Mile” exercises
Start exploiting labs!
- The course materials and exercises are not a waste of lab time!
- Builds solid understanding of the fundamental concepts and techniques.
- Your assigned machines are extremely valuable.
- Allows you to directly observe attacks on your machine.
- Gives you a user/admin perspective to better understand the target.
- The Windows Client and Server are a mini-AD environment.
- Exercises are great for practicing and for bonus points on the exam.
- Complete the Topic Exercises & PDF Exercises.
- Try the Extra Miles.
- To get started, read the PWK Labs Learning Path:
- Walkthroughs for Alpha and Beta lab machines.
- Hints for 9 additional lab machines.
- Build your methodology using the walkthroughs.
- The write-ups detail the techniques, methodology, and thought process used to exploit Alpha and Beta.
- Refine and practice your methodology on 9 lab machines with hints.
- Continue exploiting the “low-hanging fruit” in the labs.
- Post-exploitation is as important as initial enumeration.
- Unlike stand-alone machines, AD needs post-exploitation.
- Practice by finding dependencies between AD lab machines.
- There are a total of 2 AD sets in the labs. It is up to you to find them.
- Enumerate and attack the 2 domains along with the sandbox.local domain from the course materials.
- Try different tools for AD enumeration and exploitation.
Practice as many machines as you can on all 3 lab networks.
- Exploit all machines in the public network.
- Pivot and exploit machines in IT, Dev, and Admin networks.
- Pivoting is now important with the addition of the AD set.
- Try to exploit a machine using multiple approaches and/or techniques.
- Re-do exercises and lab machines that presented challenges.
- Avoid relying on hints and walkthroughs.
Higher exam pass rate with >50 lab machines completed
- Prepare 3 machines and an AD set from the PWK labs.
- Try to select stand-alone machines you have not worked on yet.
- Prepare a script to directly reach IT/Dev/Admin machines you selected.
- If you have already finished all AD sets, redo it without looking at notes.
- Practice your report writing skills after exploiting machines
- Repeat the exam environment to build confidence.
- Familiarity with time constraints will help you stay calm and centered.
- Remember, the exam is just another day in the labs.
Avoid rabbit holes
- Set a timer per machine:
- I.e. 2-3 hours per stand-alone machine and 4 hours for the AD set.
- The 4 hours can be broken down for each AD machine.
- After getting a shell, allot another two hours for privilege escalation.
- If time runs out, move on. It’s easy to get lost in troubleshooting.
- Working on a different machine or taking a break lets you to come back with a fresh perspective.
Schedule your breaks
- The 24 hours is not just for hacking machines.
- Schedule time for breaks, eating, and sleeping.
- Stick to your schedule. Fatigue and hunger will slow you down.
- Take a step back or a short break after your 2-3 hour allotted machine time.
- There is more than enough time to finish the exam.
- If you need to work for 24 hours, you need more preparation.
- Document your exercises and lab report with the exam report requirements.
- This will be good practice for writing your exam report.
- This will also help give you bonus points during the exam.
- Prepare a report template prior to your exam.
- Updated lab & exam report template: PEN-200 Reporting Requirements.
- The template gives you a direction on what to document.
- Read the instructions for each machine before you start.
- It will give you an idea on the structure of the AD set.
- It will be evident if there is a buffer overflow machine assigned to you.
- Plan based on the objectives outlined in your Control Panel.
- Identify whether you will start with AD set or stand-alone machines.
- Format your report template in line with the requirements of each machine.
- Perform light scans on your targets.
- E.g. scan for 10 common ports on your exam machines.
- Manually interact with services found while waiting for thorough and longer scans.
- Avoid heavy scans on multiple targets.
- Revert machines after running unsafe scans.
- Re-run scans to ensure all information are correct. Scans can be inaccurate.
- Use various tools to verify scan outputs.
Enumeration is a cyclical approach
- After gaining new access, enumerate again in the context of your new privileges.
- If you gain login access to a webpage, enumerate the webapp as that user
- If you gain domain user access to a machine, enumerate the domain as that user.
- This concept often overlooked.
- Students tend to stop enumerating after getting a shell/root access.
Make sure to read exploits prior to using them.
- Do you need to set up files or permissions prior to running the exploit?
- Do you need to modify the exploit to match your target?
Check multiple exploits for the same vulnerability.
- Exploits may use different methods to exploit vulnerabilities.
- Some exploits might be compatible/incompatible with your target.
- AD initial enumeration and exploitation is similar to stand-alone machines.
- Identify machine’s role (DC/client) and the services present.
- Identify the initial target into the domain (the low-hanging fruit).
- Have a cheatsheet of AD commands.
- Be thorough for enumeration, exploitation, and post exploitation.
- Do not ignore standard enumeration, check applications and non-AD related services.
- Try using information you obtained on multiple domain machines
- Document all commands, outputs, scripts, and code you use.
- Use terminal loggers to automatically log all commands and outputs in your shell.
- Take snapshots and backups of your work.
- Ongoing documentation saves time from rerunning any commands if you need the outputs again.
- Schedule your exam several weeks prior.
- We recommend at least 3 weeks before the desired date.
- You can reschedule your exam up to 3 times.
- You can reschedule your exam up to 48 hours prior to exam start time.
- Be mindful of the time and timezone (e.g., GMT).
- If you do not arrive within 1 hour of your exam start time, your exam will be cancelled.
“Penetration Testing with Kali Linux - Proctored Certification Exam Confirmation - OS-XXXX” email contains:
- How to start the exam and login to the proctoring tool.
- Technical requirements to take the proctored exam.
- Exam proctoring rules.
- Instructions on how to submit your exam report.
- Identify where you intend to take the exam.
- Check government cybersecurity laws. Some countries have strict firewall restrictions.
- Prepare backup Internet connection in case of emergencies.
- Check for scheduled power outages in your area.
- Prepare food and snacks for the 24 hour exam.
- Water is critical, remain hydrated.
- If other people will be in the room during the exam, inform them regarding the exam protocol.
- Proctoring technical requirements are outlined here.
- Schedule a test session if you are using a Linux variant.
- Valid government-issued ID in english.
- Contains your full name, photo, birthdate, country, issue and expiry date.
- Prepare a scanned copy in case your ID is not clear in the camera.
- Be confident in the preparation you completed.
- Remember, the exam is just another day in the labs.
- Be calm and avoid worrying about the exam.
- Try eating out or going to the gym (activities that relax your mind).
- Be healthy.
- Get plenty of sleep and rest, stay hydrated.
Proctoring process can start 15 minutes before your exam time.
Log in to the proctoring tool with your credentials.
- If you are panicking, take a moment to stop and collect yourself.
- Do activities that calm you like meditating or taking a walk.
- Stick to your time schedule.
- As long as there is time, keep working.
- Many students finish exams in buzzer beaters.
- It’s ok if you don’t do well.
- Many OffSec employees had multiple attempts.
- You will also learn and gain the exam experience.
- Double check the exam requirements.
- Review and finalize all of your notes.
- Make sure you have captured all the necessary screenshots and proofs.
- If you have the time, re-exploit machines after a revert.
- Ensures your steps results are correct.
- Double check proofs and screenshots are correct.
- For connectivity issues & issues with machines, contact us immediately.
- OffSec Student Mentors (SMs) will not assist with exam objectives.
- However, reach out if you feel overwhelmed or need a sounding board.
- Get sleep & refresh your mind.
- You have 24 hours for the report, there is time to rest.
- Take the time to write a detailed report.
- The report is important, it is the product you are delivering to the client.
- It should be organized, professional and will be clearly understood.
- Proofread your report.
- Double check if the necessary screenshots and proof files are present and correct.
- We do not accept changes or updates to submitted reports.
- After uploading your report, upload.offsec.com will provide the MD5 hash of your report.
- Compare MD5 hash of the uploaded file with your local copy.
- If the values do not match, your file did not upload successfully.
- What to Expect From the New OSCP Exam
- OSCP Exam Change
- PEN-200 Reporting Requirements
- OSCP Exam Guide
- Important information about exam scheduling in the Training Library
- Proctoring Tool Student Manual
|What Do You Need?||Students|
|VPN connectivity issues||https://chat.offensive-security.com/ or email email@example.com|
|Exam machine testing|
|Non-technical exam related firstname.lastname@example.org|